Director, Privacy (Remote)

Commonwealth Care Alliance

Director, Privacy (Remote)

Boston ,

Massachusetts

Apply Now

The Director, Privacy and Security directs and manages Commonwealth Care Alliance's (CCA) efforts to ensure compliance with laws, regulations and policies that govern information privacy and security including, but not limited to: Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), Omnibus Rulemaking, MA 201 CMR 17 (Massachusetts Privacy Law) and International Organization for Standardization (ISO) 27000 requirements.
Supervision Exercised:
Yes- 2-3 direct reports, including Manager, Compliance & Security and Manager, Compliance Privacy
What You'll Be Doing:
ORGANIZATIONAL DEVELOPMENT OF PRIVACY & SECURTIY COMPLIANCE PROGRAMS
Serves as the Corporate Privacy & Security Official pursuant to the administrative requirements of 45 Code of Federal Regulation, Standards for Privacy of Individually Identifiable Health Information (HIPAA Privacy Rule), HITECH and relevant state laws.
Coordinates corporate compliance privacy & security activities which includes overseeing the establishment, implementation, and adherence to corporate policies on individual privacy/security, confidentiality, and release of confidential information
Chair/Co-Chair of the Information Privacy and Security Committee
Assist in selection of a Privacy Liaison for each CCA entity to facilitate privacy & security compliance initiatives and fulfill federal and state privacy requirements
Develops and manages HIPAA project teams, including Privacy Liaisons; serves as a privacy resource for CCA departments and entities
Provides leadership in the planning, design, and evaluation of CCA privacy and security related projects
Serves as a liaison to regulatory and accrediting bodies for matters relating to privacy & security
Responsible for documenting and communicating the progress of the implementation of the HIPAA privacy & security compliance program at CCA including affiliates and related entities
Works with legal counsel, management, operational departments, and committees to ensure CCA has and maintains appropriate privacy and security confidentiality consent, authorization forms and information notices
Works with the Legal Department to review new or revised healthcare laws and regulations (federal and state) pertaining to individual privacy and determine whether modifications or revisions of policies and procedures are needed
Provides direction and guidance in special investigations or special projects. Reviews results and recommends actions in coordination with key internal/external stakeholders
Works closely with IT Security, members of the electronic medical record implementation/informatics team, and other information technology personnel to ensure that the organization's privacy & security protections keep pace with technological advances
Coordinates with management, IT security, and others to assure physical safeguards to guard data integrity, confidentiality, and availability
Coordinates with senior management, operational managers, the Chief Information Security Officer, IT managers, and business support services to provide for a business continuity plan and disaster recovery service. Ensure CCA's disaster recovery plan addresses relevant information privacy and security issues.
Reviews all system-related information privacy and security plans throughout CCA's network to ensure alignment between security and privacy practices
Provides concise and timely summaries to senior management of complex and detailed regulatory publications and prepares operational impact statements
Assist in the oversight of the Corporate Compliance Plan and identification of compliance risks
Review Code of Conduct and Compliance Program Description at least annually and promote and enforce CCA's Code of Conduct
PRIVACY & SECURITY EXPERTISE & RESOURCES
Maintains current knowledge of applicable federal and state privacy & security laws and accreditation standards, and monitors advancements in information privacy & security technologies to ensure organizational adaptation and compliance
Participates in outside healthcare organizations for keeping updated on privacy developments and "best practices" for individual privacy & security
Maintains corporate library on Privacy & Security regulations and requirements
Maintains documentation of corporate compliance privacy & security program
Research regulatory issues and can utilize a variety of research resources to assure that the most recent regulatory issuances and interpretations are available.
Communicates changes in regulatory issues to senior management and to the appropriate operational managers.
Provides access to detailed regulations and assures operational mangers understand the regulations
COMPLAINTS SYSTEM
Establishes and administers, as appropriate, a corporate process for receiving, documenting, tracking, investigating, and acting on all complaints concerning CCA's privacy and security compliance policies and procedures
Responds quickly to incidents and violations to reduce the risks to the organization
MEDICAL RECORDS MANAGEMENT AND DISCLOSURES
Develops, implements, and administers a system-wide request for access/disclosure verification procedure that reasonably verifies the identity of the individual or entity requesting access or disclosures, and /or legal authority to request the protected health information
Implements and oversees the development and application of corrective action procedures designed to mitigate any deleterious effects of use of disclosure of PHI by members of the entity's workforce or business partners
Establishes policies/procedures that ensure that record custodians correctly protect and archive patient information
Works cooperatively with Corporate leadership in establishing a system to meet patient rights to inspect, amend, and restrict access to protected health information
Directs the appropriate use of notices, postings, signs, and information available to the public and to patients concerning corporate policies and procedures to protect individually identifiable health information and notices of restrictions that may be placed on the release of information
PUBLIC RELATIONS
Increases the public's awareness of organization's efforts to preserve individual privacy
Provide information in response to internal and external inquiries regarding the entity's corporate privacy policies and procedures or notice of information practices
Initiates, facilitates, and promotes activities to foster information privacy awareness within the organization and related entities.
RESEARCH
