Medical Records Privacy Officer (Medical Records Administrator)

Description

Essential Functions

• 
  Policy Development and Compliance
  • Develops and implements policies and procedures to ensure the confidentiality, security, and integrity of medical records, aligning with HIPAA, HITECH, 42 CFR Part 2 Final Rule, and other regulatory standards.
  • Evaluates and revises agency privacy protocols and forms to meet licensure, third-party payer, and agency requirements.
  • Provides technical advice to staff on privacy issues, including data handling, breach prevention, and patient rights.
• Staff Oversight and Training
  • Plans, organizes, and directs the work of medical records staff related to privacy practices, including interviewing, recommending hires, and reviewing performance to ensure adherence to confidentiality standards.
  • Develops and delivers training programs to educate staff on privacy policies, secure data entry, and compliance with legal requirements.
• Budget and Vendor Management
  • Reviews, manages, and maintains the departmental budget for privacy-related activities, ensuring resources are allocated to meet revenue and expense goals (e.g., privacy software, training, audits).
  • Manage budgeting, billing, storage, retrieval, and destruction activities with our primary medical record storage vendor.
• Records Security and Retention
  • Reviews and recommends strategies for active and closed file storage, ensuring compliance with legal retention and disposition schedules.
  • Monitors adherence to privacy protocols for the defined record-set, scanning of record attachments, and off-site storage, acting as a liaison with document storage contractors to maintain secure inventory and tracking.
• Privacy Monitoring and Reporting
  • Monitors medical records documentation for privacy compliance through regular reviews, data collection, and analysis, preparing statistical reports on findings (e.g., unauthorized access incidents, duplicate records).
  • Responds to subpoenas, court orders, and patient requests for the release of medical records, ensuring all disclosures comply with privacy laws.
  • Runs and distributes quality assurance reports related to privacy exceptions (e.g., breaches, incomplete consent forms) and implements corrective actions.
• Coordination with Healthcare Informatics Staff
  • Collaborates with Healthcare Informatics Staff to develop secure scanning and cataloging of record attachments into the EHR while maintaining optimal data quality and integrity and mitigating risks of privacy violations.
• Related Duties
  • Stays abreast of industry changes and innovations in medical records privacy, participating in planning to adapt agency practices accordingly.
  • Performs additional tasks as assigned, such as assisting with audits or investigations related to privacy breaches.

Education/Experience

• Minimum Education: Graduation from high school supplemented by at least two years of college-level coursework in records management, health information management, or a related field (or equivalent training).
• Minimum Experience: Two (2) years of experience in a records management position, with a focus on medical records privacy or compliance, or an equivalent combination of education and experience.
• Preferred Experience: Experience with HIPAA compliance and electronic health record systems is highly desirable.

Additional Information & Requirements

• Requires certification and ongoing maintenance of certification as a Registered Health Information Technician (RHIT) in accordance with AHIMA requirements or equivalent.
• Certification in Healthcare Privacy (e.g., Certified in Healthcare Privacy Compliance - CHPC) is preferred.
• Signing Bonus: This position is eligible for a one-time $5,000 signing bonus for new hires.