Details
Posted: 03-May-22
Location: Dallas, Texas
Salary: Open
Categories:
Operations
Internal Number: 22007531
Baylor Scott & White Health (BSWH) is committed to maintaining an effective HIPAA Privacy Program consistent with regulatory requirements and designed to prevent, detect and respond to privacy incidents and breaches. The Director of Privacy is responsible for developing, maintaining and overseeing the implementation of the HIPAA Privacy Program throughout the organization. This position, reports to the Vice President Compliance Risk Based Functions and Chief Privacy Officer and serves in a key leadership role in promoting compliance with federal and state HIPAA Privacy requirements.
ESSENTIAL FUNCTIONS:
- Serves as a system leader for promoting compliance with federal and state HIPAA Privacy laws and regulatory requirements
- Develop and update policies and procedures based on regulatory updates and changes
- Work to ensure the organization maintains the appropriate privacy and confidentiality consent procedures, authorization forms, and information notices
- Work with procurement, vendor management and the legal department to ensure that third-party suppliers' contracts and operating-level agreements meet privacy requirements
- Direct the privacy team work activities through the iSight system and ensure consistent investigative approach, timely investigation completion and proper system documentation of investigation process
- Develop and maintain a privacy risk assessment and risk mitigation program.
- Partner with the CISO in matters relating to data breaches and to address and interpret privacy related questions
-Conduct or oversee privacy awareness campaigns, annual training and orientation for all employees in coordination with application developers, HR and compliance communications
-Develops and maintains privacy metrics, benchmark reporting and dashboard reporting.
- Develop new and innovative strategies to address privacy and regulatory standards and requirements in new computing paradigms, such as the Internet of Things (IoT) or the cloud
- Conduct and oversee proactive and reactive audits, investigations and department walkthroughs to evaluate compliance with HIPAA Privacy Program requirements
- Directs and coordinates the response to all inquiries or investigations of privacy breaches by the Office for Civil Rights (OCR) or other government agencies; prepares and submits annual report to the OCR for security breaches
- Conducts and documents security investigations in response to patient complaints and other allegations of potential security breaches
- Performs routine audits of access logs to determine whether unauthorized individuals have accessed PHI
- Review the organization’s security policies and procedures to determine whether they meet regulatory requirements and provides recommendations to management on needed changes
- Partners with the Privacy Officer and works collaboratively with legal counsel and IS security personnel to ensure a comprehensive approach to preventing and detecting privacy and security violations
- Works effectively with human resources personnel to consistently apply sanctions on workforce members for security breaches
- Maintains a working knowledge of Federal and State laws, regulations and policies applicable to the privacy and security of protected health information and monitors advancements in information privacy technologies
- Stays abreast of external developments in HIPAA and other privacy and security laws and regulations, including government investigations and industry best practices
- Develop reporting templates and create reports for communicating HIPAA privacy program outcomes to compliance committees and the Audit and Compliance Committee of the Board.
- Builds field/employee relationships by demonstrating professionalism, appropriate self-confidence, a facilitative communication style and constructive responses to field/employee needs
- Works closely with department management to identify opportunities for improvement and to mitigate privacy risks
- Serves on committees and other workgroups as needed
KNOWLEDGE, SKILLS, and ABILITIES:
- Must have demonstrated proficiency applying the HIPAA Privacy Standards in the hospital and clinic setting
- Must have extensive experience conducting privacy related audits and investigations
- Demonstrates the highest level of integrity and discretion when exercising professional judgement
- Excellent communication and interpersonal skills with the ability to gain the trust of patients and other customers
- Demonstrates a positive attitude, the ability to work with others, and a desire to learn
- Self-motivated; requires limited supervision
- Team player with a “can do” attitude that can work in a fast-paced environment
- Must have 5 plus years’ experience in a leadership role in a large hospital setting (>500 beds)
- Experience leading a team
MINIMUM REQUIREMENTS:
- Bachelor’s degree Required
- 5 years of experience
