{"id":752,"date":"2023-10-25T11:31:01","date_gmt":"2023-10-25T18:31:01","guid":{"rendered":"https:\/\/www.cdcr.ca.gov\/hcdom\/?post_type=dom&#038;p=752"},"modified":"2025-09-17T12:47:16","modified_gmt":"2025-09-17T19:47:16","slug":"2-2-17-administrative-requirements-for-privacy-and-security-officials","status":"publish","type":"dom","link":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-17-administrative-requirements-for-privacy-and-security-officials\/","title":{"rendered":"2.2.17 Administrative Requirements for Privacy and Security Officials"},"content":{"rendered":"\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Policy<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>California Correctional Health Care Services (CCHCS) shall develop and maintain an entity-wide information security, privacy, and risk management strategy and program to support health information privacy and security compliance as required by federal and state privacy and security laws.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Purpose<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>To define specific workforce roles related to privacy and security and outline those roles in duty statements to ensure privacy and security policies and procedures are developed, implemented, monitored, and maintained.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Responsibility<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>The CCHCS Chief Privacy Officer (CPO) and Chief Information Security Officer (CISO) are responsible for the implementation, monitoring, and maintenance of this policy.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>CCHCS Workforce Staffing Roles<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>CCHCS Chief Privacy Officer<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CPO shall ensure compliance with CCHCS\u2019s policies and procedures relating to privacy. Responsibilities include, but are not limited to:<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Assisting in the development and implementation of privacy policies and procedures.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Monitoring compliance with privacy policies and procedures pursuant to applicable federal and state privacy laws, standards, and industry best practices.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Performing ongoing compliance monitoring activities including initial and periodic information privacy risk assessments or analyses and implementing mitigation and remediation efforts.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Working with legal counsel and management to ensure forms, authorizations, and notices are current.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Assisting with, coordinating, and supporting departmental tracking of workforce member access to health information as needed for Privacy Office operations.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Developing, revising, and monitoring compliance with Privacy Awareness Training and ensuring that all users who have access to CCHCS data complete training before being provisioned and annually thereafter.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Monitoring patients\u2019 rights to access, amend, and restrict access to their health information.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensuring a process for addressing complaints on privacy policies and procedures, including complaints on denial of access to health information and responding to privacy questions and issues.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Coordinating control activities with the CISO.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Conducting fact-finding for reported information security incidents, making breach determinations, and issuing notifications required by the Health Insurance Portability and Accountability Act (HIPAA) and applicable state law and policy.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Coordinating with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), Center for Data Insights and Innovation (CDII), state regulators, and other oversight entities in compliance reviews and investigations.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Coordinating with the CISO to recommend sanctions for privacy violations.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Coordinating with the CISO and contracting units in the development, implementation, and ongoing compliance monitoring of business associates (BA) and business associate agreements (BAA) to ensure privacy concerns, requirements, and responsibilities are addressed.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Identifying a point of contact by name, title, or office and telephone number in any notice describing how a patient\u2019s health information may be used and disclosed, and how the patient may access their information, including the designated contact person or office that is responsible for receiving privacy-related complaints and providing additional information about the content of the privacy notice.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>CCHCS Chief Information Security Officer<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CCHCS CISO shall ensure compliance with CCHCS\u2019 policies and procedures relating to information security. \u00a0Responsibilities include, but are not limited to:<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Building a strategic and comprehensive information security program that defines, develops, maintains, and implements policies and processes that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality, and availability of information that is owned, controlled, or processed within the organization. \u00a0<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensuring information security policies, standards, and procedures are up-to-date with applicable federal and state information security laws, licensing and certification requirements and accreditation standards.