Director Privacy - Compliance

at  Christus Health

SUMMARY:

The Director of Privacy will oversee and maintain a comprehensive and effective privacy compliance program for all CHRISTUS Health entities. The Director of Privacy will provide consultative services on privacy and patient confidentiality issues, lead program development and implementation and ensure privacy and security compliance monitoring. This position reports to the Vice President, Compliance.

REQUIREMENTS:

• Bachelor’s degree
• Relevant Master’s degree or JD preferred
• Demonstrated knowledge in HIPAA Privacy, HIPAA Security, applicable state Privacy statutes and regulations
• Working knowledge of hospital operation processes
• Ability to detect deficiencies in processes and determine educational needs to improve outcomes
• Minimum of five to seven years general healthcare compliance experience with knowledge of hospital operations, physician services and health plan privacy requirements
• Minimum five years’ experience in regulatory research and knowledge of federal, state healthcare privacy requirements
• HIPAA Privacy Officer experience strongly preferred
• Certified in Healthcare Privacy Compliance (CHPC) preferred.

• Initiates, facilitates, and promotes activities to foster a culture of privacy compliance within CHRISTUS Health
• Provides guidance and direction to Privacy Managers and Compliance Officers on HIPAA Privacy rules and other applicable federal and state health care privacy laws
• Provides guidance and direction to all CHRISTUS Health Associates on HIPAA Privacy and other applicable federal and state health care privacy laws
• Periodically reviews and revises CHRISTUS Health’s Privacy Policies and Procedures and guidance materials to facilitate compliance with new privacy-related laws/regulations or changes to existing federal, state, and local privacy rules and regulations
• Works with CHRISTUS Health Legal to ensure that CHRISTUS Health has and maintains consent and authorization forms, information notices, and other materials consistent with current rules and regulations
• Periodically reviews and maintains the online HIPAA Privacy training modules, and develops new training modules as appropriate
• Oversees the delivery of HIPAA training to all applicable medical and professional staff and monitors for training completion with the help of the Privacy Managers and Compliance Officers
• Performs and/or directs ongoing compliance monitoring and auditing activities
• In collaboration with the Privacy Managers and Compliance Officers, investigates privacy incidents, determines if breach notification is required, and generates reports to affected individuals and, when needed, HHS-OCR or other applicable agencies
• In collaboration with the Privacy Managers and Compliance Officers, oversees and administers the process for receiving, documenting, tracking and investigating complaints concerning compliance with CHRISTUS Health’s Privacy Policies and Procedures
• Facilitates compliance with Privacy Policies and Procedures and consistent application of discipline for failure to comply with HIPAA Policies and Procedures
• Assists Legal with recommendations and revisions with business associate agreements and data use agreements
• Assists CHRISTUS Health’s IRB staff and researchers in assessing privacy requirements for research studies
• Cooperates with HHS-OCR and other governmental or legal entities in any compliance reviews or investigations
• Coordinates implementation of policies and procedures to facilitate compliance with applicable international data privacy laws
• Develops and implements an annual privacy plan in accordance with best practices to ensure effective mitigation and management of privacy compliance risk
• Monitors advancements in information technologies as it relates to PHI privacy and security to ensure organization adaptation and compliance
• Maintains rapport with all business units to facilitate spirit of collaboration
• Serves as a resource for questions regarding application of relevant privacy laws and regulations and privacy program policies and procedures
• Initiates, facilitates, and promotes activities to foster privacy awareness within all entities
• Investigates and manages privacy incidents, complaints, and breaches at Corporate
• Ensures all reporting required under applicable privacy laws and regulations are completed and submitted in a compliant and timely manner
• Facilitates consistent application of sanctions across all lines of business and all regions for failure to comply with privacy policies for all Associates in the workforce, in cooperation with Human Resources, Information Security, and Legal, as applicable
• Responds to and resolves privacy-related concerns received via the CHRISTUS Health Integrity Line in coordination with all business units
• Researches privacy laws/regulations as needed or requested and provides guidance to affected parties
• Collaborates with Information Security including reviewing security risk assessments to facilitate effective mitigation of identified risks
• Collaborates with Interoperability workgroup to facilitate compliance with Information Blocking Rules