LOCATION: Senate House (travel to Danville for training will be required; 2 or 3 days a week during training phase)
DEPARTMENT: Privacy Office
WORK SCHEDULE: Days
WORK TYPE: Full Time (1.0 FTE)
Privacy Compliance Specialist II performs varied advanced HIPAA Privacy Compliance, General Compliance, and Administrative duties which require knowledge of regulatory standards, internal policies and procedures, initiative, foresight, judgment, organization, communication and creativity. Compliance and Administrative duties of the position include planning and coordination of activities of a given project to guarantee compliance with governmental regulations. Promoting the Health System's mission, values, and Standards of Conduct; and displaying excellent customer service skills.
Reports directly to the Chief Privacy Officer and reports administratively to Health Plan Compliance and/or Legal Officers.
MAJOR DUTIES AND RESPONSIBILITIES:
1. *Independently plans and executes health system privacy audits and/or HIPAA privacy and compliance projects in accordance with annual compliance risk assessment and GHP Audit Committee work plan.
2. *Investigation and root cause analysis of privacy matters, including unauthorized disclosures.
3. *Process reviews with operations staff to implement effective and sustainable corrective actions where privacy issues are trending.
4. *Reviews and modifies policies and procedures that impact privacy – proposed modifications to the privacy policies will be submitted to the GHP Privacy Committee for review and approval and then to the HIPAA PMO and Data Regulatory Committee for final approval.
5. *Prepares the Covered Entity (CE) (“GHP”) for Office for Civil Rights (OCR) Audits and maintain a state of audit readiness by performing OCR mock audit reviews on an annual basis to identify and mitigate new risk areas (ongoing accountability for risk mitigation and audit readiness)
6. *Identifies and measures risk, prepares a risk mitigation plan, obtains Audit Committee work plan approval (via GHP Chief Compliance Officer and annual GHP Compliance Work plan).
7. *Prepares member and client (TPA) notifications at the direction of Privacy Committee and under the supervision of Privacy Officer for mailing to members.
8. *Manages vendor disclosure and Business Associate (BA) issues; research and investigate vendor/BA issues and work through Compliance Office to obtain a Corrective Action Plan from vendor/BA if appropriate.
9. *Monitors and oversees data validation testing for accounting of disclosure reporting processes.
10. *Chairs GHP Privacy Committee; Prepares reports for GHP Privacy Committee; manage agenda and issues presented to Privacy Committee; follows up with recommendations and resolves all issues presented by or to Privacy Committee.
11. *Assures the Uses and Disclosures made under GHP Policy 03 are permitted by HIPAA.
12. *In response to an un-permitted Use/Disclosure or validated Privacy complaint obtains documentation from HR/Operations that appropriate action was taken.
13. *Plans and implements Annual Certification and breach statement collection.
14. *Serves as internal expert and advisor regarding interpretation and application of privacy regulations.
15. *Develops and executes the privacy compliance awareness activities to educate staff in coordination with the Privacy Officer.
16. *Investigates, documents, and resolves HIPAA privacy incidents and breaches in coordination with the Privacy Officer. Maintains all required documentation in Privacy repository. Refer security incidents to the Privacy Officer and ISO Compliance for investigation, documentation and resolution. Document and communicate the results of security incident/breach investigations to the Privacy Committee.
17. *Works independently and effectively under limited direction from the Privacy Officer, however reports status regularly to the Privacy Officer.
18. *Collects and maintains various statistical measurements used in documenting compliance, workloads and other activities.
19. May represent the Privacy Office on various committees and work groups.
20. Performs any other assigned duties necessitated by business, regulatory, or emergency situations.
*Denotes essential job duties
COMPETENCIES AND SKILLS:
Demonstrates excellent communication skills to convey the concepts, to work with the business units in understanding the HIPAA Privacy Rule requirements, why it is important, how it contributes to the organization goals.
Demonstrates the ability to negotiate with business units for their assessments and subsequent compliance.
Demonstrates ability to analyze business plans to being compliant with the policies ensuring the plan will work.
