Accreditation Standards, Behavioral Health, Communication Skills, Computer Security, Corporate Compliance, Data Analysis, Department of Health and Human Services, Federal Laws and Regulations, HIPAA (Health Insurance Portability and Accountability Act), Health Information Management, Healthcare, Human Resources, Information Technology & Information Systems, Information/Data Security (InfoSec), Investigative Reports, Legal, Local Government, Maintain Compliance, Medical Records, Operational Audit, Operations, Operations Management, Outpatient Care, Patient Confidentiality, Patient Rights, Policy Implementation, Presentation/Verbal Skills, Privacy Controls, Privacy Regulations, Problem Solving Skills, Registered Health Information Administrator (RHIA), Registered Health Information Technician (RHIT), Regulations, Risk Analysis, Risk Management, State Government, State Laws and Regulations, Team Player, Willing to Travel, Writing Skills
Privacy Officer
The enterprise Privacy Officer is responsible for the organization's Privacy Program including but not limited to daily operations of the program, development, implementation, and maintenance of policies and procedures, monitoring privacy program compliance, investigationand tracking of privacy incidents and breaches, and ensuring patients' rights in compliance with federal and state laws.
Responsibilities: The ideal candidate must be able to perform the following essential job functions with or without reasonable accommodations.
- Builds a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of protected health information (PHI), paper and/or electronic, across all media types.
- Ensures privacy forms, policies, standards, and procedures are up-to-date.
- Works with operational management, IT security, legal and corporate compliance staff to establish governance and authority for the privacy program.
- Collaborates with the Security Officer to ensure alignment between security and privacy compliance programs including policies, practices, investigations, and acts as a liaison to the information systems department.
- Establishes, with the Compliance Investigations Manager, an ongoing process to track, investigate and report inappropriate access and disclosure of protected health information. Monitor patterns of inappropriate use and/or disclosure of protected health information.
- Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation and remediation.
- Conducts related ongoing privacy rule compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.
- Takes a lead role to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organization and legal practices an requirements.
- Oversees, develops and delivers initial and ongoing privacy training to the workforce.
- Participates in the development, implementation, and ongoing compliance monitoring of all business associates and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
- Works cooperatively with the Health Information Management (HIM) Director and other applicable organizational units in overseeing patient rights to inspect, amend, and restrict access to protected health information when appropriate.
- Manages all required breach determination and notification processed under HIPAA and applicable State breach rules and requirements.
- Performs required breach risk assessment, documentation, and mitigation. Works with Human Resources to ensure consistent application of sanctions for privacy violations. Initiates, facilitates and promotes activities to foster information privacy awareness within the organization and related entities.
- Maintains current knowledge of applicable federal and state privacy laws and accreditation standards.
- Works with the Chief of Compliance Officer, organization administration, and other related parties to represent the organization's information privacy interest with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standard.
- Cooperates with the U.S. Department of Health and Human Service's Office for Civil Rights, State regulators and/or other legal entities in any compliance reviews or investigations.
- Serves as information privacy resource to the organization regarding release of information and to all departments for all privacy related issues.
Required Qualifications, Skills, and Knowledge:
- Baccalaureate degree in Health Information and Management or a related healthcare filed.
- Extensive familiarity and experience with federal and state health care relevant legislation and standards for the protection of health information and patient privacy, including but not limited to HIPAA.
- Knowledge and experience in privacy investigation, breach assessment and breach notification.
- Outpatient and/or community-based behavioral health care experience (clinical, operational, or health information management) is preferred.
- Privacy certification such as Certified in Healthcare Privacy Compliance (CHPC), Certified in Healthcare Privacy and Security (CHPS), and/or other healthcare industry related credential (e.g. RHIA, RHIT) is preferred.
Additional Requirements:
- A high level of integrity and trust.
- Demonstrated skills in collaboration, teamwork, and problem-solving to achieve goals.
- Demonstrated skills in providing excellent service and support to organizational stakeholders.
- Demonstrated organization, facilitation, presentation, and verbal/written communication skills.
- Potential travel requirements of up to 10% of scheduled work time.
Working Conditions: Centria's office hours are Monday through Friday from 8:30am-6:00pm. Additional time may be required to complete above work or meet company objectives.
Physical Requirements: While performing the duties of this job, physical requirements such as bending, reaching and lifting of up to 50 pounds may be required. This role will require sitting a majority of the day as well as walking as standing when needed. This role will require close visual activity on multiple computer screens or monitors and the ability to analyze data and figures on a screen.
The above list reflects the essential functions and other job functions considered necessary of the job identified and shall not be construed as a detailed description of all work requirements that may be inherent in the job or assigned by supervisory personnel. The essential functions are used as a guide only and not inclusive of responsibilities and job duties.
All applicants receive consideration of employment without regard to race, color, creed, religion, age, sex, national origin, ancestry, disability, veteran status, size, height, weight, marital status, family status, gender identity or expression, or sexual orientation, genetic information, or any other legally protected status.
C
Community Mental Health Partnership of Southeast Michigan