Responsible for all ongoing activities related to the development, implementation, maintenance and adherence to the organization's policies and procedures covering the privacy and access to patient health information. The Compliance Officer will be responsible for development of the corporate compliance program. After the performance of a baseline assessment, the Compliance Officer will draft the formal compliance program documents. The Compliance Officer may also be designated the role of HIPAA Compliance/Security Officer.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned:
Ensure the organization's information privacy practices comply with federal and state laws pertaining to the Health Insurance Portability and Accountability Act (HIPAA)
Manage the development, implementation, and promotion of compliance initiatives designed to further company objectives
Collaborate and work closely with the Corporate Compliance Officer to develop strategies in areas of short and long range planning and implementing a uniform and consistent organizational approach to the Company's compliance program ("Compliance Program")
Manage the day to day operation of the Compliance Program
Serve as Prometheus' Privacy Officer, ensuring compliance with all applicable privacy laws and regulations
Oversees, directs, delivers or ensures delivery of privacy training and orientation to all employees and applicable business associates
Serves as Prometheus' Security Officer to ensure compliance with all HIPAA and HITECH laws and regulations affecting Information Services
Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization's privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel
Implement and manage healthcare provider compensation reporting obligations, both on the state and federal level
Provide necessary advisement and guidance regarding activities associated with Prometheus' Compliance Program
Provide timely advice and support for questions and concerns regarding compliance with federal and state healthcare laws and regulations, including Stark, Anti-Kickback Statute, PhRMA Code, and CLIA
Maintain, review, and update appropriate policies and procedures, develop and conduct any necessary training, and monitor the business operations to ensure compliance with all applicable laws, regulations and Prometheus' Compliance Program
Implement and monitor an audit program for sales and marketing compliance and laboratory billing compliance
Review and approve applicable business and marketing initiatives, including educational grants, and promotional sponsorships
As a member of the Legal team, provide advice to management on legal/regulatory matters specific to the specialty pharmaceutical and diagnostics industry, e.g., marketing/advertising, promotion, billing, sampling, and product claims
Conduct as needed compliance reviews of business operations and attend business programs and activities to ensure full compliance with all applicable laws, regulations and Prometheus' Compliance Program
Review all relevant documents, perform and coordinate an organization-wide audit, and review all areas of possible noncompliance within the organization, including human resources department, coding, billing, and reimbursement departments; laboratory (CLIA); and all areas of the practice that fall under the OSHA and HIPAA guidelines
Coordinate and/or audit the training and reporting elements of all the regulatory compliance manuals
Coordinate all investigations of deficiencies resulting from the reporting system or identified through these periodic assessments
Advise organization on matters relating to outside Federal and State inspections
Independently investigate and provide guidance and support on matters related to compliance and/or privacy and potential violations of the Compliance Program and/or applicable laws and regulations
Monitor employee complaints and concerns, and provide appropriate guidance and counsel.
Assist with and/or handle various special projects from time to time, including records management
Develop and update appropriate training modules to provide legal and regulatory guidance, as needed
Conducts new hire training, annual training course and remedial sessions
Liaise with outside counsel and other stakeholders to develop appropriate compliance solutions
Other related duties as assigned to meet departmental and Company objectives.
The person appointed or designated the role of a HIPAA Compliance Officer must have a thorough knowledge of the HIPAA Privacy and Security Rules and the solutions available that will allow him or her to develop a HIPAA compliance program. For accountability purposes, a single point of contact with the title HIPAA Privacy Officer for contact with public, employees and the Department of Health and Human Services is required.
Establish, document, monitor and enforce Security Rule safeguards and any subsequent rules issued by Office of Civil Rights (OCR).
Audit all-company compliance to HIPAA at least annually.
Develop and execute Training Programs to include company security awareness
Monitor HHS and the states regulatory requirements.
Incorporate IT Security and HIPAA compliance with business continuity, incident response and disaster recovery.
Perform risk analysis and audits on company and Business Associates
Ensure Business Associates agreements are up to date.
Investigate data breaches and notify appropriate entities as required (Breach notification Rule)
This job has no supervisory responsibilities.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
EDUCATION and/or EXPERIENCE
Position generally requires a Bachelor's degree (B.A.) from a four-year college or university, a J.D. strongly desired; 8+ years experience in the healthcare industry working with healthcare regulations including HIPAA/HITECH, Anti-Kickback statute, Stark, Sunshine Act, False Claims Act, Food, Drug & Cosmetic Act, OIG guidances, and the PhRMA Code. Knowledge of HIPAA, state and federal guidelines on privacy, transactions and security; experience in a documented HIPAA compliance role a plus. 8+ years experience in establishing and/or maintaining a compliance program for a healthcare organization. Requires basic computer skills with familiarity in Excel; Word; PowerPoint and Outlook.
Ability to read, analyze, and interpret general business periodicals, legal documents, professional journals, technical procedures, or governmental regulations. Ability to write reports, business correspondence, responses to audits and procedure manuals; ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public.
Ability to calculate figures and amounts such as discount, interest, commissions, proportions, percentages, area, circumference, and volume; ability to apply concepts of basic algebra and geometry.
Ability to define problems, collect data, establish facts and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
CERTIFICATES, LICENSES, REGISTRATIONS
None required. JD and/or HCCA certificate preferred.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to sit and talk or hear. The employee frequently is required to use hands to finger, handle, or feel. The employee is occasionally required to stand, walk, and reach with hands and arms. The employee is not required to do any lifting, pushing or pulling in this position.
Specific vision abilities required by this job include close vision, distance vision, peripheral vision, depth perception, and ability to adjust focus.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
The noise level in the work environment is usually quiet.
All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected class.
Prometheus Laboratories Inc.