Maintains current knowledge of applicable federal and state privacy laws and regulations, to include a working knowledge of the HIPAA Security Rule.
Assesses regulations and laws to see how they will affect our business and what we must do to comply.
Must be detail orientated, able to do problem solving and thorough problem analysis.
Must be able to lead staff on our tasks of being compliant, requiring good project management skills.
Demonstrates organization, facilitation, communication, and presentation skills.
Ensures compliance with established standards and policies.
Must be self-motivated and a quick study.
Demonstrates the ability to handle the demands of new tasks/assignments/projects, along with other routine responsibilities
Demonstrates ability to establish priorities, work independently, and proceed with objectives with minimal supervision.
EDUCATION AND EXPERIENCE:
Bachelor’s degree in Business Administration, Health Care Administration, or related field required.
Minimum of three (3) years of experience in HIPAA Privacy Compliance/General Compliance required.
Knowledge and experience of health plan or insurance operations preferred.
Certification in Healthcare Privacy Compliance (CHPC) or obtained within one (1) year of hire via the Compliance Certification Board (CCB)/Health Care Compliance Association (HCCA)
Experience in planning, analyzing, and coordinating activities and establishing priorities.
Skill in developing and maintaining good working relationships.
Proficient in computer skills required for internet research and standard office processes.
If a suitably experienced candidate cannot be found, applicants who meet the basic qualifications but possess fewer years of experience will be considered for hire at a lower level. Salary would commensurate with experience.
WORKING CONDITIONS/PHYSICAL DEMANDS:
Work is typically performed in an office environment.
OUR PURPOSE & VALUES: Everything we do is about caring for our patients, our members, our students, our Geisinger family and our communities. KINDNESS: We strive to treat everyone as we would hope to be treated ourselves. EXCELLENCE: We treasure colleagues who humbly strive for excellence. LEARNING: We share our knowledge with the best and brightest to better prepare the caregivers for tomorrow. INNOVATION: We constantly seek new and better ways to care for our patients, our members, our community, and the nation.
ABOUT GEISINGER: Geisinger is a physician-led health system comprised of approximately 30,000 employees, including nearly 1,600 employed physicians, 13 hospital campuses, two research centers, and a 583,000-member health plan Geisinger is nationally recognized for innovative practices and quality care. Geisinger serves more than 3 million people in central, south-central and northeast Pennsylvania and also in southern New Jersey with the addition of National Malcolm Baldridge Award recipient AtlantiCare, A member of Geisinger. In 2017, the Geisinger Commonwealth School of Medicine became the newest member of the Geisinger Family.
We offer healthcare benefits for full time and part time positions from day one, including vision, dental and domestic partners.* Perhaps just as important, from senior management on down, we encourage an atmosphere of collaboration, cooperation and collegiality. For more information, visit www.geisinger.org, or connect with us on Facebook, Instagram, LinkedIn and Twitter.
** Does not qualify for J-1 waiver. We are an Affirmative Action, Equal Opportunity Employer Women and Minorities are Encouraged to Apply. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of disability or their protected veteran status.
*Domestic partner benefits not applicable at Geisinger Holy Spirit.
At Geisinger, our innovative ideas are inspired by the communities we serve – like our Fresh Food
Farmacy, a program that delivers life-saving healthy alternatives to patients with diabetes. With additional tools like our MyCode Community Health Initiative, one of the first health system genome sequencing
programs, and our new asthma app suite that we developed in partnership with AstraZeneca, it’s no wonder we’re ranked one of the Top 5 Most Innovative Healthcare Systems by Becker's Hospital Review. We continually work towards continuous improvement in a culture where everyone has a voice and firmly believe that better begins with all of us.
Founded more than 100 years ago, Geisinger serves more than three million residents throughout central, south-central and northeastern Pennsylvania and southern New Jersey. Our physician-led system is comprised of 30,000 employees, including 1,600 employed physicians, and consists of 13 hospital campuses, the Geisinger Health Plan, Geisinger Commonwealth School of Medicine and two research centers.
What you do at Geisinger shapes the future of health and improves lives – for our patients, communities, and you.