The Assigned Security Responsibility Standard has no implementation specification, but it is a required standard. A single individual must be designated as having overall responsibility for the security of a covered entity's EPHI. This is one of the very first steps a covered entity should take to prepare to meet the HIPAA regulations. This HIPAA Security Officer needs complete support from Management to validate his/her authority to put controls in place and in writing and enforcing appropriate policies and procedures.