Sr. Privacy Associate

MAJOR ACCOUNTABILITIES/CRITICAL RESPONSIBILITIES

• Conduct training activities, privacy audits, and monitors all electronic medical record activity for the health system.

• Serve as HIPAA privacy resource for organization, assists workforce with HIPAA compliance and privacy policies and procedures.

• Routinely monitor changes in the applicable HIPAA government regulations. Research and analyze available sources of regulatory guidance in response to specific questions.

• Reviews FairWarning reports routinely to identify potential policy violations and investigates all questionable access;

• Manage the progress of corrective action plans for conducted audits.

• Maintain database of privacy investigations in accordance with Hospital policy and regulatory requirement.

• Develop and provide all education for new and existing Stamford Health employees on privacy risk issues, the organization's Privacy program; and develop training materials to address privacy compliance risks.

• Conduct privacy audits and rounding. Visits floors, patient rooms as requested, SHMG offices to discuss privacy policies/procedures, patient complaints, and ensure HIPAA compliance.

• Conduct privacy investigations and in- person interviews with workforce members of all levels and backgrounds in coordination with Human Resources and applicable department leaders. Gathers necessary information pre/post interview and maintains complete discretion during investigatory process.

• Manage challenging patient and employee encounters, both in person and via telephone. Exemplify Stamford Health core values in these interactions to protect patients, the organization, and ensure compliance with applicable laws and internal policies and procedures.

• Prepare and/or develop written documentation such as policies, procedures, and other written communication to support ongoing activities of the Privacy program.

• Demonstrate excellent judgment in escalating high risk matters to the Privacy Officer, General Counsel, Human Resources or other leaders as needed.

• Develop and update annual work plan, conduct annual risk assessments in collaboration with Compliance, identifies and addresses high risk areas.

• Manage the HIPAA Privacy Oversight Committee meetings and meeting preparation; develop and present various presentations to the Corporate Compliance Committee and Audit Committee.

• Participate in Enterprise Risk Management Committee, SHMG IT Steering Committee, and IT Governance Committee

• Collaborate with CISO on protecting patient privacy, breach mitigation and organizational training

• Manage and train temporary or junior privacy staff

• Work with outside counsel to draft breach notifications to Office of Civil Rights and State Attorneys General; compile and file annual privacy breach reports to Office of Civil Rights

• Collaborate with Risk Management team on investigations and privacy issues, provide coverage to Compliance team as needed

• Research, analyze and develop reports and correspondence in response to privacy complaints and incidents.

• Develop and review HIPAA internal Intranet site

• Present reports of HIPAA compliance activities to departments and various committees in the organization

• Participate in professional organizations, represent Stamford Health in a positive light, collaborate with external resources to identify and develop improvements for the Compliance Program specific to Privacy.

• Perform other related duties as assigned or requested in order to maintain a high level of service.

Required Skills

COMPETENCIES AND WORK EXPERIENCE REQUIREMENTS:

• Three years in a healthcare setting, with at least 3 to 5 of experience in a privacy related function, preferably in a healthcare or regulatory setting
• Strong analytical, critical thinking, and problem-solving skills
• Ability to manage and prioritize a high-volume workload independently or with limited assistance.
• High level of competency with computer skills, including Outlook, Teams, PowerPoint, Word and Excel
• Ability to analyze data and trends to identify deficiencies and develop corrective action
• Knowledge of HIPAA (Health Insurance Portability and Accountability Act of 1996) and patient confidentiality required. Knowledge of other state and federal privacy laws preferred.
• Knowledge of electronic medical records, including EPIC
• Analytical ability for special projects requested by Privacy Officer and other key stakeholders and committees.
• Must possess a high level of integrity and confidentiality, and have excellent organizational and interpersonal skills, the ability to work alone and function as part of a team.
• Ability to exercise independent judgment in order to appropriately receive patient complaints, determine the acuity of the complaints and collaborate with the Privacy leadership, Directors and/or other service providers to achieve satisfactory resolution.
• Excellent written, oral, presentation and communication skills are essential.
• A combination of relevant work experience and educational background will be considered.

EDUCATION REQUIREMENTS (INCLUDE LICENSE, REGISTRATION, CERTIFICATION):

• Bachelor's degree required; master's degree preferred
• CHPC (Certified in Healthcare Privacy Compliance) certification, CIPP or CIPM preferred