GENERAL SUMMARY AND SCOPE
The privacy officer oversees all ongoing activities related to the development, implementation, maintenance of, and adherence to the organization’s policies and procedures covering the privacy of, and access to, patient health information in compliance with federal and state laws and the healthcare organization’s information privacy practices.
ACE OF HEARTS PLEDGE
The employee will demonstrate the ACE of Hearts Pledge, which involves being an accountable and collaborative team member; treating patients, families, and co-workers with dignity and respect; and ensuring that empathy and compassion are the basis for interactions with all those served.
ESSENTIAL TASKS, DUTIES AND RESPONSIBILITIES
Provides development guidance and assists in the identification, implementation, maintenance, and management of Health Systems information privacy policies and procedures in coordination with organization management and administration, the HIPAA Advisory Committee, and legal counsel.
Works with the organization’s senior management and corporate compliance officer to establish an organization-wide HIPAA Advisory Committee.
Serves in a leadership role for the HIPAA Advisory Committee’s activities.
Performs initial and periodic information privacy risk assessments and conducts related ongoing compliance monitoring activities in coordination with the organizations other compliance and operational assessment functions.
Works with legal counsel and management, key departments, and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
Oversees, directs, delivers, or ensures delivery of initial and privacy training and orientation to all employees, volunteers, medical and professional staff, contractors, alliances, business associates, and other appropriate third parties.
Participates in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
Establishes with management and operations a mechanism to track access to protected health information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
Works cooperatively with the HIM Director and other applicable organization units in overseeing patient rights to inspect, amend, and restrict access to protected health information when appropriate.
Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel.
Ensures compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organization’s workforce, extended workforce, and for all business associates, in cooperation with Human Resources, the information security officer, administration, and legal counsel as applicable.
Initiates, facilitates and promotes activities to foster information privacy awareness within the organization and related entities.
Serves as the information privacy liaison for users of clinical and administrative systems.
Reviews all system-related information security plans throughout the organization’s network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department.
Works with all organization personnel involved with any aspect of release of protected health information, to ensure full coordination and cooperation under the organization’s policies and procedures and legal requirements
Maintains current knowledge of applicable federal and state privacy laws and accreditation standards, and monitors advancements in information privacy technologies to ensure organizational adaptation and compliance.
Serves as information privacy consultant to the organization for all departments and appropriate entities.
Cooperates with the Office of Civil Rights, other legal entities, and organization officers in any compliance reviews or investigations.
Works with organization administration, legal counsel, and other related parties to represent the organization’s information privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standard.
KNOWLEDGE, SKILLS AND ABILITIES
Bachelor’s degree in Healthcare, Business Administration, or related field or equivalent work experience, Master’s degree preferred.
Working knowledge and experience with HIPAA and state privacy laws.
Working knowledge and experience including auditing, monitoring and/or compliance/privacy management.
Professional compliance designation preferred or secured within 24 months, such as Associate Compliance Professional, Certified Compliance Professional, or Certified in Healthcare Privacy Compliance preferred.
Knowledge and experience in information privacy laws, access, release of information, and release control technologies required.
Knowledge in and the ability to apply the principles of HIM, project management, and change management.
Demonstrated organization, facilitation, communication, and presentation skills.
Ability to project a positive impression of the Health System at all times.
Ability to communicate effectively, in both written and oral form, with management, staff and outside agencies.
Familiarity with two or more of the following is required: Excel, SQL, McKesson, Microsoft Word, Meditech, FoxPro or the equivalent.
Ability to work in a safe and efficient manner and maintain an accident free work place, including ability to demonstrate a working knowledge of Medical Center emergency codes.
Ability to comply with OSHA regulations and CDC standard and transmission based precaution recommendations and to utilize proper personal protective equipment. Ability to comply with provisions of applicable S.D.S. forms.
Successful completion of a 180-day get-acquainted period.
Location/Region: Sandusky, OH (US)