Henry Ford Health System
Sr. Privacy Specialist | Information Privacy Services
Henry Ford Health System, Rochester, Michigan, us, 48308
DESCRIPTION:
The Senior Privacy Specialist will support the mission of the HFH Information Privacy & Security Office's (IPSO) Privacy Compliance Program to effectively prevent and/or detect violations of HIPAA, HITECH and other State, Federal, and International laws, regulations, and HFH policies, procedures, and standards of conduct. In addition, the Sr. Privacy Specialist serves as an autonomous member of the information privacy team providing services to their assigned Business Units in the form of education, training, investigations, investigative interviews, breach response and reporting and service recovery. This position requires professional discretion due to the highly sensitive nature of work performed.
PRINCIPLE DUTIES AND RESPONSIBILITIES:Liaison for privacy in assigned business unit (s).Responsible for ensuring adherence to applicable State, Federal, and International privacy lawsand related HFH policies and procedures for assigned business units.Represents the Information Privacy Program in their assigned Business Units' Operational Compliance Council as it functions to address compliance with applicable regulations. Participates in Business Unit leadership meetings as needed to address compliance and regulatory issues.Leads monitoring and auditing activities for assigned business unit (s) and coordinates action to respond to identified risks and violations.Develops and conducts role-based education and training of assigned business unit employees on privacy regulations and HFH policies and procedures.Participates on the incident response team to investigate and correct violations of privacy standards, confidentiality, or information security. Ensures remedial action, corrects current problems, and takes all available steps to prevent future problems.Applies investigative techniques and audits to validate privacy breach occurrences.Conducts risk assessments to determine breach notification responsibilities to patients and the Office for Civil Rights.Consults with patients and family members to obtain sensitive information and communicate investigative results while ensuring a successful customer experience and service recovery.Manages and documents all privacy incidents utilizing the System-wide case management solution to ensure accurate documentation and reporting.Provides business unit CEO or other senior leaders information regarding privacy program initiatives and status of business unit's privacy compliance and breach incidentsServes as internal privacy risk consultant to the audit and risk management team for vendor and project risk assessments.Collaborates with other departments, such as legal counsel, human resources, IT, and HIM to maintain organization compliance with State, Federal and International laws regarding privacy, security, and protection of information resources.In cooperation with Human Resources, ensures compliance with privacy policies and consistent application of sanctions for failure to comply with privacy policies for all employees, extended workforce, and business associates.Performs other privacy related projects or duties as assigned.EDUCATION AND EXPERIENCE:
Bachelor's Degree required.5 or more years of experience in Privacy and/or Compliance or equivalent experience in Quality, Audit, Human Resources, HIM, Provider or Customer Relations or other related work. Healthcare experience preferred.Working knowledge of privacy laws (i.e., HIPAA, HITECH, GLB, etc.), access and release of information.Proven ability to communicate professionally and effectively in written and oral format, along with the ability to think analytically and solve problems as required.Experience in investigative techniques and ability to investigate complex privacy issues.Must have the experience or the ability to work effectively in a large, geographically diverse system.CERTIFICATIONS/LICENSURES REQUIRED:
Certified in Healthcare Privacy Compliance (CHPC) - If not already certified, CHPC must be obtained within two (2) years of hire or ten years as a member in good standing on Henry Ford Health Privacy Services team and at the discretion of the leadership team.
The Senior Privacy Specialist will support the mission of the HFH Information Privacy & Security Office's (IPSO) Privacy Compliance Program to effectively prevent and/or detect violations of HIPAA, HITECH and other State, Federal, and International laws, regulations, and HFH policies, procedures, and standards of conduct. In addition, the Sr. Privacy Specialist serves as an autonomous member of the information privacy team providing services to their assigned Business Units in the form of education, training, investigations, investigative interviews, breach response and reporting and service recovery. This position requires professional discretion due to the highly sensitive nature of work performed.
PRINCIPLE DUTIES AND RESPONSIBILITIES:Liaison for privacy in assigned business unit (s).Responsible for ensuring adherence to applicable State, Federal, and International privacy lawsand related HFH policies and procedures for assigned business units.Represents the Information Privacy Program in their assigned Business Units' Operational Compliance Council as it functions to address compliance with applicable regulations. Participates in Business Unit leadership meetings as needed to address compliance and regulatory issues.Leads monitoring and auditing activities for assigned business unit (s) and coordinates action to respond to identified risks and violations.Develops and conducts role-based education and training of assigned business unit employees on privacy regulations and HFH policies and procedures.Participates on the incident response team to investigate and correct violations of privacy standards, confidentiality, or information security. Ensures remedial action, corrects current problems, and takes all available steps to prevent future problems.Applies investigative techniques and audits to validate privacy breach occurrences.Conducts risk assessments to determine breach notification responsibilities to patients and the Office for Civil Rights.Consults with patients and family members to obtain sensitive information and communicate investigative results while ensuring a successful customer experience and service recovery.Manages and documents all privacy incidents utilizing the System-wide case management solution to ensure accurate documentation and reporting.Provides business unit CEO or other senior leaders information regarding privacy program initiatives and status of business unit's privacy compliance and breach incidentsServes as internal privacy risk consultant to the audit and risk management team for vendor and project risk assessments.Collaborates with other departments, such as legal counsel, human resources, IT, and HIM to maintain organization compliance with State, Federal and International laws regarding privacy, security, and protection of information resources.In cooperation with Human Resources, ensures compliance with privacy policies and consistent application of sanctions for failure to comply with privacy policies for all employees, extended workforce, and business associates.Performs other privacy related projects or duties as assigned.EDUCATION AND EXPERIENCE:
Bachelor's Degree required.5 or more years of experience in Privacy and/or Compliance or equivalent experience in Quality, Audit, Human Resources, HIM, Provider or Customer Relations or other related work. Healthcare experience preferred.Working knowledge of privacy laws (i.e., HIPAA, HITECH, GLB, etc.), access and release of information.Proven ability to communicate professionally and effectively in written and oral format, along with the ability to think analytically and solve problems as required.Experience in investigative techniques and ability to investigate complex privacy issues.Must have the experience or the ability to work effectively in a large, geographically diverse system.CERTIFICATIONS/LICENSURES REQUIRED:
Certified in Healthcare Privacy Compliance (CHPC) - If not already certified, CHPC must be obtained within two (2) years of hire or ten years as a member in good standing on Henry Ford Health Privacy Services team and at the discretion of the leadership team.