The HIPAA Program Manager supports the activities of the HIPAA Program in developing and maintaining policies, procedures, and practices designed to ensure compliance with all federal and state privacy requirements and HIPAA Rule standards.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Maintain strict confidentiality of patient information when performing duties and reports any individual or entity suspected of compromising the confidentiality of patient information immediately.
Assist in the formulation of policies and procedures; understand and interpret policies, procedures and regulations; edit and coordinate editing of policies; track changes and archive policies and procedures.
Assist with policy and procedure management system as needed.
Maintain HIPAA Intranet page, collaborating with IT Department.
Assist Chief Privacy Officer in investigating, tracking and resolving HIPAA incidents, including potential breaches of protected health information.
Interface with IT staff members to complete technical investigations.
Assist in third party security assessments and audits.
Assist with security risk assessments.
Assist with security and privacy auditing as needed.
Assist with ensuring that new technology comply with HIPAA security and privacy rules.
Oversee all HIPAA reports in NAVEX incident management system, including weekly reporting on follow-up to case owners.
Assist Chief Privacy Officer in developing and disseminating HIPAA training. Assist with administration of learning management system as needed.
Assist Chief Privacy Officer in resolving issues related to patient rights under HIPAA.
Conducts HIPAA walkthroughs and provides audit results and feedback to departments.
Assist with quarterly reporting to the Executive Compliance Committee and Board Compliance & Quality Committee regarding HIPAA issues.
Work with Fairwarning on an ongoing basis.
Monitors potential issues of impermissible access flagged by Fairwarning on a daily basis.
Review and investigate all flagged alerts reported by Fairwarning to ensure system users are only accessing records for job related purposes.
Work with supervisors and human resources to resolve inappropriate access issues.
Additional duties as assigned.
Knowledge of HIPAA, state and federal guidelines on privacy, and security.
Familiarity with the Security Risk Assessment process.
Experience investigating and resolving incidents involving protected health information.
Detail oriented, with strong analytical and organizational skills with demonstrable ability to write clearly and concisely and to analyze facts within the context of a regulatory environment.
Interpersonal skills and demonstrable ability to work with diverse functional areas within the organization.
Ability to follow up and respond to email and written communications in a timely manner.
Ability to exercise initiative, use sound judgment and employ effective problem solving techniques in the decision making process.
Initiate and follow-through on projects and the ability to work independently with minimal supervision.
Self-starter with ability to meet strict deadlines
Knowledge of healthcare compliance, laws and standards desired
Must have computer skills to include Advanced level with Microsoft Excel
Ability to develop automated auditing tools, data bases and tracking tools desired
Must have a valid driver license with reliable transportation
EDUCATION AND/OR EXPERIENCE:
College degree preferred
Privacy and/or Security related certification (Certified Healthcare Privacy Compliance (CHPC), Certified in Healthcare Privacy and Security (CHPS), and/or Healthcare Information Security and Privacy Practitioner (HCISSP) desired or ability to obtain within one year.
CONFIDENTIAL AND SENSITIVE INFORMATION:
Must be able to fluently speak, write and understand English
Must possess excellent written, oral and presentation skills
Job Description Clause
The statements herein are intended to describe the general nature and level of work being performed by employees, and are not to be construed as an exhaustive list of responsibilities, duties, and skills required of personnel so classified. Furthermore, they do not establish a contract for employment and are subject to change at the discretion of the employer.
21St Century Oncology