The Regional Compliance and Privacy Manager will help execute CHRISTUS' Corporate Compliance and Privacy Work Plans at the regional level. The Manager will facilitate the region's compliance with federal and state laws and regulations. Additionally, the Manager will investigate actual and suspected compliance and privacy incidents and report findings in accordance with CHRISTUS Investigations Policies. The manager helps ensure compliance with payor regulations and integrity of internal controls; recommends improvements in internal control structure; reviews medical records to establish accuracy of patient billing and charge capture process.
- Assist the Regional Compliance and Privacy Officer with auditing and monitoring to ensure compliance with applicable laws and regulations including but not limited to the Health Information Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, Medicare and Medicaid and other federal and state privacy regulatory requirements;
- Assist the Regional Compliance and Privacy Officer with execution of the CHRISTUS Health System annual work plan;
- Assist with developing compliance and privacy risk assessments, participate in the development of appropriate workflows and corrective actions to address identified gaps and deficiencies;
- Conduct regular Privacy Reviews to monitor employees' privacy knowledge. Coordinate and conduct "privacy walkthroughs;"
- Take a proactive approach to implement systems and processes to prevent and/or mitigate privacy and compliance concerns in the region.
- Ensure CHRISTUS maintains appropriate privacy and confidentiality consent forms, authorization forms, information notices and materials, and updated BAAs for your region;
- Work with identified departments to develop and implement operational compliance and privacy training. Track privacy training and completion rates for your region
- Collaborate with Information Security Officer or their regional designee to perform annual risk assessments. Assist in the development of a plan for assessing access to PHI and PII by employees, consultants, and business associates;
- Assist in the development and/or execution of a complaint workflow so that departments can timely report compliance and privacy complaints received from patients, regulatory entities or internal privacy events, to the Compliance department;
- Investigate suspected or reported incidents involving the use, disclosure, and storage of PHI including potential breaches, patient complaints and OCR complaints;
- Assist the Regional Compliance and Privacy Officer and businesses in the preparation and coordination of regulatory audits, including OIG, OCR, and accreditation agencies;
- Work with the Regional Compliance and Privacy Officer to prepare submission of required reporting of compliance incidents and/or HIPAA breaches to Federal and State regulators, as appropriate;
- Coordinate with patients whose PHI has been breached or who have reported a concern.
- Coordinate with IT Security Officer or regional designee regarding security issues
- Assist in the completion of annual Compliance and Privacy risk assessment processes
- Track Privacy training completion for your area of responsibility
- Ensure Business Associate Agreements (BAAs) are updated within your region and area of responsibility
- Maintain current knowledge of applicable federal and state laws applicable to healthcare privacy
- Maintain rapport with business units to facilitate solid communications
- Serve as a resource for questions regarding application of relevant laws and regulations and the privacy program policies and procedures
- Provide appropriate privacy updates to the CHRISTUS Health Regional Compliance & Privacy Director, Director of Privacy and the VP/Chief Compliance and Privacy Officer for regional and system board reporting
- Provide or direct compliance or privacy education, as permitted
- Develop and deliver course content for targeted training initiatives as directed by the annual work plan
- Initiate, facilitate, and promote activities to foster awareness of privacy within all entities
- Coordinate and conduct, whenever possible, privacy monitoring "walkthroughs" at entities
- Respond to and resolve compliance or privacy related issues received via the CHRISTUS Health Integrity Line
- Maintain a process to document and track the progress of investigations and mitigation of privacy issues in the incident management system (e.g., Privacy Pro, Ethics Point, etc.)
- Prepares the regional report for the system Compliance Office and Board of Directors, as directed by the CHRISTUS Health Regional Compliance & Privacy Director.
- Research compliance, HIPAA Privacy and other privacy regulations as needed or requested and provide written guidance to affected parties
- Other projects and duties as assigned.
- Bachelor's Degree required; prefer in business, accounting, health care administration, legal
- Knowledge of HIPAA Privacy
- Working knowledge of hospital operation processes
- Knowledge of audit and investigation techniques
- Minimum of 3 to 5 years' general healthcare experience with knowledge of hospital operations, physician services and basic health plan requirements.
- Prefer 5 years of general privacy experience
- Prefer 4 years of experience in regulatory research and knowledge of federal and state law
C. Licenses, Registrations, or Certifications