The Compliance & Privacy Specialist supports the Privacy Officer in all ongoing efforts regarding the drafting, maintenance, and application of all privacy policies, procedures, and best practices in accordance with state and federal laws.
Principal Duties and Responsibilities
Provides consultative expertise to ensure compliance with, and implementation of, safeguards to ensure the privacy of confidential information (e.g., federal requirements under the Health Insurance Portability and Accountability Act (HIPAA), and state requirements under the Massachusetts Identity Theft Law Standards for the Protection of Personal Information). This role will be reporting directly to the Privacy Officer.
Conducts independent research and analysis of various compliance and regulatory issues, including tracking, monitoring and assessing new privacy regulations, laws, and industry best practices.
Facilitates and organizes compliance and regulatory committees and task forces to manage issues and concerns while providing expert advice.
Conducts training for new employees at new hire orientation along with other applicable periodic training sessions for Hospital personnel (including annual review of existing training modules for staff).
Facilitates resolution of complaints, concerns and questions about compliance issues or in response to reported incidents, including reporting to internal and external stakeholders as required.
Manages and monitors maintenance of existing data and incident tracking tools for receiving, documenting, investigating and taking action on all complaints and reported incidents/activities.
Supports the development of Compliance/Privacy Program written materials, reports, presentations, and communication tools.
Works to maintain and improve a proactive monitoring plan to track access to protected health information as required by law and our developing institution plan.
Assists with enterprise-wide awareness on internal policies and procedures and provides ongoing support to all departments, including: Office of General Counsel, Information Services Department, Institutional Review Board, Trust, Patient Relations, Health Information Management, Marketing and Communications, and other important stakeholders.
Supports Privacy Officer in work related to the essential elements of a compliance program (education and training, auditing and monitoring, prevention, enforcement, investigating and reporting, etc).
Minimum Knowledge and Skills Required
- Works requires the knowledge of theories, principles, and concepts of compliance typically acquired through completion of a Bachelor's Degree in healthcare administration, business, and/or related degree with at least three (3) to five (5) years of previous experience, preferably in a hospital setting. Current knowledge of HIPAA regulations required. Master’s degree/Juris Doctorate, and experience in an academic medical center preferred.
- Work requires the ability to effectively persuade and negotiate with peer level, senior managers, and external agencies/facilities on issues and programs that impact compliance matters.
- Work requires the analytical skills necessary to plan, design, and/or enhance enterprise-wide systems for tracking compliance activities.
- Work requires utilizing outstanding interpersonal, organizational and communication skills to drive complex processes to conclusion by working across departmental lines.
Certification, Registration, or Licensure Required
Certification or certification eligibility is preferred in privacy compliance or a related field through an applicable certification organization (Health Care Compliance Association (HCCA), American Health Information Management Association (AHIMA), International Association of Privacy Professionals (IAPP), etc.)
Physical Requirements of the Job
- Work requires frequently lifting and carrying patients/children and/or objects weighing up to 10 pounds.
- Work requires regularly stooping and bending.
- Work requires regularly reaching and grasping objects at, above and below shoulder level.
- Work requires regularly grasping and fine manipulation with hands.
- Work requires regularly proofreading and checking documents for accuracy.
- Work requires regularly inputting/retrieving words or data into or from an automated/computer system.
Blood Borne Pathogen Category
No Potential Exposure. Job may require performance of tasks that involve no potential for exposure to blood, body fluids, or tissues. Tasks that do involve exposure are not an expectation of employment.
Application Submission Information: