HIPAA Medical Privacy Specialist, Bellingham, WA
HIPAA Medical Privacy Specialist, Administrative Office (19-14)
Location: Bellingham, Washington, United States
Title: HIPAA Medical Privacy Specialist
Position: Full Time, 32 hours per week, non-exempt
Location: Administrtive Offices
Job Summary The HIPAA Medical Privacy Specialist collaborates with managers and staff to ensure compliance with a variety of Federal, State and Local mandated programs. This position works with management and staff to ensure that all Family Care Network (FCN) employees are in compliance with the rules and regulations of regulatory agencies, that FCN policies and procedures are being followed and that behavior within the company meets the expected standards of conduct. Responsibility involves ongoing education and consultation with FCN and clinic management and staff to keep them apprised of current requirements or changes in statutes or regulations. Duties are performed under the direction of the Human Resources Director. The HIPAA Medical Privacy Specialist is expected to complete related work as required.
Family Care Network Standards
Vision, Mission and Goals: Actively supports the vision, mission, values, goals and objectives of Family Care Network. Interacts with other individuals, groups, and/or departments in making the vision a reality.
- Policies and Procedures: Adheres to all company policies and procedures. Adheres to guidelines for HIPAA, WISHA and other State and Federal regulatory agencies.
- Professionalism: Demonstrates in interactions with patients, colleagues, outside vendors, attitude, demeanor, and communication style consistently supports values and standards.
- Effective Communication skills: Demonstrates ability to communicate with patients, colleagues and outside vendors in an appropriate, courteous and respectful manner.
- Documentation: Consistently documents all pertinent information in all forms of electronic records accurately and concisely, in accordance with company guidelines.
- Compliance: Consistently adheres to all FCN Confidentiality and HIPAA policies and procedures regarding company and patient information.
- Team Responsibilities: Works to ensure success of company and of team members. Is accountable and takes ownership of opportunities, concerns, breakdowns, and results. Works collaboratively while evoking and producing trust. Anticipates, plans, learns, and innovates. Adheres to team standards and contributes to the team mood for success.
- Collaborates with management and staff on the development, implementation, and maintenance of appropriate privacy policies and procedures. Reviews new or revised laws and regulations pertaining to patient privacy to determine if all policies required by law have been developed in writing and if revisions of current policies are needed. Writes or revises policies as necessary.
- Maintains and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel.
- Collaborates with managers on internal privacy audits to determine organizational compliance, including reports of compliance activities.
- Perform tracking and maintenance of action plans for the resolution of issues identified during assessment and audits
- Collaborates on the development, delivery, and documentation of HIPAA Privacy training and awareness for all staff, including the orientation of new employees and retraining of employees when material changes have been made in policies and procedures or when necessary, e.g., retraining.
- Monitors all business associate agreements, to ensure all privacy concerns and requirements are addressed.
- Updates/maintains appropriate authorization forms, privacy notices, and other materials reflecting current privacy practices and requirements.
- Would coordinate any visit in cooperation with the Office for Civil Rights, other legal entities, and organization officers in any compliance reviews or investigations.
- Works with clinic Practice Managers to: respond to patient requests for amendments and requests for changes to their medical records; the release of patient records in accordance with established policies and procedures; and patient requests regarding limiting disclosures to health plans when the patient has paid in full out of pocket for the services that are the subject of the disclosure.
- Serves as the designated contact person to receive questions, comments, and complaints, and provide resources for patients and staff on the HIPAA privacy regulations.
- Works with IT to ensure completion of a periodic written risk assessment related to security of protected health information including electronic PHI.
- Working with the HIPAA/HITECH Committee, I.T., EMR, Clinical Services and HR operations as appropriate:
- Implements and monitors risk management measures to address security risks and vulnerabilities identified by risk assessments.
- Implements and maintains appropriate systems and/or processes for the security of electronic PHI, including security policies and procedures.
- Collaborates on implementation of measures to protect against reasonably anticipated threats or hazards to security or integrity of electronic PHI and reasonably anticipated unauthorized uses or disclosures.
- Identifies non-compliance with security policies and procedures to allow for consistent application of sanctions for failure to comply with security policies for all individuals in the organization’s workforce.
- Administers a process for regularly reviewing records of computer or information system activity related to electronic PHI, such as audit logs, access reports, and security incident tracking reports.
- Maintains/updates procedures for authorization and supervision of access to electronic PHI by workforce members and termination of access.
- Maintains access authorization policies for stored electronic PHI.
- Maintains appropriate security policies and procedures, including those for physical and technical safeguards.
- Reviews new or revised laws and regulations pertaining to patient security of electronic PHI to determine if all policies required by law have been developed in writing and if revisions of current policies are needed. Writes or revises policies as necessary.
- Works with management, IT and EMR to investigate and resolve security breaches involving electronic PHI, including breaches reported by Business Associates, providing appropriate notifications as required by state and federal law, after consulting as necessary with legal counsel.
- Receives reports of potential breaches of unsecured PHI and works management to investigate, make determinations, and provide notification if necessary.
- Comply with, and support the organization’s compliance, regulatory and contractual requirements, organizational policies, procedures, and internal controls.
- Participate in reviewing, revising and updating current policies and compliance plans.
- Knowledge of HIPAA-related rules and regulations; techniques of administrative and organizational systems analysis; principles and practices of project planning, monitoring and evaluation; effective interviewing and investigation techniques; computer software including word processing, spreadsheet, database and security programs;
- Strong English usage and grammar skills to facilitate communication across all departments and roles
- Ability to manage self and influence others in an environment of change; easily build trust, rapport and relationships within the FCN culture of care; create a shared vision of personal accountability; reach agreements across varying interests;
- Ability to read, interpret and continue to learn about the Health Insurance Portability and Accountability Act of 1996 and other relevant information privacy laws and related to access and release of protected medical information; maintain a broad knowledge of compliance issues and concerns; communicate effectively both verbally and in writing; analyze situations and take appropriate action;
- Represent Family Care Network in an effective and professional manner; establish and maintain effective working relationships with other departments and public agencies.
Education & Experience:
- Required three (3) years of experience in a healthcare setting, and ideally will have knowledge of or experience with Electronic Health Records (EHRs) or Clinical Information Systems, as well as concepts related to Patient Safety.
- A Bachelor’s degree or higher in a Health or Business related area preferred.
- Demonstrated understanding of the functions of healthcare operations in an ambulatory outpatient setting is required.
- Required three (3) years of HIPAA compliance and security requirements experience as it relates to healthcare data.
- Ability to lead and facilitate projects through the power of influence versus positional authority.
- Demonstrated understanding of project management concepts.
- Exposure to rules and regulations pertaining to regulatory compliance requirements such as HIPAA and HITECH required.
Performing the duties of this job requires ability to: stand; walk; sit; climb stairs; use hand to finger coordination, handle or feel objects, tools or controls; reach with hands and arms; balance, stoop, kneel, crouch; talk or hear. The employee must occasionally lift and/or move up to 30 pounds. Specific vision abilities include: close vision, peripheral vision, depth perception and the ability to adjust and focus.
Adhere to company immunization policy. Immunizations required: Influenza, Tdap, MMR, Varicella or a verified history of chicken pox disease, PPD and any additional immunizations determined necessary for the protection of staff and patients. Family Care Network will cover the cost of required immunizations for Family Care Network employees; immunizations will be administered by Family Care Network staff. Hepatitis B strongly recommended.
Family Care Network is a Drug-Free, Equal Opportunity Employer.