- Develops, initiates, maintains, and revises policies and procedures for the general operation of the Compliance Program and its related activities to prevent illegal, unethical, or improper conduct. Manages day-to-day operation of the Program.
- Develops and periodically reviews and updates Standards of Conduct to ensure continuing currency and relevance in providing guidance to management and employees.
- Responds to alleged violations of rules, regulations, policies, procedures, and Standards of Conduct by evaluating or recommending the initiation of investigative procedures. Develops and oversees a system for uniform handling of such violations. Acts as an independent review and evaluation body to ensure that compliance Issues/concerns within the organization are being appropriately evaluated, investigated and resolved. Provides reports on a regular basis.
- Monitors and, as necessary, coordinates compliance activities of other departments to remain abreast of the status of all compliance activities and to identify trends; identifies potential areas of compliance vulnerability and risk; develops/implements corrective action plans for resolution of problematic issues, and provides general guidance on how to avoid or deal with similar situations in the future and ensures proper reporting of violations or potential violations to duly authorized enforcement agencies as appropriate and/or required.
- Institutes and maintains an effective compliance communication program for the organization, including promoting (a) use of the Compliance Hotline; (b) heightened awareness of Standards of Conduct, and (c) understanding of new and existing compliance issues and related policies and procedures.
- Works with the Human Resources and Training Departments, and others as appropriate, to develop an effective compliance training program, including appropriate introductory training for new employees as well as ongoing training for all employees.
- Other duties as assigned.
- Provides development guidance and assists in the identification, implementation, and maintenance of organization information privacy policies and procedures and ensures the organization has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices.
- Performs initial and periodic information privacy risk assessments and conducts related ongoing compliance monitoring activities.
- Oversees, directs, delivers, or ensures delivery of initial privacy training and orientation to all employees, volunteers, medical and professional staff, contractors, alliances, and other appropriate third parties. Initiates, facilitates and promotes initiatives to foster information privacy awareness within the organization and related entities.
- Establishes with management and operations a mechanism to track access to protected health information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
- Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization's privacy policies and procedures. Ensures compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies.
- Reviews all system-related information security plans throughout the organization's network to ensure alignment between security and privacy practices, and acts as a liaison to the information technology department.
- Works with all organization personnel involved with any aspect of release of protected health information, as outlined in the Health Insurance Portability and Accountability Act (HIPAA), to ensure full coordination and cooperation under the organization's policies and procedures and legal requirements.
- Maintains current knowledge of applicable federal and state privacy laws and accreditation standards, and monitors advancements, in coordination with the organization’s Chief Information Officer, in information privacy technologies to ensure organizational adaptation and compliance.
- Works with administration, legal counsel, and other related parties to represent the organization's information privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standard or in any compliance reviews or investigations.
- Other duties as assigned.
EDUCATION AND EXPERIENCE
A Bachelor’s degreerequired; Master’s or law degreepreferred. A minimum of 10 years experience in a healthcare organization or equivalent administrative experience to include demonstrated leadership. Familiarity with operational, financial, quality assurance, policy and human resource procedures and regulations. Must have high level of interpersonal skills to handle sensitive and confidential situations. Excellent oral and written skills. Independent judgment is required to plan, prioritize, and organize diversified workload. Ability to deal with individuals from all levels of the organization in a professional manner.