In coordination with operational stakeholders, serves as privacy liaison, as appropriate, to ensure privacy awareness and proper authorizations are established where needed or required for research
TRAINING, EDUCATION, & COMMUNICATIONS
Oversees the development, delivery, and ongoing improvement of privacy & security compliance training and awareness to include CCA staff and other entities, as required
Develops and implements a system-wide privacy training program and, in conjunction with the security official or other individuals charged with security oversight, a cyber security awareness and training program that includes the following components:
Initial training of all employees related to the privacy program
Privacy training to all members of the workforce, including all employees, volunteers, trainees, and other persons under the direct control of the entity on an unpaid basis, who are not business partners but are likely to have contact with PHI
Upon changes in corporate privacy policy or procedure, retraining of directly affected employees
Mandated privacy retraining for all employees at on-boarding and annually thereafter.
PRIVACY & SECURITY DISCIPLINE
Works with senior management to develop and consistently apply appropriate discipline for employees who fail to comply with the organization's privacy & security policies and procedures
In cooperation with Human Resources, the Privacy & Security Official, administration, and legal counsel, as applicable, ensures consistent application of disciplinary action for failure to comply with privacy & security policies for all individuals in the organization's workforce, extended workforce, and for all business associates
Coordinates with HR to ensure no intimidating, discriminatory, or other retaliatory actions occur against a person who files, testifies, assists, or participates in any investigation, compliance review, proceeding, or hearing related to a privacy violation, or opposes any unlawful act or practice.
CERTIFICATIONS AND AUDITS
Establishes an internal privacy & security compliance audit program to ensure enterprise-wide compliance with CCA privacy & security policies
Works with departmental managers to assure that there is adequate auditing and monitoring of systems' access and activity and processes in place identify potential privacy & security violations
Directs or conducts independent reviews and evaluations of all operations and activities to appraise:
Compliance with current regulations of federal, state, and other regulatory bodies
Possible errors and omissions that may violate current or future compliance
Compliance with internal policies, plans or standards which could impact compliance with external regulatory bodies
Cooperates with the Office of Civil Rights (OCR), other legal entities, and organization officials in any compliance reviews or investigations.
Participates in the development, implementation, and ongoing compliance monitoring of all business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed
Aids legal, operational managers and staff during enforcement activities, surveys, and external investigations. Assists in the preparations of required documentation required by external agencies, corrective action plans, and future monitoring or auditing to assure compliance
Maintains communications with external regulatory or review organizations and accrediting agencies to assure proper interpretations of regulations and impacts on operations. Coordinates work with others within the organization that have responsibility for process improvement, accreditation surveys or other regulatory activities
Assist with the development and preparation of corrective action plans, maintain compliance with benchmarks/deadlines and prepare written reports of audits.
Prepare and coordinate regulatory filings as required
What We're Looking For:
Education Required:
Bachelor's Degree or equivalent experience
Privacy & Security certifications such as Certified in Healthcare Privacy Compliance (CHPC), Certified in Healthcare Privacy and Security (CHPS), Certified Information Privacy Professional (CIPP) and/or other healthcare industry related credentials
Experience Required:
5-10 years' experience
Experience with Medicare and Medicaid
Experience Desired:
An individual with a combination of the following: medical records/health information management background, information systems/technology background; compliance, legal or performance improvement experience
Knowledge, Skills & Abilities Required:
Knowledge and experience in information privacy & security laws (both Federal and state), access, release of information, and release control technologies
An elevated level of integrity and trust
Ability to identify issues, problems, and critical factors, and develop methods for corrective action
Substantial computer skills required (Microsoft Office at a minimum)
Able to communicate clearly, make oral presentations to senior management, and prepare concise detailed written reports
Demonstrated organization, facilitation, communication, and presentation skills.
Ability to initiate and develop innovative solutions to problems, to identify new opportunities; and have organizational perspective to see how the pieces fit and reflect that perspective in day-to-day decisions.
Self-motivation and initiative
Ability to identify issues, problems, and critical factors, and develop methods for corrective action
Creativity in problem resolution is
Strong analytical skills -- having the ability to identify an issue, conduct an analysis to determine business impact (including gap analysis), troubleshoot and identify
Strong project management skills - having the ability to effectively manage multiple priorities simultaneously by maintaining established timeframes, adhering to work plans, and communicating changes
Candidate must be able to prioritize work and use independent
Ability to initiate and develop new solutions to problems, to identify new opportunities; and have organizational perspective to see how the pieces fit and reflect that perspective in day-to-day decisions.
EEO is The Law
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
Please note employment with CCA is contingent upon acceptable professional references, a background check (including Mass CORI, employment, education, criminal check, and driving record, (if applicable)), an OIG Report and verification of a valid MA/RN license (if applicable). Commonwealth Care Alliance is an equal opportunity employer. Applicants are considered for positions without regard to veteran status, uniformed service member status, race, color, religion, sex, national origin, age, physical or mental disability, genetic information or any other category protected by applicable federal, state or local laws.

#J-18808-Ljbffr