The Privacy Officer is a director level employee at the corporate office who provides overall leadership and management with division privacy and security officers on the Company’s compliance with HIPAA’s Privacy Regulations.
DUTIES AND RESPONSIBILITIES
The Privacy Officer is responsible for establishing a “culture” of privacy compliance within the Company. The Privacy Officer must be competent to lead the management of all privacy related issues as they occur in a variety of circumstances. Accordingly, the Privacy Officer’s role may expand upon unforeseen events. Set forth below are examples of some specific duties of the Privacy Officer:
- Develop annual HIPAA work plan and provide leadership and set the agenda for privacy programs and policies;
- Serve as the organization resource on the federal and state laws and regulations that govern the privacy and security programs and practices of the Company;
- Initiate and cultivate relationships with division privacy and security officers to effectively manage, document and report on the Company’s privacy practices through audits and investigations when necessary;
- Act as a liaison with governmental, regulatory, accrediting and other agencies with respect to privacy issues;
- Addressing information systems issues relating to the privacy of patient information and developing appropriate policies and procedures to meet business needs in compliance with laws and regulations;
- Develop administrative, and management procedures to track business associates who will have access to patient information and ensuring that the Company and divisions enter into business associate agreements appropriately;
- Develop, update, and implement training, awareness, and reminder programs to address privacy and securityrisks, raise staff knowledge, and minimize risk;
- Guide, track and report on disciplinary and other corrective action procedures to assure that privacy policies are followed;
- Reporting on the privacy compliance efforts of the Company to the committees or Board in order to assist in the planning, design and evaluation of effective privacy initiatives;
- Providing strategic guidance to the Company regarding the privacy issues involved in purchases related to information technology;
- Guide division privacy officers in responding to alleged violations of the Privacy Regulations and/or the Company’s privacy policies and procedures, including but not limited to, reporting and preparing notifications for breaches;
- Guide division privacy officers in responding to alleged violations of business associate agreements by the Company’s business associates;
- Develop and administrate a privacy and securityrisk assessment program in partnership with the Corporate Security Officer including program management and documentation in the compliance management system;
- Developing, reviewing, and updating the policies and procedures regarding the overall management of patient information within the Company.
Self-motivated person who can understand privacy laws and regulations and develop appropriate application in the Company’s business environment.
Excellent interpersonal, verbal and written communication skills to communicate in clear and concise language to internal and external stakeholders.
Develop and deliver compelling presentations to a wide variety of audiences that influence organization behavior.
Highly proficient skills in the use of standard software tools (Outlook Suite), as well as ability to learn a variety of company systems that impact your role.
5+ years direct experience in healthcare privacy management, with demonstrated knowledge of federal and state privacy laws, healthcare business operations, and information systems.
Bachelor’s degree (required) Masters or Doctor of Jurisprudence desired.
Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), Certified in Healthcare Privacy Compliance (CHPC) or equivalent.