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Initiating, facilitating, and promoting activities to foster information security awareness within the organization.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Creating a culture of cyber security with information technology to drive behavioral change within the organization.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Evaluating security trends, evolving threats, risks, and vulnerabilities and applying tools to mitigate risk as necessary.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Managing security incidents and events involving electronic health information.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensuring that the technology recovery, business continuity, risk management, and access control needs of the organization are addressed.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensuring the organization complies with the administrative, technical, and physical safeguards.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Working closely with the CPO to ensure alignment between security and privacy compliance programs, including policies, practices, and investigations, and assisting with reporting to oversight agencies. \u00a0\u00a0\u00a0<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Performing and analyzing initial and periodic information security risk assessments and implementing mitigation and remediation.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Developing and implementing information security risk management plans.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensuring the organization has audit controls to monitor activity on electronic systems that contain or use electronic protected health information.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Overseeing periodic monitoring and reviewing of audit records to ensure the appropriateness of system activity, including, but not limited to, logons and logoffs, file accesses, updates, edits, and printing.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensuring the organization has and maintains an appropriate system use and disclosure and confidentiality statement.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Overseeing, developing, and delivering initial and ongoing security training to the workforce.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Participating in the development, implementation, and ongoing compliance monitoring of BAs and BAAs, to ensure security concerns, requirements, and responsibilities are addressed.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Assisting the CPO as needed with breach determination and notification processes under HIPAA and applicable state breach rules and requirements.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Establishing and administering a process for investigating and acting on security incidents which may result in a privacy breach.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Partnering with the CPO to recommend sanctions for information security violations.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Cooperating with the HHS OCR, CDII, state regulators, and other legal entities, organizations, or officers in any compliance reviews or investigations.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p><strong>References<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart C, Section 164.308 &#8211; Administrative Safeguards<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, Section 164.520 &#8211; Notice of Privacy Practices for Protected Health Information<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, Section 164.530 &#8211; Administrative Requirements<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Health Care Department Operations Manual, Section 2.2.9 Business Associate Use and Disclosure of Protected Health Information<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Health Care Department Operations Manual, Section 5.3.25 Security and Privacy Awareness Training<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual 5305.3, Information Security Roles and Responsibilities<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual 5305.5, Information Asset Management<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual 5310, Privacy<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Statewide Health Information Policy Manual, Section 5.3.1, Notice of Privacy Practices<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Statewide Health Information Policy Manual, Section 4.1.4, Staffing: Privacy Official, Security Official<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p><strong>Revision History<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>Effective: 10\/23\/2023<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>Reviewed: 09\/09\/2025<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\t<\/ul>\n\t","protected":false},"parent":89,"template":"","class_list":["post-752","dom","type-dom","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>2.2.17 Administrative Requirements for Privacy and Security Officials - Health Care Department Operations Manual (HCDOM)<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"2.2.17 Administrative Requirements for Privacy and Security Officials - Health Care Department Operations Manual (HCDOM)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-17-administrative-requirements-for-privacy-and-security-officials\/\" \/>\n<meta property=\"og:site_name\" content=\"Health Care Department Operations Manual (HCDOM)\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-17T19:47:16+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-2-patients-entitlements-and-responsibilities\\\/article-2-confidentiality-and-privacy\\\/2-2-17-administrative-requirements-for-privacy-and-security-officials\\\/\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-2-patients-entitlements-and-responsibilities\\\/article-2-confidentiality-and-privacy\\\/2-2-17-administrative-requirements-for-privacy-and-security-officials\\\/\",\"name\":\"2.2.17 Administrative Requirements for Privacy and Security Officials - Health