Sr Privacy Officer

About The Position

Requirements

• Bachelor's degree and 4 years of healthcare administration, information systems, compliance, auditing or related experience required
• Or equivalent combination of education and experience

Nice To Haves

• Nationally recognized certification in health information management upon hire preferred

Responsibilities

• Interprets Health Insurance Portability and Accountability Act (HIPAA) privacy regulations together with state and other federal laws regarding confidentiality of protected health information (PHI).
• Develops and advises on entity-specific relevant policies related to privacy and confidentiality of patient information.
• Collaborates and contributes with Chief Privacy Officer to identify, develop, implement and maintain system-wide privacy policies and procedures.
• Coordinates with and keeps senior leadership apprised of areas of responsibility as appropriate.
• Ensures entity-specific policies and procedures are updated in accordance with policies.
• Receives, documents, tracks, investigates and takes action on patient, family and workforce member initiated privacy complaints and breaches.
• Meets or discusses with patients and families about privacy complaints, which can often be of a highly sensitive nature.
• Defuses upset patients and contains the situation internally.
• Oversees development of correctional plans or process changes and remediation after issue has been investigated.
• Coordinates and recommends consistent application of sanctions of workforce members and business associates in cooperation with appropriate Human Resource Business Partner, Medical Director, Office of Counsel, and Dean for Graduate Medical Education, etc. as appropriate.
• Responsible for maintaining appropriate breach notification risk assessments, files, documentation, etc.
• Apprises and involves Chief Privacy Officer if/when appropriate.
• Performs ongoing audit reviews and monitoring of activities, requiring knowledge of electronic medical record systems and in-depth understanding of auditing tools to ensure compliance with federal privacy regulations and policies.
• Implements and oversees development of corrective action plans and required procedural changes in response to violations of privacy policies and practices.
• Apprises and involves Chief Privacy Officer and senior leadership if/when appropriate of issues, concerns and progress in dealing with privacy related issues affecting the organization.
• Serves as consultant and/or subject matter expert in organizational privacy activities, such as health system-wide Privacy Workgroup, Privacy Officer Committee, Regional HIPAA Group, Research Committees, Policy Management Team and other committees, as appropriate.
• Serves as advisor on HIPAA to Institutional Review Board as required.
• Maintains current knowledge of privacy guidelines as they pertain to research to ensure compliance with research guidelines and regulations.
• Ensures areas of responsibility utilize and maintain appropriate privacy authorizations, consents, notices and materials reflecting organization privacy practices and legal requirements.
• Reviews and negotiates terms of business associate agreement contracts for vendors who perform a function of a business associate as defined in the privacy regulation for areas of responsibility.
• Serves as liaison with Forms Management vendor.
• Develops content for mandated privacy training of workforce members.
• Oversees and ensures delivery of privacy training and orientation to employees, physicians and other workforce members in entity/entities of responsibility.
• Keeps workforce current with updates, changes and necessary information as they relate to privacy issues.
• Authors and publishes privacy materials on intranet for ongoing knowledge and awareness of privacy.
• Ensures adherence to patient rights as mandated under HIPAA regulations, including inspections, receipt of copies, amendments to patient health and billing records, restrictions of disclosures, requesting confidential communications and receiving disclosure tracking reports of access to protected health information.
• Works closely with the Health Information Management Department and other appropriate parties to manage patient rights in the Privacy Rule.
• Acts as resource to staff supporting various clinical information systems, including recommending and terminating user access, documentation and advising on provision of access.
• Serves as privacy liaison for users of clinical and information systems, including Rochester Regional Health Information Organization (RHIO).
• Serves as liaison to regulatory and accrediting bodies for matters relating to privacy.
• Other duties as assigned.