- Develop, direct and oversee system wide privacy initiatives and projects per the OCI Work Plan, developing strong working relationships with system management and employees.
- Responsible for day-to-day oversight of privacy activities and investigations across the system.
- Responsible for the integrity of the privacy incident reporting system and investigation database and all related data and content.
- Identify additional system wide risks and project needs to incorporate into the Work Plan each year. Identify needed resources and plans to effectively implement these initiatives.
- Develop, implement, promote and maintain privacy policies and procedures relevant to the system.
- Oversee development and delivery of privacy and security training, orientation, and education programs for all HHC employees, volunteers, and affiliated providers.
- In collaboration with the HHC Legal Department, investigates, as appropriate and necessary, alleged inappropriate activities of employees and other related parties and oversees all HHC privacy investigations, reporting on investigative results.
- When required, performs a risk assessment consistent with the HIPAA Breach Notification Rule to determine whether there is greater than a low probability of compromise in the event of an impermissible use of disclosure of protected health information.
- In the event of a Breach, coordinates all notification requirements consistent with the HIPAA Breach Notification Rule and applicable state law.
- Oversee internal and external monitoring, reviews and auditing procedures related to detecting potential non-compliance. In instances of non-compliance, recommends a solution and follows up to promote appropriate and timely corrective actions are taken.
- Responsible for coordinating with the HHC Legal Department to provide prompt cooperation and appropriate responses to the Office of Civil Rights, Attorney General’s Office, or other legal entities, and organization officers in all privacy reviews or investigations.
- Has access to all documents, staff, meetings and other information that are relevant to privacy activities.
- Prepares reports summarizing privacy activities as needed, to share with leadership and the Audit and Compliance Committee of the Board.
- Participates and provides guidance to HHC committees and work groups addressing privacy related subject matter.
- Maintain current knowledge of applicable federal and state privacy and other regulations and accreditation standards, and monitor advances in information privacy technologies and changes in regulations to ensure organizational adaptation and compliance.
- Participate in outside healthcare compliance and privacy organizations to stay abreast of privacy developments and best practices within the industry.
- Actively participate in departmental and team meetings.
- Strive to continually improve the Compliance, Audit and Privacy program.
- Responsible for supervision, staff development and training of privacy staff positions.
- Develop personal and departmental goals and objectives consistent with those of HHC in conjunction with the VP OCI and with input from leadership.
This Job Reports To: Vice President, Office of Compliance and Integrity. There are 2 direct reports.
- Minimum of ten years’ experience in healthcare privacy. Knowledge of health care compliance programs and guidance and health care privacy and security laws required.
- Masters or other advanced degreerequired with coursework in business administration or health care administration required.
- Certification in privacy and prior experience in healthcare privacy, Healthcare Privacy Officer, or Healthcare Privacy Consultant required.
- Minimum five years of health care industry experience, or ten years in lieu of masters or other advanced degree.
Licensure, Certification, Registration: J.D. degree preferred. Privacy or health information certifications (e.g., CHPC, CIPP, CHPC, RHIA, RHIT, CHP) preferred.
Knowledge, Skills and Ability Requirements:
- Demonstrated leadership skills and effectiveness. Ability to research and interpret regulatory requirements and coordinate and monitor internal responses to complaints, audits and investigations.
- Demonstrated organization, facilitation, communication and presentation skills.
- Ability to prioritize, plan and work independently.
- Ability to analyze complex problems and develop effective solutions for correction. Regularly exercises independent judgment in solving day-to-day privacy matters.
- Ability to interact and build relationships with all levels of staff.
- Ability to effectively work with and coordinate the activities of outside consultants and legal counsel.
- Ability and skills to influence personnel through a matrix organization as opposed to line management authority.
- High level of integrity and trust.
- Ability to effectively manage, motivate, and develop staff.
- Keeps actively informed on the business climate of the healthcare industry.