The Privacy Officer will report directly to the President/ CEO of Community Health Center, Inc. (CHC). A health system focused on primary care, CHC is the largest Federally Qualified Health Center (FQHC) in Connecticut, and also operates research and education offices in Connecticut and Colorado. Through its direct work in primary care and expansion of programs throughout the country, CHC is at the cutting edge of health care delivery. The Privacy Officer position focuses on ensuring that the health center and subsidiaries are compliant with all state and federal requirements pursuant to HIPAA and HITECH. Being effective in this role requires a natural aptitude for communication across the organization, and stellar attention to detail. This person should have a strong background in health care, privacy laws and regulations, highly regulated environments and technology. Experience with developing and delivering staff trainings and an orientation to creative problem solving are key. The Privacy Officer must also be comfortable working independently in a fast-moving, dynamic environment.
ROLE AND RESPONSIBILITIES
- Conduct investigations of privacy-related complaints and respond to privacy-related inquiries from workforce members, patients and/or family members, the compliance hotline or other sources. This work includes responding timely to incidents and inquiries received, documenting the work and actions taken, and tracking investigations and inquiries.
- Develop and implement (or oversee implementation of) corrective action plans (including working with Human Resources and managers to ensure consistent application of disciplinary action standards for privacy violations) in response to complaints and investigations.
- Design, initiate and complete privacy-related projects in furthering the goals and objectives of the Institute’s privacy program.
- Based on outcomes of privacy-related investigations, report to state and federal authorities, as appropriate, and communicate with patients or individuals when their PHI or PI has been used or disclosed in violation of our standards.
- Develop, implement, maintain and oversee training and education programs for privacy issues, including, new employee orientation, annual online training and department-specific training.
- Conduct annual privacy risk assessment and develop a work plan to address identified risks, including conducting audit and monitoring activities.
- Cooperate with U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) and other federal and state entities, in any privacy program audits, inquiries or investigations.
- Develop, implement, maintain and oversee privacy-related policies and procedures and work closely with the Information Technology Security Officer to develop, implement and oversee information security-related policies and procedures.
- Stay current with relevant federal and state privacy laws and regulations and modify the privacy program accordingly to remain compliant, as well as consistent with industry best practices.
- Enhance professional growth and development by participating in educational programs, distributing and reading current literature and conducting and participating in in-service meetings and workshops.
- Serve as a resource on the laws, regulations and internal policies pertaining to privacy, health information, and PI for workforce members, departments, patients and others, as needed.
- Collaborate with the General Counsel and Compliance Officer to ensure alignment between privacy and other areas of compliance (e.g., research compliance, billing compliance, pharmacy compliance).
- Initiate, facilitate and promote communication activities to foster privacy awareness within CHC.
- Prepare written documentation, reports, presentations, etc. as required; maintain, distribute, analyze, and collect information for required records, reports and statistics, as directed.
- Perform any other functions assigned to the Privacy Officer pursuant to policies and procedures regarding privacy or by the General Counsel
- Required: Bachelor's degree and the equivalent of three (3) to five (5) years of full-time experience with privacy and confidentiality, health information management, or information security.
- Preferred: Advanced degree, Certification in Healthcare Privacy Compliance (CHPC) and/or Registered Health Information Administrator. Experience working in a health care setting. Knowledge of and experience in working with federal and state privacy laws, including those pertaining to access, release of information, and release control technologies.
Commitment and ability to:
- Work in a team-based environment,
Handle patient interactions/communication with extreme care, patience and consideration, and
Create an environment with open channels of communication with workforce members, patients and others.
- Ability to work in a fast-paced environment and successfully manage multiple privacy investigations and projects simultaneously
- Possess excellent organization, attention to detail, facilitation, technical and analytical skills. Can gather relevant information systematically, break down problems into simple components, make sound decisions and provide appropriate, comprehensive advice to target audiences. Approach problems with curiosity and open-mindedness and offer new ideas, solutions and/or options. Demonstrate discretion, diplomacy, and good judgment.
- Ability to manage risk in an innovative setting and prioritize work based on risk.
- Possess strong communication and presentation skills; clearly and concisely express ideas in groups and one-to-one conversations, formal and informal documents. Adapt writing and communications styles to fit the audience.
- Initiate, develop, and maintain relationships and networks with peer Privacy Officers, privacy-related groups and committees.
- Experience working in a mission-based, multi-stakeholder environment.
- Project management skills; ensuring projects come to fruition from inception to completion.
- MS Office (Word, Excel, Access, Powerpoint) expertise and knowledge of or ability to learn electronic medical record auditing software.