Privacy Director Job
Responsible for system-wide implementation of MedStars Privacy activities including the analysis and evaluation of industry standards and best practices in the area of health care privacy and information security. Responsible for the development, implementation, maintenance, and revision to the MedStar Health Notice of Privacy Practices, and all system privacy policies and procedures, as needed, to maintain an effective privacy program. Directs local privacy liaisons regarding privacy-related activity to be conducted in the operating units and monitors to ensure alignment with applicable law. Responds to patient and employee privacy complaints, reviews, resolves and tracks complaints as needed. Responsible for all Federal and State mandatory reporting obligations. Develops, drafts and maintains system-wide Privacy education and training content and directs the system-wide delivery of education content. Develops, leads and maintains an effective and sustainable system-wide communication and awareness program. Oversees, manages, evaluates, retains, and terminates Privacy Office staff.
Education: Bachelors Degree in Healthcare, Sciences, or Business-related area. Legal Degree, Masters level education in business or health fields or other relevant advanced degree in business strongly preferred.
EXPERIENCE: 5 years progressively more responsible education or health care industry experience in operational, clinical, or business management, or 7 years job-related experience in a similar field. Experience in hospital operations strongly preferred. Experience in educational compliance content writing and eLearning application is preferred.
LICENSE/CERT/REG: Member of the D.C. and/or State of Maryland Bar strongly preferred. Certification as an RHIA, RHIT, CIPP, or CHPC strongly preferred.
Skills: Excellent demonstrated leadership skills. High level of independent judgment and problem solving skills. Ability to distill complex legal requirements into effective operational solutions, Record of effective working relationship with other health professionals. Excellent oral and written communication skills. Strong analytical, project management, organizational and research skills. Strong public speaking and classroom presentation skills. General proficiency in computer software programs including MS Office and related computer systems. Proficiency in MS Project, database creation software, and other applications preferred.
Primary Duties and Responsibilities
As directed by the AVP Compliance, oversees, manages, evaluates, retains, and terminates Privacy department staff.
Attends meetings of various MedStar entities as needed; develops and delivers Privacy presentations as needed; provides support for system-wide patient privacy committees and issues. Represents MedStar Health in privacy-related community outreach efforts.
Collaborates with other departments, including the Legal Department, Human Resources, Information Systems and others for the system-wide integration of privacy programs and uniform discipline for violations.
Creates and maintains an effective and sustainable system-wide communication and awareness program, including promoting the use of the Privacy Hotline, heightened awareness of applicable policies and the understanding of new and existing issues and related policies and procedures.
Develops and distributes to appropriate hospital and business unit staff articles for newsletters, awareness flyers, email communications and Frequently Asked Questions.
Develops the infrastructure to implement an effective system-wide Privacy program and support the achievement of established goals and objectives and adheres to department policies, procedures, quality standards, and safety standards. Ensures system-wide compliance with governmental and accreditation regulations. Develops the system-wide strategic plan for current and future Privacy functions, including the evaluation of industry standard and best practices in the area of health care privacy in close consultation with the Chief Privacy Officer.
Develops and coordinates MedStars responses to regulatory authorities and works cooperatively with investigations or inquiries from the HHS Office of Civil Rights (OCR), the Centers for Medicare and Medicaid Services (CMS), the HHS Office of Inspector General (OIG), the U.S. Department of Justice (DOJ) and any state agencies to assure appropriate and consistent responses to any government inquiries and to protect MedStars interests by demonstrating MedStars understanding of regulations and the law; gathering, analyzing, interpreting and applying the technical knowledge.
Develops, recommends, manages and is accountable for the department budgets and ensures that department operates within budget.
Directs local privacy liaisons regarding privacy-related activity to be conducted in the operating units and monitors to ensure alignment with applicable law. Conducts periodic privacy liaison meetings. Collaborates with local privacy liaisons and Chief Privacy Officer and responds to patient and employee privacy complaints, reviews, resolves and tracks complaints as needed.
Engages independently in contract negotiations and reviews on matters involving privacy and information security including MedStars system-wide EMR and HIE implementation arrangements. Works closely with and collaborates with key stakeholders including the IT Department, Finance, HR, and other departments as necessary. Oversees and develops strategies for addressing privacy and information security issues relating to MedStars various initiatives.
Ensures that confidential and proprietary information and activities are handled discreetly and information is safeguarded. Captures appropriate data metrics and produces reports on privacy incidents to focus mitigation, training, and education efforts and as otherwise necessary.
Has primary oversight responsibility for Privacy investigations and analysis of outcomes under applicable laws and leads the response to such matters by assisting the operating units in responding to such inquiries and investigations.
Maintains current knowledge of applicable international, federal, state, and local laws, accreditation standards, professional standards, ethical principles, and other privacy requirements. Regularly monitors advancements in information privacy technologies and legislative and regulatory developments to ensure appropriate adoption and compliance with applicable laws.
Performs other duties as assigned.
Responds to patient privacy inquiries, concerns and complaints, including hotline calls, from MedStar employees, providers and patients; conducts reviews and inquiries as needed; logs-in, tracks and documents through resolution. Uses independent judgment to identify, research, investigate and evaluate known and potential patient privacy risks and compliance risks across the system; develops conclusions based on risk assessments; presents conclusions and recommendations to the Chief Privacy Officer.
Responsible for the development of MedStars system-wide Privacy education and training efforts. Edits and publishes Privacy eLearning training modules in MeL. Ensures educational content is updated and disseminated to hospitals, business units and central learning departments. Keeps accurate records of versions and dates of education materials.
Responsible for the development, implementation, maintenance, and revision to the MedStar Health Notice of Privacy Practices, and corporate privacy policies and procedures, as needed, to maintain an effective privacy program. Develops, oversees and is responsible for system-wide policies and procedures for occurrence detention, response, resolution, and reporting, and tracking, including identification of potential system-wide areas of privacy vulnerability and risk, and development of corrective action plans.
Reviews threshold communications from federal, state or local agencies regarding privacy and information security issues and distills complex legal requirements into effective operational solutions.
*May be required to travel to various locations as needed. Reliable transportation may be required.
REPORTS TO: AVP Compliance
SUPERVISES: Privacy management staff, analysts, support staff and provides guidance and oversight to local privacy liaisons and operational staff in privacy matters.
Facility Location: MedStar Health Corporate Offices
Nearest Major Market: Baltimore
Job Segments: Research, Inspector, R&D, Manager, Law, Quality, Management, Legal