The Director, Privacy and Security directs and manages Commonwealth Care Alliance's (CCA) efforts to ensure compliance with laws, regulations and policies that govern information privacy and security including, but not limited to: Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), Omnibus Rulemaking, MA 201 CMR 17 (Massachusetts Privacy Law) and International Organization for Standardization (ISO) 27000 requirements. Supervision Exercised: Yes- 2-3 direct reports, including Manager, Compliance & Security and Manager, Compliance Privacy What You'll Be Doing: ORGANIZATIONAL DEVELOPMENT OF PRIVACY & SECURTIY COMPLIANCE PROGRAMS Serves as the Corporate Privacy & Security Official pursuant to the administrative requirements of 45 Code of Federal Regulation, Standards for Privacy of Individually Identifiable Health Information (HIPAA Privacy Rule), HITECH and relevant state laws. Coordinates corporate compliance privacy & security activities which includes overseeing the establishment, implementation, and adherence to corporate policies on individual privacy/security, confidentiality, and release of confidential information Chair/Co-Chair of the Information Privacy and Security Committee Assist in selection of a Privacy Liaison for each CCA entity to facilitate privacy & security compliance initiatives and fulfill federal and state privacy requirements Develops and manages HIPAA project teams, including Privacy Liaisons; serves as a privacy resource for CCA departments and entities Provides leadership in the planning, design, and evaluation of CCA privacy and security related projects Serves as a liaison to regulatory and accrediting bodies for matters relating to privacy & security Responsible for documenting and communicating the progress of the implementation of the HIPAA privacy & security compliance program at CCA including affiliates and related entities Works with legal counsel, management, operational departments, and committees to ensure CCA has and maintains appropriate privacy and security confidentiality consent, authorization forms and information notices Works with the Legal Department to review new or revised healthcare laws and regulations (federal and state) pertaining to individual privacy and determine whether modifications or revisions of policies and procedures are needed Provides direction and guidance in special investigations or special projects. Reviews results and recommends actions in coordination with key internal/external stakeholders Works closely with IT Security, members of the electronic medical record implementation/informatics team, and other information technology personnel to ensure that the organization's privacy & security protections keep pace with technological advances Coordinates with management, IT security, and others to assure physical safeguards to guard data integrity, confidentiality, and availability Coordinates with senior management, operational managers, the Chief Information Security Officer, IT managers, and business support services to provide for a business continuity plan and disaster recovery service. Ensure CCA's disaster recovery plan addresses relevant information privacy and security issues. Reviews all system-related information privacy and security plans throughout CCA's network to ensure alignment between security and privacy practices Provides concise and timely summaries to senior management of complex and detailed regulatory publications and prepares operational impact statements Assist in the oversight of the Corporate Compliance Plan and identification of compliance risks Review Code of Conduct and Compliance Program Description at least annually and promote and enforce CCA's Code of Conduct PRIVACY & SECURITY EXPERTISE & RESOURCES Maintains current knowledge of applicable federal and state privacy & security laws and accreditation standards, and monitors advancements in information privacy & security technologies to ensure organizational adaptation and compliance Participates in outside healthcare organizations for keeping updated on privacy developments and "best practices" for individual privacy & security Maintains corporate library on Privacy & Security regulations and requirements Maintains documentation of corporate compliance privacy & security program Research regulatory issues and can utilize a variety of research resources to assure that the most recent regulatory issuances and interpretations are available. Communicates changes in regulatory issues to senior management and to the appropriate operational managers. Provides access to detailed regulations and assures operational mangers understand the regulations COMPLAINTS SYSTEM Establishes and administers, as appropriate, a corporate process for receiving, documenting, tracking, investigating, and acting on all complaints concerning CCA's privacy and security compliance policies and procedures Responds quickly to incidents and violations to reduce the risks to the organization MEDICAL RECORDS MANAGEMENT AND DISCLOSURES Develops, implements, and administers a system-wide request for access/disclosure verification procedure that reasonably verifies the identity of the individual or entity requesting access or disclosures, and /or legal authority to request the protected health information Implements and oversees the development and application of corrective action procedures designed to mitigate any deleterious effects of use of disclosure of PHI by members of the entity's workforce or business partners Establishes policies/procedures that ensure that record custodians correctly protect and archive patient information Works cooperatively with Corporate leadership in establishing a system to meet patient rights to inspect, amend, and restrict access to protected health information Directs the appropriate use of notices, postings, signs, and information available to the public and to patients concerning corporate policies and procedures to protect individually identifiable health information and notices of restrictions that may be placed on the release of information PUBLIC RELATIONS Increases the public's awareness of organization's efforts to preserve individual privacy Provide information in response to internal and external inquiries regarding the entity's corporate privacy policies and procedures or notice of information practices Initiates, facilitates, and promotes activities to foster information privacy awareness within the organization and related entities. RESEARCH In coordination with operational stakeholders, serves as privacy liaison, as appropriate, to ensure privacy awareness and proper authorizations are established where needed or required for research TRAINING, EDUCATION, & COMMUNICATIONS Oversees the development, delivery, and ongoing improvement of privacy & security compliance training and awareness to include CCA staff and other entities, as required Develops and implements a system-wide privacy training program and, in