The Regional Compliance and Privacy Manager will help execute CHRISTUS' Corporate Privacy Work Plans at the regional level. The Manager will facilitate the region's compliance with federal and state privacy laws and regulations. Additionally, the Manager will investigate actual and suspected privacy incidents and report findings in accordance with CHRISTUS Policies and processes. The manager helps ensure compliance with privacy regulations and integrity of internal controls; recommends improvements in internal control structure; reviews medical records in the course of privacy investigations or monitoring activities.
- Assist the CHRISTUS Regional Compliance & Privacy Director with auditing and monitoring of business units to ensure compliance with applicable privacy laws and regulations including but not limited to the Health Information Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, Medicare and Medicaid and other federal and state privacy regulatory requirements;
- Assist the CHRISTUS Regional Compliance & Privacy Director with execution of the CHRISTUS Health System annual work plan relative to privacy, which addresses business risks and exposures related to the healthcare industry, including regulatory privacy initiatives, the OIG's work plan, senior leaderships goals and objects, and issues that arise in the course of day-to-day regional operations.
- Work with business units to identify privacy gaps and deficiencies.
- Participate in the development of appropriate workflows and corrective actions to address identified gaps and deficiencies. Assist with developing privacy risk assessments for gaps identified and make recommendations for improvements;
- Conduct regular Privacy Reviews to monitor employees' privacy knowledge;
- Take a proactive approach to implement systems and processes to prevent and/or mitigate privacy compliance concerns in the region.
- Ensure CHRISTUS maintains appropriate privacy and confidentiality consent forms, authorization forms, and information notices and materials;
- Work with identified departments to develop and implement operational privacy training.
- Work with business units to develop monitoring metrics, identify and provide input on department-level policies and procedures, as appropriate, and assist in developing/delivering specialized operational training for department employees;
- Collaborate with Information Security Officer or their regional designee to perform annual risk assessments. Assist in the development of a plan for assessing access to PHI and PII by employees, consultants, and business associates;
- Assist in the development and/or execution of a complaint workflow so that departments can timely report privacy complaints received from patients, regulatory entities or internal privacy events, to the Compliance department;
- Investigate suspected or reported incidents involving the use, disclosure, and storage of PHI including potential breaches, patient complaints and OCR complaints;
- Assist the CHRISTUS Health Regional Compliance & Privacy Director and businesses in the preparation and coordination of regulatory audits, including OIG, OCR, and accreditation agencies;
- Work with the CHRISTUS Health Regional Compliance & Privacy Director to prepare submission of required reporting of compliance incidents and/or HIPAA breaches to Federal and State regulators, as appropriate;
- Coordinate with patients whose PHI has been breached or who have reported a concern.
- Coordinate with IT Security Officer or regional designee regarding security issues;
- Assist in the completion of annual Privacy risk assessment processes;
- Track Privacy training completion for your area of responsibility;
- Ensure Business Associate Agreements (BAAs) are updated within your region and area of responsibility;
- Maintain current knowledge of applicable federal and state laws applicable to healthcare privacy;
- Maintain rapport with business units to facilitate solid communications;
- Serve as a resource for questions regarding application of relevant laws and regulations and the privacy program policies and procedures;
- Provide appropriate privacy updates to the CHRISTUS Health Regional Compliance & Privacy Director, Director of Privacy and the VP/Chief Compliance and Privacy Officer for regional and system board reporting;
- Provide or direct privacy education, as permitted;
- Develop and deliver course content for targeted privacy training initiatives as directed by the annual work plan;
- Initiate, facilitate, and promote activities to foster awareness of privacy within all entities;
- Coordinate and conduct, whenever possible, privacy monitoring "walkthroughs" at entities;
- Respond to and resolve privacy related issues received via the CHRISTUS Health Integrity Line;
- Maintain a process to document and track the progress of investigations and mitigation of privacy issues in the incident management system (e.g., Privacy Pro, Ethics Point, etc.);
- Prepares the regional report for the system Compliance Office and Board of Directors, as directed by the CHRISTUS Health Regional Compliance & Privacy Director.
- Research HIPAA Privacy and other privacy regulations as needed or requested and provide written guidance to affected parties; and
- Other projects and duties as assigned.
- Bachelor's Degree required; prefer in business, accounting, health care administration, legal
- Knowledge of HIPAA Privacy
- Working knowledge of hospital operation processes
- Knowledge of audit and investigation techniques
- Minimum of 3 to 5 years' general healthcare experience with knowledge of hospital operations, physician services and basic health plan requirements.
- Prefer 5 years of general privacy experience
- Prefer 4 years of experience in regulatory research and knowledge of federal and state law
C. Licenses, Registrations, or Certifications