Maintains current knowledge of applicable federal and state privacy laws and accreditation standards.
Demonstrates understanding of HIPAA laws, standards and state privacy laws.
Provides guidance and assistance in the identification, development, implementation, and maintenance of organization information privacy policies and procedures in coordination with organization management.
Coordinates the development of privacy risk assessment policies and procedures
Performs initial and periodic information privacy risk assessments and conducts related ongoing compliance monitoring activities.
Conducts audits of internal and external privacy functions
Participates in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements.
Develops performance measures and reports to monitor and improve organizational performance and report to appropriate organizational body.
Establishes a preventative program to detect, prevent and mitigates privacy/security breaches.
Coordinates with the Corporate Compliance Officer or legal re: procedures for documenting and reporting any evidence of privacy violation
Establishes an incident/complaint/breach investigation response, develops response plan and oversees investigations of incidents/complaints/ breaches. Determines corrective action/remediation, sanctions and disciplinary actions.
Develop and implement a corporate- wide Privacy Training Program --
Oversees, directs, delivers, or ensures delivery of initial and privacy training and orientation to all employees, volunteers, medical and professional staff, contractors, alliances, business associates, and other appropriate third parties.
in conjunction with the Security Officer Oversight, Cyber Security Awareness & Training Program
Establishes a mechanism to track access to Protected Health Information (PHI), within the purview of the organization and as required by law.
Monitors Access and Disclosure Verification Procedures
Oversees processes to inspect, amend, and restrict access to protected health information when appropriate.
Provides support for organizational processes for use and disclosure of PHI including
Ensures compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organization's workforce, extended workforce, and for all business associates.
amendments, corrections, and accounting for disclosures
Reviews security plans throughout the organization's network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department.
Establishes and/or monitors an internal privacy audit program
Works with all organization personnel involved with any aspect of release of protected health information, to ensure full coordination and cooperation under the organization's minimum necessary protocols, policies and procedures and legal requirements.
Establish and monitor internal privacy and security audit programs
Participates in the development and maintenance of the inventory of software, hardware and all information assets to protect information assets and to facilitate risk analysis.
Periodically revise the privacy program in light of changes in laws, regulatory or company policy
Monitors advancements in information privacy technologies to ensure organizational adaptation.
Provides input to mitigate information security risk