Senior Director of Privacy

Job Summary

Oversees all ongoing activities across the system related to the development, implementation, maintenance of, and adherence to the organization's policies and procedures covering the privacy of, disclosure of and access to, patient health information in compliance with federal and state laws and the healthcare organization's information privacy practices.

Job Responsibilities

• Builds a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and procedures that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of protected health information (PHI); ensure privacy forms, notices, policies, standards and procedures are up to date.
• Works with organization senior management, Chief Information Security Officer, Chief Information Officer and the Chief Compliance Officer to establish a system-wide Privacy Oversight Committee and serve in a leadership role for the Privacy Oversight Committee's activities.
• Serves in a leadership role for privacy compliance.
• Assists Chief Compliance Officer with compliance activities and investigations as requested.
• Works with a high level of confidentiality.
• Prepares written reports of findings and recommendations for corrective action.
• Interacts with all levels of team members and coordinates with others to implement corrective action and resolve issues/concerns.
• Develops and carries out/oversees ongoing monitoring plans based on findings and identified risk.
• Participates on various compliance committees, subcommittees, and workgroups.
• Collaborates with the Chief Information Security Officer and Chief Information Officer to ensure alignment between security and privacy programs including policies, practices and investigations.
• Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation and remediation.
• Conducts related ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.
• Reviews role-based access controls; oversees audits of access to Protected Health Information (PHI); recommends appropriate action necessary as a result of audit activities.
• Takes a lead role to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organization and legal practices and requirements.
• Oversees, develops and delivers initial and ongoing privacy training to the workforce.
• Participates in the development, implementation and ongoing compliance monitoring of all business associates and business associate agreements to ensure all privacy concerns, requirements and responsibilities are addressed.
• Works cooperatively with the Health Information Management (HIM) Director and other applicable organization units in overseeing patient rights to inspect, amend and restrict access to PHI when appropriate.
• Establishes, with management and operations, a mechanism to track access to protected health information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
• Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization's privacy policies and procedures in coordination and collaboration with other similar functions, when necessary, legal counsel.
• Manages all required breach determination and notification processes under HIPAA and applicable state breach laws and requirements, in coordination with the HIPAA Security Director, as applicable.
• Establishes and administers a process for investigating and acting on privacy complaints.
• Performs required breach risk assessment, documentation and mitigation.
• Works with Human Resources to ensure consistent application of sanctions for privacy violations.
• Initiates, facilitates and promotes activities to foster privacy awareness within the organization and related entities.
• Maintains current knowledge of applicable federal and state privacy laws and accreditation standards.
• Works with organization administration, legal counsel and other related parties to represent the organization's privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation or standard.
• Cooperates with the U.S. Department of Health and Human Service's Office for Civil Rights, State regulators and/or other legal entities in any compliance reviews or investigations.
• Serves as the privacy resource to the organization regarding release of information and to all entities and departments for all privacy-related issues.

Qualifications

• Bachelor's degree or higher in healthcare related field required upon hire AND
• Master's degree or higher in healthcare related field required within 2 years of employment in this position
• A combination of education, training and experience may be considered in lieu of degree.
• A minimum of 5 years' relevant experience required
• CHPC - Certified in Healthcare Privacy Compliance required within 12 months of employment in this position

Skills and Attributes

• Requires critical thinking skills and decisive judgment.
• Works under minimal supervision.
• Must be able to work in a stressful environment and take appropriate action.

Physical Demands

• Standing: Occasionally
• Walking: Occasionally
• Sitting: Frequently
• Lifting 0-25 lbs: Rarely
• Lifting 25-75 lbs: Never
• Lifting over 75 lbs: Never
• Carrying 0-25 lbs: Rarely
• Carrying 25-75 lbs: Never
• Carrying over 75 lbs: Never
• Pushing/Pulling 0-25 lbs: Rarely
• Pushing/Pulling 25-75 lbs: Never
• Pushing/Pulling over 75 lbs: Never
• Climbing: Rarely
• Bending/Stooping: Rarely
• Kneeling: Rarely
• Crouching/Crawling: Rarely
• Reaching: Occasionally
• Talking: Frequently
• Hearing: Occasionally
• Repetitive Foot/Leg Movements: Never
• Repetitive Hand/Arm Movements: Frequently
• Keyboard Data Entry: Frequently
• Running: Never
• Vision: Depth Perception: Frequently
• Vision: Distinguish Color: Frequently
• Vision: Seeing Far: Frequently
• Vision: Seeing Near: Frequently

Owensboro Health Core Commitments

INTEGRITY - We conduct ourselves with a high level of responsibility, reliability and honesty because we take seriously the trust of our patients and coworkers.

RESPECT - We value and accept the unique talents and contributions of every patient, customer and team member in the Owensboro Health community.

TEAMWORK - We build a spirit of connectivity and fellowship by striving together to overcome obstacles, surpass goals, celebrate accomplishments and plan the future.

INNOVATION - We foster original ideas and creative solutions that improve our daily work and promote the mission of Owensboro Health.

SERVICE - We focus on service to patients, customers and team members by anticipating their needs, thoughtfully meeting those needs and continually improving the quality of everything we do.

EXCELLENCE - We reach beyond basic expectations to expand our knowledge and awareness, produce exceptional work and provide outstanding service.