This paragraph summarizes the general nature, level and purpose of the job.
The Manager-Privacy Assurance designs, implements, maintains and manages patient privacy assurance functions, including patient privacy audits, investigations and evaluations of potential inappropriate access to or release of patient information. Manages the electronic medical record monitoring program. Assists patients in exercising their patient privacy rights, including amending their medical records, receiving an accounting of the disclosures of their medical records, requesting restrictions on access to their medical records and other civil rights related to patient privacy. Provides education regarding federal and state laws, regulations and policies related to patient privacy.
The essential functions listed are typical examples of work performed by positions in this job classification. They are not designed to contain or be interpreted as a comprehensive inventory of all duties, tasks and responsibilities required by positions in this job classification. Specific duties and responsibilities may vary depending on department or program needs without changing the general nature and scope of the job or level of responsibility entailed.
Contributes to the achievement of Compliance Department goals and objectives and adheres to departmental policies, procedures and standards; complies with governmental and accreditation laws and regulations.
Works independently to investigate, resolve and document privacy complaints from patients, staff, faculty and others, including hotline complaints related to patient privacy; communicates and corresponds with patients regarding privacy complaints.
Conducts privacy risk assessments and develops corrective action plans; conducts on-site privacy monitoring at the hospitals and clinics; works collaboratively with hospital departments to implement corrective action plans.
Prepares mandatory state reporting documentation regarding violations of state privacy laws and regulations.
Drafts policies, procedures, processes and workflows related to the comprehensive organizational patient privacy program.
Develops education and training content related to patient privacy; authors website content, newsletter articles and FAQs; delivers training and education in group and/or individual settings.
Attends meetings throughout the hospitals when patient privacy advice is requested or required.
Serves as the Privacy Office liaison to the IT Security team and participates in IT Security projects and meetings; participates in the design and implementation of IT Security plans and standards; partners with the IT Security department to conduct comprehensive investigations regarding potential inappropriate access to patient information
Manages the Privacy Office electronic medical record monitoring program and applies forensic analysis for making determinations of inappropriate access to or use or disclosure of patient information, including design and implementation of medical record audit trail reports, evaluation of clinical association patterns; investigations of potential inappropriate access to patient information, investigatory interviews of staff, faculty and others, and development of investigatory reports.
Serves as liaison to the Health Information Management Department and advises on lawful release of patient information.
Assists patients in exercising their patient privacy rights, including amending their medical records, receiving an accounting of the disclosures of their medical records, requesting restrictions on access to their medical records and other civil rights related to patient privacy; communicates directly with patients and meets directly with patients to assist with patient privacy concerns; prepares formal correspondence to patients in compliance with HIPAA requirements.
Creates and maintains privacy function databases and logs.
Participates in the development of the Privacy Office's long-term and short-term goals, objectives, plans, policies and procedures.
Pager coverage is required to meet business needs and may include coverage during evenings, weekends, and holidays. After hours business functions may include pager coverage, incident containment and monitoring and other business activities in support of the Privacy Program.
Equal Opportunity Employer Stanford Health Care (SHC) strongly values diversity and is committed to equal opportunity and non-discrimination in all of its policies and practices, including the area of employment. Accordingly, SHC does not discriminate against any person on the basis of race, color, sex, sexual orientation or gender identity and/or expression, religion, age, national or ethnic origin, political beliefs, marital status, medical condition, genetic information, veteran status, or disability, or the perception of any of the above. People of all genders, members of all racial and ethnic groups, people with disabilities, and veterans are encouraged to apply. Qualified applicants with criminal convictions will be considered after an individualized assessment of the conviction and the job requirements.
Any combination of education and experience that would likely provide the required knowledge, skills and abilities is qualifying.
Education: Bachelor's degree in a work-related field/discipline from an accredited college or university
Experience: Five (5) years of progressively responsible and directly related work experience
Knowledge, Skills and Abilities:
Knowledge of the purpose, principles, goals, objectives and requirements of a hospital compliance and privacy program.
Knowledge and understanding of HIPAA, COMIA, SB541, AB211, OCR and related Federal and State privacy laws and regulations.
Knowledge of computerized information systems used in compliance applications, including electronic medical record monitoring software applications.
Ability to investigate, resolve and document privacy complaints from patients, staff, faculty and others, conduct privacy audits, develop and implement corrective action plans.
Ability to create and maintain privacy databases and logs and monitor access to patient records to ensure privacy rights are not violated.
Ability to develop educational materials and deliver training related to patient privacy.
Ability to work effectively with individuals at all levels of the organization.
Ability to foster effective relationships and build trust.
Ability to plan, organize, prioritize, work independently and meet deadlines.
Ability to use judgment and make sound decisions.
Ability to maintain confidentiality with sensitive information.