conjunction with the security official or other individuals charged with security oversight, a cyber security awareness and training program that includes the following components: Initial training of all employees related to the privacy program Privacy training to all members of the workforce, including all employees, volunteers, trainees, and other persons under the direct control of the entity on an unpaid basis, who are not business partners but are likely to have contact with PHI Upon changes in corporate privacy policy or procedure, retraining of directly affected employees Mandated privacy retraining for all employees at on-boarding and annually thereafter. PRIVACY & SECURITY DISCIPLINE Works with senior management to develop and consistently apply appropriate discipline for employees who fail to comply with the organization's privacy & security policies and procedures In cooperation with Human Resources, the Privacy & Security Official, administration, and legal counsel, as applicable, ensures consistent application of disciplinary action for failure to comply with privacy & security policies for all individuals in the organization's workforce, extended workforce, and for all business associates Coordinates with HR to ensure no intimidating, discriminatory, or other retaliatory actions occur against a person who files, testifies, assists, or participates in any investigation, compliance review, proceeding, or hearing related to a privacy violation, or opposes any unlawful act or practice. CERTIFICATIONS AND AUDITS Establishes an internal privacy & security compliance audit program to ensure enterprise-wide compliance with CCA privacy & security policies Works with departmental managers to assure that there is adequate auditing and monitoring of systems' access and activity and processes in place identify potential privacy & security violations Directs or conducts independent reviews and evaluations of all operations and activities to appraise: Compliance with current regulations of federal, state, and other regulatory bodies Possible errors and omissions that may violate current or future compliance Compliance with internal policies, plans or standards which could impact compliance with external regulatory bodies Cooperates with the Office of Civil Rights (OCR), other legal entities, and organization officials in any compliance reviews or investigations. Participates in the development, implementation, and ongoing compliance monitoring of all business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed Aids legal, operational managers and staff during enforcement activities, surveys, and external investigations. Assists in the preparations of required documentation required by external agencies, corrective action plans, and future monitoring or auditing to assure compliance Maintains communications with external regulatory or review organizations and accrediting agencies to assure proper interpretations of regulations and impacts on operations. Coordinates work with others within the organization that have responsibility for process improvement, accreditation surveys or other regulatory activities Assist with the development and preparation of corrective action plans, maintain compliance with benchmarks/deadlines and prepare written reports of audits. Prepare and coordinate regulatory filings as required What We're Looking For: Education Required: Bachelor's Degree or equivalent experience Privacy & Security certifications such as Certified in Healthcare Privacy Compliance (CHPC), Certified in Healthcare Privacy and Security (CHPS), Certified Information Privacy Professional (CIPP) and/or other healthcare industry related credentials Experience Required: 5-10 years' experience Experience with Medicare and Medicaid Experience Desired: An individual with a combination of the following: medical records/health information management background, information systems/technology background; compliance, legal or performance improvement experience Knowledge, Skills & Abilities Required: Knowledge and experience in information privacy & security laws (both Federal and state), access, release of information, and release control technologies An elevated level of integrity and trust Ability to identify issues, problems, and critical factors, and develop methods for corrective action Substantial computer skills required (Microsoft Office at a minimum) Able to communicate clearly, make oral presentations to senior management, and prepare concise detailed written reports Demonstrated organization, facilitation, communication, and presentation skills. Ability to initiate and develop innovative solutions to problems, to identify new opportunities; and have organizational perspective to see how the pieces fit and reflect that perspective in day-to-day decisions. Self-motivation and initiative Ability to identify issues, problems, and critical factors, and develop methods for corrective action Creativity in problem resolution is Strong analytical skills -- having the ability to identify an issue, conduct an analysis to determine business impact (including gap analysis), troubleshoot and identify Strong project management skills - having the ability to effectively manage multiple priorities simultaneously by maintaining established timeframes, adhering to work plans, and communicating changes Candidate must be able to prioritize work and use independent Ability to initiate and develop new solutions to problems, to identify new opportunities; and have organizational perspective to see how the pieces fit and reflect that perspective in day-to-day decisions. EEO is The Law Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled Please note employment with CCA is contingent upon acceptable professional references, a background check (including Mass CORI, employment, education, criminal check, and driving record, (if applicable)), an OIG Report and verification of a valid MA/RN license (if applicable). Commonwealth Care Alliance is an equal opportunity employer. Applicants are considered for positions without regard to veteran status, uniformed service member status, race, color, religion, sex, national origin, age, physical or mental disability, genetic information or any other category protected by applicable federal, state or local laws.
All Job Ads are subject to GrabJobs’s Terms of Service. We allow users to flag postings that may be in violation of those terms. Job Ads may also be flagged by GrabJobs moderation team. However, no moderation system is perfect, and flagging a posting does not ensure that it will be removed.
Be the first to receive the latest Others Full-Time Jobs in the US.
Setup your job alert:
By activating job alerts, I agree to GrabJobs Terms & Privacy Policy. I can unsubscribe to job alerts anytime.
Skip
GrabJobs is the no1 job portal in the US, connecting you to thousands of jobs fast!
Find the best jobs in the US, apply in 1 click and get a job today!