Vacancy caducado!
Job Title:Systems Director, HIPAA Privacy & SecurityDepartment:Corporate ComplianceShift:1stFull/Part:Active Regular FT (72 to 80 hours per pay period)Specialty:Corporate Compliance AuditJob Number:2019-3312Job Description:Systems Director, HIPAA Privacy & SecurityPosition Highlights:Under the direction of the Associate Vice President, HIPAA Privacy and Security this position provides oversight of the day to day aspects of the HIPAA compliance program across the System including Rush University Medical Center and Rush Oak Park Hospital. The System Director manages assigned staff in overseeing the conduct at each of the major System entities of routine and high risk privacy incident investigations, patient rights requests, and EHR privacy audits and conducts risk assessments and other HIPAA related projects. This position ensures that key performance indicators (KPI’s) are maintained and that all actions, requests, and incidents, receive a response or report within regulatory timeframe requirements. The Director exemplifies the Rush mission, vision and values and acts in accordance with Rush policies and procedures.Position Responsibilities:
Establishes processes and procedures for the conduct of privacy incident investigations and ensures breach risk of compromise assessments are completed, as needed. Conducts actual investigations for higher risk issues, as needed. Ensures that remediation is completed for all incidents
In coordination with Rush Legal, coordinates the acquisition and use of resources under the Rush Cyberinsurance policy including forensics and breach notification services for breaches involving over 500 individuals
Reviews year-end metrics to determine functional areas of the institution with higher privacy risk and establishes Corrective Action Plans (CAP) and ensures completion by responsible managers
Manages the privacy auditing program to ensure that for cause and not-for-cause audits are conducted on a recurring basis. Monitors the escalation of audits that indicate inappropriate access to ensure proper analysis and incident response is made
Monitors the receipt, review, and reporting of patient privacy rights requests and intervenes in requests that are complex or require immediate analysis and response
Communicates with patients by phone or in writing as needed to address privacy concerns or complaints. Ensures that issues are investigated, logged, and responded to.
Establishes and coordinates the privacy awareness and training program across the System. Activities include routine awareness; New Employee Welcome content; privacy incident remediation/re-training; and special coordination with areas such as Cybersecurity. Identifies high-risk topics from year-end metrics that require special attention
Maintains a close liaison with groups that refer privacy incidents including Patient Relations; Rush Legal; Cybersecurity; Security Services; and HIM receives and follows-up on reported concerns.
Coordinates with HIM and Information Services in the design and development of electronic health record (EHR) and other systems with considerations of privacy impact
Coordinates with third party vendors for the implementation of services affecting HIPAA Privacy and Security operations across the System by reviewing existing contracts or recommending additional services
Maintains HIPAA Privacy policies and coordinates with other System areas on policy development and implementation. Maintains current knowledge of federal and state regulatory matters affecting policy implementation and compliance
Manages participation by the Privacy team in the EOC rounds at each facility, including assignment and scheduling of personnel for rounds. Reviews results on a periodic basis to determine areas and topics of higher risk
Coordinates the conduct of risk assessments for HIPAA Privacy and Security across the system, including for Affiliates
Implements and manages general Compliance Program activities across the System as identified (e.g., Hotline)
Identifies improvement projects that need special attention to enhance and continuously improve HIPAA Privacy and Security operations
Responsible for the day-to-day administration of HIPAA Privacy and Security administrative operations at all System entities
Position Qualifications Include:
Bachelor’s or Advanced Professional degree required
7-10 or more years of work experience in privacy and/or security regulatory compliance preferably in the healthcare industry.
Preferred Job Qualifications:
Certification in healthcare compliance, privacy, or security preferred.
Project management skills, including the ability to identify needs, develop action plans, and lead/manage projects to completion.
Exceptional communication skills, including the ability to interact effectively with all levels of employees within the organization and with representatives from outside regulatory agencies.
Ability to lead work groups; prior training experience a plus.
Provide effective conflict resolution for sensitive matters that may arise.
Intermediate- level computer skills related to data analysis (Excel, Access)
Company Highlights:
Rush University's Psychiatric/Mental Health Nursing program is ranked #1 in the nation by U.S. News & World Report.
Rush University is ranked 22nd on the Times Higher Education’s 2016 list of the world’s top 150 universities under 50 years of age.
Rush University's Nursing Anesthesia program is ranked in the top four in the nation by U.S. News & World Report.
Rush is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.
Vacancy caducado!