HEALTH INFO PRIVACY SPEC
Covenant Health · Knoxville, TN · 1 wk ago
HealthcareFull-time
Position Summary
Responsible for problem solving issues relative to privacy complaints, investigations, misdirected faxes, amendment & correction of records, more complicated release of information concerns (e.g. decedents, POA’s, health oversight), access and audit trail monitoring. Participates in environment of care rounds / risk assessment rounds to ensure proper privacy and security protections are in place. Provides training and education related to privacy and confidentiality for hospital/ facility system users, including physicians, and ancillary hospital staff.
Responsibilities
- Analyzes information, audit trails, complaints to ensure privacy protections are in place and policies / regulations are followed.
- Works closely with management to analyze the problem, including looking at systems and processes for prevention and mitigation.
- Consults with human resources, management and the Integrity Compliance Officer on disciplinary actions, including individual trending and monitoring for future information access capabilities/ restrictions.
- Interacts with physicians and their office staff on privacy concerns and resolutions.
- Memorializes detailed case documentation to support findings and actions, which may be utilized in future audit or defense response.
- Travels to various Covenant Health facilities to investigate, interview, education and monitor privacy activities often with little advance notice.
- Serves as first line consultant to PHI storage, retention, destruction, access issues.
- Affords assistance with accessing secure flash drives, monitoring unsecured emails, electronic transfer or storage or PHI/PII.
- Performs basic HIPAA Risk Assessment for PHI risk exposure and security issues with walk-through analysis and provides report to leadership for correction actions.
- Evaluates privacy cases by completing HIPAA Risk Assessment to assess for Low Probability of Compromises (non-reportable breaches) and escalates to legal counsel with discussion of case any that are questionable or above low probability of compromise (reportable breaches).
- Maintains PHI inventory of non-IT supported electronic devices (eDevice assets) for systems that collect, use, store, share and dispose of PHI (in its life cycle) to protect against breach.
- Serves as central contact and the liaison person between the hospital/ facility and the I&C staff, vendors, various support staff, and others for the purposes of privacy/ security improvements and enhancements.
- Responds to patient concerns and complaints regarding privacy policies and procedures, working with various others to assure that appropriate actions are taken to resolves such problems.
- Serves as initial contact between ancillary departments and Director of Privacy/ I&C office in identifying and trouble shooting privacy issues and questions.
- Completes Accounting of Disclosure database entries and Risk Assessments for privacy cases.
- Solves problems in the hospital/ facility relative to information privacy and protections. This includes looking at problems over time and trending to identify the causes.
- Coordinates meetings with ancillary departments, as necessary, to resolve identified problems. Completes follow-up to ensure suggested results in the desired outcomes, working closely with physicians, nursing personnel and other system users to resolve issues.
Qualifications
- Minimum Education: Will accept any combination of formal education and/or prior work experience sufficient to demonstrate possession of the knowledge, skill and ability needed to perform the essential tasks of the job, typically such as would be equivalent to an Associate's degree. Preference may be given to individuals possessing an Associate's degree or higher in a directly-related field from an accredited college or university (e.g. AS in Health Information Technology or BS in Health Information Administration)
- Minimum Experience: A minimum of four (4) years of directly-related work experience with emphasis on technology and management.
- Licensure Requirement: Certification in Healthcare Privacy and Security (CHPS), Certified Compliance Professional (CCP), Certified in Healthcare Compliance (CHC), Registered Health Information Technician (RHIT) or Registered Health Information Administrator (RHIA) preferred.