731-Bed Hospital
Security Officer
Develops, implements, and administers approved security plans/programs, including security certifications, education, and publications. Provides solutions to identified security issues.
Performs continual assessment and reporting related to new or improved security technologies, and provides recommendations for security products/services that may enhance the Organization ABC security infrastructure.
Provides direction and guidance with regard to the security requirements necessary for transitions to new systems, platforms, or facilities.
Provides leadership in security policy development, ensures appropriate responses to security incidents, and performs scheduled and unscheduled security audits, as required.
Develops and delivers security awareness and education programs to all UHS employees on a scheduled basis, and ensures that all non-employees, consultants and vendors receive the necessary security education during their respective engagements at Organization ABC.
Identifies existing and/or future IT security violations using acquired security knowledge, previous experience, and available technological tools. Provides administration of system access control, as required.
Provides leadership in the development and maintenance of the Organization ABC disaster recovery and business continuity plans for Information Systems.
Interacts with risk managers, auditors, and agency representatives to ensure compliance with all legislative, regulatory, and accreditation requirements pertaining to the security of the Organization ABC IT infrastructure.
Provides input to Organization ABC strategic and tactical planning committees to ensure that appropriate security measures are included in all organizational initiatives.
Privacy Officer & Administrator, Legal Affairs
Responsible to: General Counsel
Principle Function
Oversees daily operations of Legal Affairs Department.
Serves as liaison to Risk Management Department.
Provides development guidance and assists in the identification, implementation, and maintenance of corporate-wide information privacy policies and procedures in coordination with administration, Corporate Compliance and legal counsel.
Works with organization senior management and Chief Compliance Officer to establish an organization-wide Privacy Oversight Committee.
Serves in a leadership role for Privacy Oversight activities.
Key Responsibilities
Oversees legal affairs departmental goals and objectives.
Oversees legal affairs departmental budget.
Responsible for long range planning.
Directly supervises Assistant General Counsel and Senior Secretary.
Reviews regulatory requirements.
Serves on various hospital committees.
Provides education regarding various issues.
Serves as back up to Administrator, Risk Management.
Performs initial and periodic information privacy risk assessments and conducts related ongoing compliance monitoring activities in coordination with the organizations’ other compliance and operational assessment functions.
Works with legal counsel and management, key departments, and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
Oversees, directs, delivers, or ensures delivery ofinitial privacy training and orientation to all employees, volunteers, medical and professional staff, contractors, alliances, business associates,and other appropriate third parties.
Participates in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
Establishes, with management and operations, a mechanism to track access to protected health information within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
Works cooperatively with the HIMS Administrators and other applicable organization units in overseeing patient's rights to inspect, amend, and restrict access to protected health information when appropriate.
Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel.
Ensures compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organization’s workforce, extended workforce, and for all business associates, in cooperation with Human Resources, the information security officer, administration, and legal counsel as applicable.
Initiates, facilitates and promotes activities to foster information privacy awareness within the organization and related entities.
Serves as a member of or liaison to, the organization’s IRB or Privacy Committee. Also serves as the information privacy liaison for users of clinical and administrative systems.
Works with the organization's Security Officer to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department.
Works with all organization personnel involved with any aspect of release of protected health information, to ensure full coordination and cooperation under the organization’s policies and procedures and legal requirements.
Maintains current knowledge of applicable federal and state privacy laws and accreditation standards, and monitors advancements in information privacy technologies to ensure organizational adaptation and compliance.
Serves as information privacy consultant to the organization for all departments and appropriate entities.
Cooperates with the Office of Civil Rights, other legal entities, and organization officers in any compliance reviews or investigations.
Works with organization administration, legal counsel, Corporate Compliance and other related parties to represent the organization’s information privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standard.
Qualifications
College Degree (4 yrs.); plus Master’s Degree
At least 5 years experience in Health Care Management or Administration
Privacy Officer & Administrator, Corporate Compliance
Reports to: Chief Audit/Compliance Officer
Qualifications
Bachelor’s degree in Business Administration or related field required. A minimum of eight years of progressively responsible experience in a regulatory field in a health care setting required.
General Purpose
Oversees the administration of the Corporate Compliance Program for Organization ABC and its subsidiaries. This oversight entails employee training sessions, investigation and response to inquiries received from any employees, and any other function necessary to ensure that the Corporate Compliance Program meets its objectives.
