Health Info Privacy Spec

Covenant HealthKnoxville, TN
Onsite

About The Position

The Health Information Privacy Specialist, within the Centralized Privacy department, is a full-time position responsible for problem-solving issues related to privacy complaints, investigations, misdirected faxes, amendment and correction of records, and more complicated release of information concerns (e.g., decedents, POAs, health oversight). This role also involves access and audit trail monitoring, participating in environment of care rounds/risk assessment rounds to ensure proper privacy and security protections, and providing training and education on privacy and confidentiality to hospital/facility system users, including physicians and ancillary staff. The specialist analyzes information and audit trails to ensure privacy protections are in place and policies/regulations are followed, playing a key role in maintaining the integrity of health information data.

Requirements

  • Minimum Education: Any combination of formal education and/or prior work experience sufficient to demonstrate possession of the knowledge, skill, and ability needed to perform the essential tasks of the job, typically equivalent to an Associate's degree.
  • Minimum Experience: A minimum of four (4) years of directly-related work experience with emphasis on technology and management.

Nice To Haves

  • Preference may be given to individuals possessing an Associate's degree or higher in a directly-related field from an accredited college or university (e.g., AS in Health Information Technology or BS in Health Information Administration).
  • Certification in Healthcare Privacy and Security (CHPS), Certified Compliance Professional (CCP), Certified in Healthcare Compliance (CHC), Registered Health Information Technician (RHIT) or Registered Health Information Administrator (RHIA) preferred.

Responsibilities

  • Exercises independent judgment in case investigation and interviews to determine whether or not a valid privacy concern has occurred, including the who, what, when, where, how, and why.
  • Works closely with management to analyze problems, including examining systems and processes for prevention and mitigation.
  • Consults with human resources, management, and the Integrity Compliance Officer on disciplinary actions, including individual trending and monitoring for future information access capabilities/restrictions.
  • Interacts with physicians and their office staff on privacy concerns and resolutions.
  • Responsible for memorializing detailed case documentation to support findings and actions, which may be utilized in future audit or defense response.
  • Travels to various Covenant Health facilities to investigate, interview, educate, and monitor privacy activities, often with little advance notice.
  • Serves as first-line consultant for PHI storage, retention, destruction, and access issues.
  • Assists with accessing secure flash drives, monitoring unsecured emails, and electronic transfer or storage of PHI/PII.
  • Performs basic HIPAA Risk Assessment for PHI risk exposure and security issues with walk-through analysis and provides reports to leadership for corrective actions.
  • Evaluates privacy cases by completing HIPAA Risk Assessment to assess for Low Probability of Compromises (non-reportable breaches) and escalates to legal counsel with discussion of any cases that are questionable or above low probability of compromise (reportable breaches).
  • Monitors and approves HIPAA Business Associate Agreements (BAAs) with vendors for standard agreements and consults legal counsel on any changes, questions, or unusual BAA items for advice and follows through to resolution.
  • Captures and maintains PHI inventory of non-IT supported electronic devices (eDevice assets) for systems that collect, use, store, share, and dispose of PHI (in its life cycle) to protect against breach.
  • Assures facility staff maintains patient confidentiality and follows all policies and procedures related to privacy, confidentiality, and release of information.
  • Provides problem determination by understanding all aspects of privacy.
  • Communicates clearly with the Integrity Office and other support staff to ensure that any problems are clearly identified and troubleshoots as appropriate.
  • Monitors the verification and certification of proper access and proper release of health information.
  • Ensures role-based / need-to-know accesses, such as with hospital/facility staff or physician offices.
  • Monitors audit reports to ensure proper access of records for the purpose of preserving data integrity and for proper accessibility, such as electronic HIM (eHIM) access via daily monitoring of access reports (like Sovera Optical Imaging access reports) and more complex release of information issues (like with decedents or legal representative/POAs or health oversight surveyors).
  • Conducts training classes for privacy, security, and confidentiality for various individuals.
  • In-services new employees, volunteers, students, vendors, physician’s offices, and other individuals, as needed.
  • Informs staff of any procedural changes involved.
  • Provides training to physicians and other hospital personnel.
  • Regularly orients and trains physicians to privacy and works with them to learn record completion/amendments & corrections via various applications.
  • Serves as central contact and liaison between the hospital/facility and the I&C staff, vendors, various support staff, and others for the purposes of privacy/security improvements and enhancements.
  • Responds to patient concerns and complaints regarding privacy policies and procedures, working with various others to assure that appropriate actions are taken to resolve such problems.
  • Serves as initial contact between ancillary departments and Director of Privacy/I&C office in identifying and troubleshooting privacy issues and questions.
  • Completes Accounting of Disclosure database entries and Risk Assessments for privacy cases.
  • Monitors, investigates, and problem-solves privacy/release of information concerns, such as mis-directed faxes, inappropriate accesses, HIPAA amendment of records, Identity Theft, audit trail monitoring, and routine privacy concern investigations.
  • Audits and monitors system access in the imaging & other various electronic record systems for appropriateness.
  • Helps ensure that proper system security is in place to protect access and confidentiality.
  • Solves problems in the hospital/facility relative to information privacy and protections, including looking at problems over time and trending to identify causes.
  • Coordinates meetings with ancillary departments, as necessary, to resolve identified problems.
  • Completes follow-up to ensure suggested results in the desired outcomes, working closely with physicians, nursing personnel, and other system users to resolve issues.
  • Enhances professional growth and development through participation in educational programs, current literature, in-service meetings, and workshops.
  • Participates in health information protections by attending meetings and serving on committees as required, such as the system Privacy Officers Committee.
  • Attends various meetings as required.
  • Participates on and/or leads teams and/or committees as required.
  • Serves as committee member on various committees.
  • Records and distributes meeting minutes as required.
  • Has good general knowledge of all other systems utilized in the facility for problem-solving and management purposes.
  • Performs other related duties as assigned or requested.

Benefits

  • Health insurance
  • Dental insurance
  • Vision insurance
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service