Support PDF,DOC,DOCX,TXT,XLS,WPD,HTM,HTML fils up to 5MB
Years of Experience
Date Last Verified
ProfileDirector – Privacy Officer – Corporate Responsibility Duties: Provides direction and oversight of the Corporate Responsibility Privacy Program, functioning as an independent and objective body that reviews, promotes, and evaluates privacy issues/concerns within Hospital. Oversee the implementation and continued compliance to federal and state laws regarding patient privacy. Maintains current regulatory resources; provides timely regulatory updates to the Corporate Responsibility Steering Committee and to leadership, employees, physicians, and residents. Performs ongoing monitoring of all areas of privacy, identifies and assesses areas of privacy risk, and acts decisively on issues of potential non-compliance. On behalf of the RCRO, works closely with senior leadership, providing independent decision-making and follow up. Actively participates in outstanding customer service and accepts responsibility in maintaining relationships that are equally respectful to all. Functions as an independent and objective body that reviews, promotes, and evaluates privacy issues/concerns within Florida Hospital. Broad scope of interaction with individuals at all levels of the organization: executive leadership, management, staff, medical staff, and third parties, including Federal and state government representatives, and federal, state, and local law enforcement representatives. Oversees and monitors the privacy program. Prepares reports to the Board and the Corporate Responsibility Steering Committee detailing privacy initiatives on a regular basis. Develops, initiates, maintains, and revises policies, procedures, and practices for the privacy program, including the handling of patient data, for Florida Hospital. Develops, coordinates, and participates in a multifaceted educational and training program that focuses on the compliance with state and federal privacy laws and seeks to ensure that all appropriate employees, volunteers, medical staff, and management are knowledgeable of, and compliant with, pertinent federal, and state standards. li> Acts as an independent review and evaluation body to ensure that privacy issues/concerns within Hospital are being appropriately evaluated, thoroughly and timely investigated, and resolved. Coordinates internal privacy review and monitoring activities and as appropriate, coordinate external reviews. Oversee internal and external audit procedures for the purpose of monitoring and detecting any misconduct or noncompliance. Initiate follow-up to ensure issues identified by audit are resolved and that recommendations have been implemented. Identify potential areas of privacy vulnerability and risk; develop/implement corrective action plans for the resolution of problematic issues, and provide general guidance to Hospital on how to avoid or deal with similar situations in the future. Cooperates with the Department of Health and Human Services, the Office for Civil Rights, law enforcement, other legal entities, and organization officers in any privacy examinations or investigations. Responds to alleged violations of rules, regulations, policies, procedures and Hospital privacy policies by evaluating or recommending the initiation of investigative procedures. Develop and oversee a system for uniform handling of such violations, including the receiving, responding to, tracking and documenting complaints from patients, employees, business associates and other regarding Hospital’s privacy practices. Develop and oversee corrective action plans in response to violations. Collaborates with the Human Resources Department to ensure appropriate and consistent sanctions are employed in response to privacy violations. Collaborates with internal and external counsel as necessary on the resolution of privacy issues. Works with other departments, including the Data Security Officer, legal counsel, Human Resources, Risk Management, Patient Financial Services, Health Information Management, and clinical operations to implement corrective action and to mitigate effects of privacy violations, and document such actions. Coordinates the identification by individual departments of business associates that receive PHI and review existing contracts as needed with these entities for compliance with HIPAA. As needed, reviews and evaluates proposed business contracts and other documents to identify and correct potential conflicts between Hospital’s privacy policies and procedures and applicable federal and state laws and regulations. Regularly monitors, in coordination with the Data Security Officer, a mechanism to track access to PHI, as required by law. Fulfills duties necessary to implement corporate record retention policies. Is responsible for assessment of current inventories of records and annual review of inventories. Approve extended retention of e-mails for individuals. Proactively offers expertise to state and local committees for the purpose of keeping laws, rules, and regulations current. Contributes knowledge to state-level groups regarding privacy issues as they relate to the particular group. Act as a consultant on privacy matters for the AHS Florida Division and other AHS hospitals. Works with senior management of AHS regarding privacy issues related to Hospital to assure compliance to AHS policies. Provides information about matters covered by the notice of privacy practices. In coordination with the Data Security Officer, helps to ensure alignment between security and privacy practices. Works cooperatively with other applicable departments in overseeing patient rights to inspect, amend and restrict access to PHI when appropriate. Works with legal counsel and management to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials as prescribed by state and federal privacy laws. Discretion with financial information. Represents Hospital in audits and deliberations with federal, state and local agencies and organizations. Collaborates with the privacy high risk departments such as Health Information Management, Patient Financial Services, for compliance issues and concerns. Identifies new laws and regulations and assess the potential impact to the organization. Coordinate with the appropriate departments to achieve changes based on new and existing regulations. Identifies new AHS corporate policies and assess the potential impact to the organization. Coordinate with the appropriate departments to achieve changes based on new and existing corporate policies. Monitors the performance of the privacy program on a continuing basis, taking appropriate steps to improve its effectiveness. Tracks and trends all privacy issues and details of action taken towards resolution of issues. Works with business areas to mitigate privacy issues, including working with business areas on any resulting performance improvement initiatives. Participates in the Corporate Responsibility Sub and Ad Hoc Committees. Works cooperatively with other applicable departments in overseeing patient rights to inspect, amend and restrict access to PHI when appropriate. Represents Hospital in audits and deliberations with federal, state and local agencies and organizations. Works with business areas on permitted uses and disclosures of patient information for programs and initiatives including community benefit programs, community partners, marketing. Manages one or more Corporate Responsibility Analysts or Senior Corporate Responsibility Analysts assigned to work on privacy matters. Manages the privacy activities of Hospital campuses’ Corporate Responsibility Liaisons.
Qualification and Experience
Qualifications: Bachelor’s degree in relevant field. 6+ years of privacy experience. 5+ years of progressive managerial experience. JD Degree or Master’s degree in Health Care administration or equivalent discipline preferred. Certified in Healthcare Privacy Compliance (CHPC) by the Health Care Compliance Association preferred. Certified Information Privacy Professional (CIPP) by the International Association of Privacy Professionals preferred. 5 years’ experience in a healthcare management position preferred. Practical experience in complex, multi-campus health care environment preferred. Extensive knowledge of the Health Insurance Portability Act (HIPAA) as well as other state and federal privacy laws. Extensive experience required conducting investigations and interviews. Experience in overseeing the coordination, drafting and submission of responses to regulatory agencies, such as the Office for Civil Rights (OCR). High degree of credibility, independence, integrity, confidentiality, and trustworthiness. Effective oral and written communication. Public speaking skills and the ability to articulate complex regulatory information in understandable terms to all levels of staff. Ability to teach complex regulatory concepts to all level of staff. Strong interpersonal skills required to interface between administration, staff, and medical staff. Sound business judgment. Ability to read and understand federal, state, and local laws and regulations. Knowledge of general hospital operations and understanding of the complexities of a large organization. Ability to manage large projects, including people and tasks. Organizational and planning skills as well as the ability to handle multiple tasks simultaneously. Ability to effectively handle patient complaints. Ability to operate successfully in a constantly changing, fast-paced environment. Computer literacy and word processing skills, particularly Microsoft Outlook, Word, Excel, and PowerPoint. Excellent analytical and problem-solving skills. Ability to communicate effectively with legal counsel. Ability to work in a matrix-management environment to achieve organizational goals. Demonstrates, through behavior, Hospital’s core values of Integrity, Compassion, Balance, Excellence, Stewardship, and Teamwork Serves as a focal point for privacy compliance program.