Job Description The Corporate Compliance and Business Ethics Group's (CCBEG's) Privacy Program provides privacy oversight, subject matter expertise, support, and guidance to all administrative and clinical functions with the University of Maryland Medical System (UMMS) and is based on the seven elements of an effective compliance program adhering to industry regulations, system policies, the Centers for Medicare & Medicaid Services (CMS) Conditions of Participation, Conditions of Payment and state specific requirements.
Under the supervision of the Director, will manage complex privacy incidents, develop, implement, and monitor privacy policies, procedures and processes, manages the privacy audit and monitoring plan and related management action plans, and ensure compliance with existing and new federal and state privacy laws and regulations affecting UMMS. Additionally, will work collectively with UMMS Member Organizations (e.g. hospitals) management and other personnel to ensure that Corporate Privacy Program initiatives are implemented across UMMS.
Principal Responsibilities and Tasks
The following elements are intended to provide a comprehensive overview and level of work performed by the individual assigned to this job description. The elements are not an exhaustive list of all the job duties the assigned individual may be requested to perform.
Principal responsibilities of a Privacy Analyst include:
Serves as the privacy resource to UMMS Corporate and Member Organizations, building strong cross-functional relationships with Shared Service and Member Organization leadership advising on privacy-related issues.
Serves as the information privacy resource to the organization regarding release of information and to all departments for privacy related issues.
Lead role for managing and resolving complex privacy investigations received through internal reporting methods, collaborating with internal and external key stakeholders and Member Organizations to determine resolution and manage breach determination and notification process under Health Insurance Portability and Accountability Act (HIPAA) and applicable state privacy rules and regulations. Conduct root cause analysis, facilitate management action plan and oversee implementation.
Lead role for managing and resolving privacy inquiries and investigations received from regulatory agencies such as the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and HHS Office of Attorney General (OAG). Privacy Analyst is responsible for responding to federal or state regulators, collaborating with key stakeholders to address privacy inquiries, or investigate the complaint, drafting applicable investigation reports, facilitates development of management action plans, and drafting response to the regulatory agency with supporting documentation.
Prepares and submits federal and state privacy breach reports for UMMS under the direction of Director of Privacy and Research Compliance.
Manages tracking of current, revised, and new federal and state privacy laws. Provides status reports to CCBEG leadership on regulation and impact on UMMS. Develops and manages project plans with action steps to comply with regulatory changes and serves as lead collaborating with organization key stakeholders and member hospitals on regulatory change implementation and education. Conducts audits/reviews and performs analysis to determine compliance with applicable federal and state laws, and policies and procedures.
Manages the Privacy Audit and Monitoring Plan for the organization. Drafts and implements annual Privacy Audit and Monitoring Plan, develops auditing tools and tool-kits, collaborates with Member Organizations to implement audit and monitoring activities and performs quality assurance reviews as requested by the Director of Privacy and Research Compliance and provides applicable recommendations. Develops, prepares, and presents audit and monitoring outcome reports with recommendations for improvement and remediation to CCBEG leadership.
Reviews the investigation and breach risk assessment works of Member Organizations and Compliance Analysts.
Mentor and guides Compliance Analysts.
Manages and develop privacy policies and procedures
Monitors investigation and inquiry data and trends to determine deficiencies and/or areas for further investigation and provides recommendations for operational changes and education opportunities.
Develops privacy awareness messages and education materials in collaboration with the Director of Compliance and Director of Compliance Education, Regulatory, and Monitoring.
Prepares reports to meet the needs of the Chief Compliance Officer, Vice President of Compliance Operations, Director of Compliance, UMMS Executive Management, and the Audit and Compliance Committee of the Board of Directors.
Perform other duties as assigned.
Company Description
This position requires being onsite Monday, Tuesday and Wednesday.
The University of Maryland Medical System (UMMS) is an academic private health system, focused on delivering compassionate, high quality care and putting discovery and innovation into practice at the bedside. Partnering with the University of Maryland School of Medicine, University of Maryland School of Nursing and University of Maryland, Baltimore who educate the state's future health care professionals, UMMS is an integrated network of care, delivering 25 percent of all hospital care in urban, suburban and rural communities across the state of Maryland. UMMS puts academic medicine within reach through primary and specialty care delivered at 11 hospitals, including the flagship University of Maryland Medical Center, the System's anchor institution in downtown Baltimore, as well as through a network of University of Maryland Urgent Care centers and more than 150 other locations in 13 counties. For more information, visit www.umms.org.
Qualifications
Education and Experience
Bachelor's degree in business administration, healthcare, law, or relevant field and two (2) years' experience in healthcare privacy, case investigations, and auditing and monitoring, or equivalent related fields is required. OR Masters' degree in business administration, healthcare, law, or relevant field and one (1) year of experience in healthcare privacy, case investigations, and auditing and monitoring, or equivalent related fields is required.
Three years of work experience in health care compliance preferred.
One year experience with health laws and regulations, including strong knowledge of federal (e.g. HIPAA, and 21st Century Cures Act) and state laws pertaining to privacy, personal identifiable information, and medical system policies is required.
Certified in Healthcare Privacy Compliance (CHCP), Healthcare Compliance (CHC), and/or a relevant compliance certification approved by the VP of Compliance (or achieve certification no later than 12 months from hire date).
Knowledge, Skills and Abilities
Must be able to maintain confidentiality of all compliance related or other reported issues.
Demonstrated strong cross-function communication and leadership skills, with the ability to initiate and drive projects proactively, strong analytical, organization, facilitation, organization, facilitation, written and oral communication and presentation skills.
Productive in high work volume, speed, quality and consistency. Ability to set priorities and work well under pressure to meet deadlines.
Computer literate with intermediate proficiency in Microsoft Office Suite, Visio, Internet and data analysis tools and techniques.
Effective verbal, written and interpersonal skills to communicate with patients, visitors, peers, and management to establish strong working relationships.
Strong analytical, problem solving, and decision-making skills.
Knowledge of audit and monitoring activities related to compliance and privacy risks.
Ability to work in a self-directed team by taking and giving direction and sharing in the responsibility of the team.
Self-motivated. Able to evaluate the scope of each day's work and use time management and organizational skills to accomplish assignments.