Supports and is committed to the operation of an effective Corporate Compliance and Privacy Program. Works under general direction to perform ongoing activities related to the development, implementation, and maintenance of and adherence to policies and procedures in compliance with federal, state, and local laws, and regulations.
Under general supervision works closely with key stakeholders to implement elements of the Corporate Privacy Compliance Program to ensure compliance with existing and new federal and state laws and regulations affecting the University of Maryland Medical System (UMMS). Responsibilities include representing assigned areas in policy and procedure development, performing privacy and compliance risk assessments, education and training, and auditing and monitoring. Facilitates the development and maintenance of the Compliance and Privacy Work Plan. Works collectively with hospital management and other personnel to ensure that Corporate Compliance and Privacy Program initiatives are implemented across UMMS.
Principal Responsibilities and Tasks
The following statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all job duties performed by personnel so classified.
Manages Member Organization-specific risk assessments related to HIPPA and privacy compliance. Conducts risk assessment analysis identifying areas of high, medium, and low risks. Assist UMMC Vice President Compliance and Privacy in compiling reports for Member Organization and Executive Leadership of aggregate risk assessment findings and recommendations. Communicates risks to both technical and non-technical stakeholders.
Leads Member Organization Privacy Monitoring Program and ensures ongoing monitoring of inappropriate/unauthorized access and disclosures through use of electronic record monitoring applications and features (e.g. Protenus, Break-the-Glass, etc.) and data loss prevention applications in accordance with the Health Information Technology for Economic and Clinical Health Act and HIPAA Privacy Rules. Performs trend analyses and prepares summary reports for Executive Leadership on privacy monitoring activities.
Provides guidance to departmental representatives on the development of policies specific to their departmental needs. Drafts compliance policies and procedures as directed.
Develops monitoring and auditing tools for assigned areas. Provides summary reports to promote compliance and privacy. Oversees supported member organizations' self-monitoring results to ensure that programs and procedures follow regulatory requirements.
Coordinates local compliance and privacy auditing and monitoring activities. Conducts reviews as required for compliance with various regulatory guidelines
Works with departments to ensure timely completion of management action plans resulting compliance-related findings by internal audit.
Provides ongoing compliance and privacy education at assigned member organization(s) including regular training sessions and special topic training as required.
Promotes activities to foster compliance and privacy awareness through various modes of publicity (publications, newsletters, fairs, Intranet, etc.).
Maintains systems at assign member organization(s) to solicit, evaluate and respond to complaints, problems and issues through various means of communication. Coordinates and oversees investigations, responses to violations, and corrective actions for reports of alleged fraud and noncompliance.
Tracks the escalation of complaints and/or cases to ensure proper resolution.
Reviews and evaluates investigation reports to make proper adjustment necessary for achieving set objectives.
Utilizes IT systems/tools in managing and coordinating data investigations.
Sits on UMMS and Member Organizations' Compliance Committees as the compliance and privacy representative. Drafts compliance committee agendas and materials.
Monitors and keeps up-to-date with laws, regulations, standards, and guidelines. Communicates and distributes information relating to updates to the appropriate stakeholders.
Prepares reports to meet the needs of executive leadership and the Audit and Compliance Committee of the Board of Directors.
Perform other duties as assigned.
Company Description
This position requires being onsite in Linthicum every Monday and travel to Easton MD on a weekly basis.
The University of Maryland Medical System (UMMS) is an academic private health system, focused on delivering compassionate, high quality care and putting discovery and innovation into practice at the bedside. Partnering with the University of Maryland School of Medicine, University of Maryland School of Nursing and University of Maryland, Baltimore who educate the state's future health care professionals, UMMS is an integrated network of care, delivering 25 percent of all hospital care in urban, suburban and rural communities across the state of Maryland. UMMS puts academic medicine within reach through primary and specialty care delivered at 11 hospitals, including the flagship University of Maryland Medical Center, the System's anchor institution in downtown Baltimore, as well as through a network of University of Maryland Urgent Care centers and more than 150 other locations in 13 counties. For more information, visit www.umms.org.
Qualifications
Education and Experience
Bachelor's degree or an equivalent combination of education and experience is required. Master's degree preferred.
Two (2) years of related compliance and privacy experience with a background in healthcare regulatory issues, including general familiarly with hospital billing, is required.
Four (4) years of experience in healthcare or regulatory fields is preferred.
Certified in Healthcare Compliance or other professional compliance certification (or achieve certification no later than 12 months from hire date.)
Experience and working knowledge of Corporate Compliance, Audit, Legal, Privacy, or Information Security. Experience with case investigations management and compliance hotline management preferred.
Knowledge, Skills and Abilities
Current knowledge of healthcare regulatory and compliance issues.
Strong verbal and written communication skills and the ability to communicate and work effectively with all levels of staff and management.
The ability to work both independently and as part of a team.
Additional Information All your information will be kept confidential according to EEO guidelines.
