Website Encompass Health
The role of the Privacy Officer is essential to minimizing Encompass Health Corporation’s exposure to compliance risk and reputational harm resulting from data breaches and other violations of the federal Privacy Rule and similar state privacy laws and regulations. This position contributes to the fulfillment of Encompass Health Corporation’s mission, values, and philosophy by serving as the subject matter expert on laws, regulations, policies, and procedures relating to the protection of private and confidential information. The Privacy Officer oversees all ongoing activities related to the development, implementation, maintenance of, and adherence to the company’s policies and procedures relating to privacy. The Privacy Officer also plans, coordinates, manages, and conducts risk assessments and independent legal-compliance reviews to evaluate compliance by Encompass Health Corporation and all Encompass Health Corporation hospitals and other sites of care with all applicable state and/or federal regulations and the company’s policies (including the Standards of Business Conduct) that relate to privacy.
Job Code: 101308
License or Certification:
– J.D. preferred
– Certification in Healthcare Privacy Compliance (CHPC) by the Compliance Certification Board (CCB) or analogous accreditation organization preferred
Education, Training and Years of Experience:
– 4-year college degree or equivalent work experience.
– Advanced degree (e.g., masters, J.D., or Ph.D) a plus
– Minimum 8-10 years professional experience with a combination operations, legal or compliance.
– Minimum 5 years management experience.
– Broad working knowledge of auditing techniques, auditing standards, and risk assessment approaches.
– Experience in business risk assessment, development, and execution of remediation plans.
– Knowledge and experience in the review of business processes, including system implementation (if applicable), process reengineering and implementation of controls.
Essential Job Functions:
– Maintains current knowledge of applicable federal and state privacy laws, rules, regulations and accreditation standards, and monitors advancements in information privacy technologies to ensure organizational adaptation and compliance.
– Ensures that Encompass Health Corporation system guidelines and/or policies remain compliant with federal HIPAA privacy and security regulations and state law, rules, and regulations.
– Serves as information privacy consultant for all departments and appropriate entities.
– Performs initial and periodic information privacy and business conduct risk assessments and conducts related ongoing compliance monitoring activities in coordination with other compliance and operational assessment functions. Prepares risk assessments for potential future compliance audits for possible inclusion in the annual Compliance Audit Program and participates in the development of the annual Compliance Work Plan.
– Establishes and administers a process for receiving, documenting, tracking, investigating and taking action on all complaints and Compliance Hotline calls concerning privacy policies and procedures in coordination and collaboration with Compliance Audit and Internal Audit and Controls departments; Encompass Health’s Security Officer; legal counsel; hospital HIPAA officers, and Health Information Management, Human Resources, and Risk Management departments.
– With legal counsel, responds to any privacy complaints received from the U.S. Department of Health & Human Services, Office of Civil Rights; cooperates with any compliance reviews or investigations; and, in collaboration with HR, coordinates any disciplinary actions related to substantiated privacy violations.
– Reviews system-related information security throughout the organization¿s network to ensure alignment between security and privacy practices, and acts as a liaison to the ITG Department for monitoring unauthorized access to protected health information.
– Oversees, directs and ensures delivery of privacy training and education to all associates, volunteers, medical and professional staff, contractors, business associates, and other appropriate third parties.
– Maintains up-to-date HIPAA SharePoint website and prepares verbal and written reports to executive management, the Executive Compliance Committee, and Compliance/Quality of Care Committee of the Board of Directors, as requested.
– Participates in the development, implementation, and ongoing compliance monitoring of business associate agreements to ensure all privacy concerns, requirements, and responsibilities are addressed.
– Establishes, with management and operations, a mechanism to track access to protected health information and to allow qualified individuals to review or receive a report on such activity.
– Ensures compliance with privacy practices and provides consultative services regarding the application of sanctions for failure to comply with privacy policies for employees, extended workforce, and for all business associates, in cooperation with Human Resources, the Security Officer, operations, and legal counsel.
– Ensures Encompass Health Corporation maintains compliance with Section 1557 of the Affordable Care Act, as applicable, to include coordinating investigations into privacy grievances and serving as the company’s Civil Rights Coordinator.