Apply for this Job
This position will have a direct report to the Mercy Health VP & Chief Corporate Responsibility Officer for oversight of designated Mercy Health Toledo Region-specific privacy program and a dotted line accountability to Region-specific leadership. This position contributes to the mission by providing day-to-day management and integration of an effective Privacy program in the acute, post-acute, ancillary and professional practices of the designated, affiliated Toledo Region’s geographic location(s) (to be specified) associated with the Mercy Health System. This position provides technical and professional Privacy compliance oversight, expertise, advice and reporting.
Essential Functions & Responsibilities:
It is expected that all of the Essential Functions and Responsibilities identified below will be performed in a manner that reflects the values of Mercy Health, which are: Excellence, Human Dignity, Justice, Compassion, Sacredness of Life and Service.
Privacy Officer Duties
Knowledge, Skills & Experience Required:
- Responsible for the overall implementation and day-to-day management of the privacy program at designated geographic Regional location(s) that deliver acute, post-acute, ancillary and professional services on behalf of Region that is affiliated with Mercy Health System and coordinates response including privacy compliance risk assessments; investigation; auditing and monitoring; policies and procedures; training; effective corrective action plans; voluntary disclosures and repayments; documentation and reporting required by Internal Audit, Federal, State and/or local enforcement regulatory agencies such as Office of Civil Rights (OCR), Joint Commission (JC) and/or other designated authorities in allegations or investigations of HIPAA breaches reportable under federal or state confidentially laws.
- Serves as the official contact and public representative for the designated Region’s privacy program. Provides assistance and/or information on program structure at internal and external meetings, presentations, and subcommittee/taskforce activities on behalf of Mercy Health System.
- Oversees data collection and retention, analysis and reporting of standard privacy compliance Effectiveness measures, Focus Areas, Self-Assessments, Risk Assessments and/or monitors. Ensures that Mercy Health leadership are apprised of local, remote and emerging privacy compliance issues, investigations, adverse outcomes and/or program initiatives and deficiencies that can impact public status.
- Oversees the usage of Mercy Health’s Reportline reporting system and other aligned, designated compliance databases and applications to ensure designated Region’s alleged privacy matters raised by local and remote associates are reported timely, appropriately investigated, documented, tracked to memorialize program efforts to support external requests for accounting of access and disclosures.
- Maintains awareness of privacy and security compliance laws, regulations and current industry changes. Assists in the development of new hire orientation, mandatory and adhoc privacy compliance training, and/or contractually required privacy training. Prepares multifaceted oral, written and electronic communications and presentations to facilitate discussion, networking, decision-making and proactive responses to meet current and emerging compliance challenges among affected parties and entities.
- Participates in Mercy Health Privacy & Security Network and assists in the standardization of privacy policies and procedures and in the maintenance and posting of the required Notice of Privacy Practices for designated Region’s entity locations of operation to changing HIPAA rules for internal and external communication.
- Draft letters of Notice of Breach as appropriate to designated Region’s patients and/or business associates and to coordinate such notices with Business Associates and subcontractors as appropriate under HIPAA or federal/state regulations implicating alternative liability.
- Advise Human Resources and managers on appropriate disciplinary actions for violations of privacy and security consistent with internal policies of designated Region and/or system policy (if applicable).
- Assist fellow Privacy Officers and Health Informatics staff in the review of all requests for amendments, special protections or restrictions to medical record information (both written and electronic), protected health information (PHI) or protected personal information held by Region, Mercy Health System and/or its business associates or contractors.
- Duties as assigned or approved by immediate supervisor.
The ideal candidate shall possess a Bachelor’s degree. Master’s degree in healthcare management or administration, law or related field preferred. Auditing experience and/or HCCA privacy/compliance certification preferred.
Minimum of five years of in-depth experience in privacy-compliance within acute care, multi-facility or system healthcare operations, insurance or payer operations, law, finance, or revenue cycle either from a consulting perspective or as an employee/manager.
Demonstrated working knowledge of Medicare and Medicaid, including documentation requirements as well as extensive familiarity with Department of Health and Human Services Office of Inspector General (OIG) and Centers for Medicare and Medicaid Services (CMS) rules, Office of Civil Rights (OCR) regulations and privacy compliance guidance.
Willingness to travel up to 25% of time throughout the assigned Region(s)’s geographic locations and affiliated acute, post-acute, ancillary and professional practice entities to complete duties. Willingness to travel periodically to corporate office and throughout the organization, as needed, to attend meetings.
Excellent analytic and problem-solving skills to process auditing and monitoring reports, consultant studies and data compilations to discern opportunities, identify compliance risks and prioritize recommendations. Ability to take major strategic objectives and break them down into meaningful action steps.
Strong communication skills (oral and written) and the ability to interact effectively with all staff levels, including leadership, administrative, management, clinical and professional. Strong knowledge transfer skills are essential, including the ability to speak and present in small group and team settings.
Accomplished training or evidence of significant experience in /Outlook, Word, PowerPoint, and Excel.
Ability to perform detailed web-based research of governmental and healthcare websites.
Ability to work successfully and independently, yet thrive in a team environment; ability to develop and maintain strong internal and external relationships.
Ability to manage multiple projects, priorities, and deadlines with professionalism and a high level of accountability.
Self-starter, with solid collaborative skills, a high tolerance for ambiguity and a good sense of humor. Exemplary personal and professional conduct as ambassador for corporate responsibility program.
Ability to identify, function and support the ethics and values-based organization mission; dedication to living the Core Values of the organization.
Ability to work comfortably and effectively as a critical team member of a Catholic faith-based health care organization, subject to the Ethical and Religious Directives for Catholic Health Care Services as well as with non-Catholic and/or secular healthcare organizations subject to Statements of Common Values.
Full-time, 40 hours per week, days, 8:00 a.m. to 4:30 p.m.
Equal Employment Opportunity
It is our policy to abide by all Federal and State laws, as well as, the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a), prohibiting discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibiting discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, or national origin.
We’ll also reward your hard work with:
- Great health, dental and vision plans
- Prescription drug coverage
- Flexible spending accounts
- Life insurance w/AD&D
- An employer-matched 403(b) for those who qualify.
- Paid time off
- Tuition reimbursement
- And a lot more