Privacy Officer Job Descriptions

	Privacy Officer #1
	Privacy Officer #2

Privacy Officer #1

Privacy Officer Roles and Responsibilities

Responsible for entity's privacy program and associated policies.

Role

--Chairing and/or providing leadership to the entity's privacy board/committees, workgroups, and taskforces charged with creating and implementing an enterprise-wide privacy program.
--Maintaining compliance with federal and state laws related to privacy, security, confidentiality, and protection of information resources.
--Servicing as a liaison to regulatory and accrediting bodies for matters relating to privacy and security.
--Collaborating with other designated individuals to ensure policies and procedures relating to (cyber) privacy and security are developed and implemented for the organization's hardware, software and telecommunications systems.
--Collaborating with other departments such as legal counsel, corporate compliance, human resources, accounting, IT/IS, registration, medical records, and medical services to ensure compliance with specific privacy requirements.
--Monitoring all departmental systems development and operations for security and privacy compliance.
--Developing corporate privacy policies and procedures that include but are not limited to:

• Notice of information practices
• Handling of protected health information
• Use and disclosure of PHI
  Individual requests for restriction of use and disclosure of PHI
• Access, inspection and copying of PHI
• Amendment and correction of PHI
• Accounting of disclosures
• Record keeping procedures and Administrative procedures

--Developing, implementing and administering a corporate-wide request for access/disclosure verification procedure that reasonably verifies the identity of the individual or entity requesting access or disclosure and /or legal authority to request the protected health information. Such a procedure, shall at minimum address requests for information in the following circumstances:

• Individual requesting access who is the subject of the protected health information
  Emergency circumstances
• Power-of-attorney/legal authority
• Public health oversight bodies
• Coroners and medical examiners for law enforcement
• Government health data systems for specific classes of information
• Disclosure required by other laws
• Financial institution non-routine transaction requests
• Judicial and administrative proceedings and
• Research related requests.

--Coordinating with the corporate compliance officer regarding corporate complaint and information program for:
--Receiving complaints and/or questions related to any aspect of the entity's privacy program
--Providing information in response to internal and external inquiries regarding the entity's corporate privacy policies and procedures or notice of information practices
--Ensuring that the corporate notice of information practices include the method for contracting the program or individual for privacy related matters and
--Recording and documenting all complaints/questions and their resolution
--Ensuring through investigation of all allegations of non-compliance with the corporate privacy policies or notice of information practices.
--Reporting on a periodic basis the status of the privacy program to the board, CIO or other responsible individual or committee.
--Providing strategic guidance to corporate officers regarding the organizations information resources and technology.
--Assisting the security officer and other affected personnel with the development and implementation of an information infrastructure.
--Providing leadership in the planning, design, and evaluation of the organization's privacy and security related projects.
--Developing and implementing a corporate-wide privacy training program and, in conjunction with the security officer or other individual charged with security oversight, a cyber security awareness and training program that includes the following components:

• Initial training of all employees relating to the privacy and cyber security program
  Privacy and cyber security training for all new employees
• Upon changes in corporate privacy policy or procedure, restraining of directly affected employees;
• Mandated privacy retraining for all employees on a periodic basis, but, at a minimum, every three years;
• Privacy training to all members of the workforce, including all employees, volunteers, trainees, and other persons under their direct control of an entity on an unpaid basis, who are not business partners but are likely to have contact with PHI
• Coordinating with the chief compliance officer and HR to develop appropriate sanctions for failure to comply with the corporate privacy policies and procedures by all members of the entity's workforce or the entity's business partners.
• Coordinating with the chief compliance officer and HR to ensure no intimidating, discriminatory, or other retaliatory actions occur against a person who files, testifies, assists or participates in any investigation, compliance review, proceeding or hearing related to a privacy violation or opposed any unlawful act or practice.
• Implementing and overseeing the development and application of corrective action procedures that are designed to mitigate any deleterious effects of a use or disclosure of PHI by members of the entity's workforce business partners. This includes exercising any affirmative duty to address breaches of contract with respect to the treatment of protected health information by the entity's business partners.
• Establishing an internal privacy audit program to ensure enterprise-wide compliance to corporate privacy policies.
• Coordinating external audit processes of business partners for the purposes of monitoring and detecting any misconduct or noncompliance with corporate privacy policies.
• Coordinating the development of privacy risk assessment policies and procedures designed to measure the performance and quality of the company's privacy program.
• Periodically revising the privacy program in light of changes in laws, regulations, or company policy.
• Coordinating with the corporate compliance officer regarding the development of procedures for documenting and reporting self-disclosures of any evidence of privacy violations to legal counsel, and if appropriate to the appropriate government regulatory body according to corporate policy.

top of page

---

Privacy Officer #2

The Corporate Privacy Officer oversees the development and implementation of corporate-wide privacy principles, policies and practices.  The Corporate Privacy Officer is responsible for coordinating all corporate activities with privacy implications, as well as monitoring all of the organization’s services and systems to assure meaningful privacy practices.  The Corporate Privacy Officer also advocates and protects patient privacy by serving as a key privacy advisor for patients, handling disputes and managing patient requests regarding their medical record.

Requirements

--Coordinates corporate privacy activities which include overseeing the establishment, implementation and adherence to corporate policies on patient privacy, confidentiality and releas of patient information
--Reviews new or revised government healthcare laws and regulations pertaining to patient privacy to determine if new policies or modifications of current policies are needed
--Conducts privacy risk assessments and internal privacy audits
--Manages patient privacy-disputes and requests for changes to their medical record
--Oversees the development and delivery of privacy training and awareness.
Works closely with Health Information Management, Information Technology and Marketing departments
--Ensures that record custodians correctly protect and archive patient information
--Ensures that the organization’s privacy protections keep pace with technological advances
--Participates in outside healthcare organizations for keeping updated on privacy developments and best practices for patient privacy
-- Reports to the organization’s executive officers on emerging legislation/regulations and how the company is currently dealing with privacy issues

General Skills
--Good verbal and written communication skills
--A high level of integrity and trust
--Knowledge and understanding of technology-related law and public policy experience, clinical research and related issues

Professional Certifications or Experience
Registered Health Information Administrator (RHIA) 

top of page