Administrator, Corporate Compliance - Duties and Responsibilities:
Oversees and manages the Corporate Compliance Program for Organization ABC and its subsidiaries:
Developing, implementing, maintaining and revising policies and procedures for the general operation of Organization ABC and its subsidiaries Corporate Compliance Program and related activities to prevent illegal, unethical, or improper conduct.
Developing, reviewing, and updating the code of conduct to ensure its relevance in providing guidance to Organization ABC and subsidiary personnel.
Coordinating the identification of potential areas of compliance vulnerability and risk; conducting risk assessments; developing action plans for resolution of problem areas and providing direction on how to prevent similar situations in the future.
Monitoring effectiveness of compliance activities in high risk areas.
Manages the day-to-day operations of the corporate compliance program:
Collaborating with other Organization ABC subsidiary departments directing compliance issues to appropriate existing channels for investigation and resolution.
Communicating and consulting with appropriate legal counsel as needed to resolve difficult legal compliance issues.
Establishing and providing direction and management of the corporate compliance hotline.
Monitoring the performance of the Corporate Compliance Program and related activities on a continuing basis, taking appropriate steps to improve its effectiveness.
Maintaining department budgets to ensure the most cost effective program.
Conducts investigations of alleged violations of rules, regulations, policies, procedures:
Responding to alleged violations of rules, regulations, policies, procedures and the code of conduct by evaluating and/or recommending the initiation of investigation.
Developing and overseeing a system for uniform handling of alleged violations.
Ensure proper reporting of violations or potential violations to duly authorized enforcement agencies as appropriate under the direction of legal counsel.
Develops an effective compliance training program:
Instituting and maintaining an effective compliance training program, including promoting the use of the hotline, code of conduct, and providing appropriate compliance training to employees so they understand the regulatory requirements of their job.
Providing compliance training as part of the orientation program for new employees.
Working with the education department developing appropriate methods, such as video on call, to deliver the compliance education.
Prepares compliance reports on the operations of the Corporate Compliance Program:
Provides regular reports of plans, issues, and activities of the Corporate Compliance Program to the Audit/Compliance Committee of the Board of Trustees.
Provides regular reports of plans, issues, and activities of the Corporate Compliance Program to administration
Provides regular reports of plans, issues, and activities of the Corporate Compliance Program to the Corporate Compliance Steering Committee.
Monitoring the effectiveness of the Corporate Compliance program and submit an annual evaluation to the Audit/Compliance Committee of the Board of Trustees.
Privacy Officer - Duties and Responsibilities:
Provides development guidance and assists in the identification, implementation, and maintenance of corporate-wide information privacy policies and procedures in coordination with Administration, Corporate Compliance and Legal Counsel.
Works with organization senior management and Chief Compliance Officer to establish an organization-wide Privacy Oversight Committee.
Serves in a leadership role for Privacy Oversight activities.
Performs initial and periodic information privacy risk assessments and conducts related ongoing compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions.
Works with Legal Counsel and management, key departments, and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
Oversees, directs, delivers, or ensures delivery ofinitial privacy training and orientation to all employees, volunteers, medical and professional staff, contractors, alliances, business associates,and other appropriate third parties.
Participates in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
Establishes, with management and operations, a mechanism to track access to protected health information within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
Works cooperatively with the HIMS Administrators and other applicable organization units in overseeing patient rights to inspect, amend, and restrict access to protected health information when appropriate.
Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, Legal Counsel.
Ensures compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organization’s workforce, extended workforce, and for all business associates, in cooperation with Human Resources, the Information Security Officer, Administration, and Legal Counsel as applicable.
Initiates, facilitates and promotes activities to foster information privacy awareness within the organization and related entities.
Serves as a member of or liaison to, the organization’s IRB or Privacy Committee. Also serves as the information privacy liaison for users of clinical and administrative systems.
Works with the organization's Security Officer to ensure alignment between security and privacy practices and acts as a liaison to the Information Systems department.
Works with all organization personnel involved with any aspect of release of protected health information, to ensure full coordination and cooperation under the organization’s policies and procedures and legal requirements.
Maintains current knowledge of applicable Federal and State privacy laws and accreditation standards and monitors advancements in information privacy technologies to ensure organizational adaptation and compliance.
Serves as information privacy consultant to the organization for all departments and appropriate entities.
Cooperates with the Office of Civil Rights, other legal entities, and organization officers in any compliance reviews or investigations.
Works with organization Administration, Legal Counsel, Corporate Compliance and other related parties to represent the organization’s information privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standard.