Care Department Operations Manual (HCDOM)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#website\"},\"datePublished\":\"2023-10-25T18:31:01+00:00\",\"dateModified\":\"2025-09-17T19:47:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-2-patients-entitlements-and-responsibilities\\\/article-2-confidentiality-and-privacy\\\/2-2-17-administrative-requirements-for-privacy-and-security-officials\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-2-patients-entitlements-and-responsibilities\\\/article-2-confidentiality-and-privacy\\\/2-2-17-administrative-requirements-for-privacy-and-security-officials\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-2-patients-entitlements-and-responsibilities\\\/article-2-confidentiality-and-privacy\\\/2-2-17-administrative-requirements-for-privacy-and-security-officials\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HCDOM\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Chapter 2 &#8211; Patients&#8217; Entitlements and Responsibilities\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-2-patients-entitlements-and-responsibilities\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Article 2 \u2013 Confidentiality and Privacy\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-2-patients-entitlements-and-responsibilities\\\/article-2-confidentiality-and-privacy\\\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"2.2.17 Administrative Requirements for Privacy and Security Officials\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#website\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/\",\"name\":\"Health Care Department Operations Manual\",\"description\":\"CCHCS\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#organization\",\"name\":\"Health Care Department Operations Manual\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/wp-content\\\/uploads\\\/sites\\\/207\\\/2023\\\/08\\\/cropped-cdcr-cchcs-logos-512.png\",\"contentUrl\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/wp-content\\\/uploads\\\/sites\\\/207\\\/2023\\\/08\\\/cropped-cdcr-cchcs-logos-512.png\",\"width\":82,\"height\":82,\"caption\":\"Health Care Department Operations Manual\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"2.2.17 Administrative Requirements for Privacy and Security Officials - Health Care Department Operations Manual (HCDOM)","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"2.2.17 Administrative Requirements for Privacy and Security Officials - Health Care Department Operations Manual (HCDOM)","og_url":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-17-administrative-requirements-for-privacy-and-security-officials\/","og_site_name":"Health Care Department Operations Manual (HCDOM)","article_modified_time":"2025-09-17T19:47:16+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-17-administrative-requirements-for-privacy-and-security-officials\/","url":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-17-administrative-requirements-for-privacy-and-security-officials\/","name":"2.2.17 Administrative Requirements for Privacy and Security Officials - Health Care Department Operations Manual (HCDOM)","isPartOf":{"@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#website"},"datePublished":"2023-10-25T18:31:01+00:00","dateModified":"2025-09-17T19:47:16+00:00","breadcrumb":{"@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-17-administrative-requirements-for-privacy-and-security-officials\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-17-administrative-requirements-for-privacy-and-security-officials\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-17-administrative-requirements-for-privacy-and-security-officials\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cdcr.ca.gov\/hcdom\/"},{"@type":"ListItem","position":2,"name":"HCDOM","item":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/"},{"@type":"ListItem","position":3,"name":"Chapter 2 &#8211; Patients&#8217; Entitlements and Responsibilities","item":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/"},{"@type":"ListItem","position":4,"name":"Article 2 \u2013 Confidentiality and Privacy","item":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/"},{"@type":"ListItem","position":5,"name":"2.2.17 Administrative Requirements for Privacy and Security Officials"}]},{"@type":"WebSite","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#website","url":"https:\/\/www.cdcr.ca.gov\/hcdom\/","name":"Health Care Department Operations Manual","description":"CCHCS","publisher":{"@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cdcr.ca.gov\/hcdom\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#organization","name":"Health Care Department Operations Manual","url":"https:\/\/www.cdcr.ca.gov\/hcdom\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#\/schema\/logo\/image\/","url":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-content\/uploads\/sites\/207\/2023\/08\/cropped-cdcr-cchcs-logos-512.png","contentUrl":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-content\/uploads\/sites\/207\/2023\/08\/cropped-cdcr-cchcs-logos-512.png","width":82,"height":82,"caption":"Health Care Department Operations Manual"},"image":{"@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#\/schema\/logo\/image\/"}}]}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Health Care Department Operations Manual (HCDOM)","distributor_original_site_url":"https:\/\/www.cdcr.ca.gov\/hcdom","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom\/752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom"}],"about":[{"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/types\/dom"}],"version-history":[{"count":4,"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom\/752\/revisions"}],"predecessor-version":[{"id":3327,"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom\/752\/revisions\/3327"}],"up":[{"embeddable":true,"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom\/89"}],"wp:attachment":[{"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/media?parent=752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}