| EOE Statement:|
Washington University is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity or expression, national origin, genetic information, disability, or protected veteran status.
This position is full-time and works approximately 40 hours per week.
Department Name/Job Location:
This position is in the Faculty Practice Plan. This position is for the Medical School Campus.
The primary purpose of this position is to oversee all activities related to the development, implementation, maintenance of, and adherence to WU’s policies and procedures covering the privacy of, and access to, patient health information in compliance with federal and state laws. Privacy Officer advocates and protects patient’s privacy by serving as an advisor for patients voicing concerns or disputes relating to privacy issues. Position is accountable for coordinating all activities of privacy practices such as compliance training, monitoring of compliance, breach notification and reporting, and internal investigations.
PRIMARY DUTIES AND RESPONSIBILITIES:
- Oversees processes to ensure an effective HIPAA compliance program for the University, Medical School and Health Plan.
- Oversee all activities of the Faculty Practice Plan Health Information Release Service. Serve as subject matter expert for medical records and release of information processes.
- Provides guidance and assists with the identification, development, implementation, and maintenance of university privacy policies and procedures.
- Oversees and directs the delivery of initial and ongoing privacy training and orientation to all workforce members. Develop training content for initial and refresher HIPAA training.
- Participates individually with Business Units maintain ongoing compliance monitoring.
- Administer a process to investigate and manage all patient privacy complaints, reported privacy and security concerns, and potential breach incidents in collaboration with the Office of General Counsel, HIPAA Security Officer, WUSM Human Resources, Associate Vice Chancellor for Clinical Affairs, affiliated hospital partners, and other key University stakeholders.
- Coordinate communication related to breach notification with patients, affiliated hospitals, university leadership, media, employees and provide regulatory notification to the Office for Civil Rights and applicable state Attorney General offices.
- Enforce HIPAA compliance that ensures consistent application of sanction policy for all workforce members.
- Facilitate programs to foster HIPAA awareness throughout university
- Maintains current knowledge of state and federal privacy laws.
- Cooperates with the Office of Civil Rights and other governmental agencies in HIPAA related investigations and submit required reports and notifications to the Office for Civil Rights and other governmental agencies.
- Work closely with Electronic Medical Record team to ensure patient privacy rights.
- Serves as a liaison for the Washington University’s IRB for HIPAA-related issues.
- Conduct privacy risk assessments when appropriate. Analyze gaps between regulatory requirements and existing processes to develop corrective action plan to mitigate risks.
- Perform routine and for-cause privacy compliance audits, including EMR access audits.
- Analyze vendor relationships and conduct risk analysis to determine need for Business Associate Agreement. Collaborate with Office for General Counsel to negotiate vendor-proposed revisions to language in agreement.
- Works with key departments to ensure the organization has and maintains appropriate privacy standards.
- Coordinate with the Information Security Officer in the development and monitoring of information security practices and the administrative, technical, and physical safeguards to protect the privacy of health data.
- Other duties as assigned.
A Bachelor’s degree is required. Prior experience in privacy management or comprehensive healthcare compliance management in an academic medical center or health care setting of similar size and complexity.
- A JD, Nursing degree or Master’s degree in healthcare administration or related field.
- Certification in Healthcare Privacy Compliance is ideal
- Knowledge of federal and state privacy and compliance laws and regulations.
- Experience with breach risk analysis and breach reporting.
- Experience with electronic medical records and release of health information.
- Excellent project management skills and the ability to manage multiple priorities.
- Strong interpersonal communication and presentation skills.
- Strong clinical background as well as management experience, or minimum of five years management experience in the health care field.
- Ability to work independently and meet deadlines is essential.
The hiring range for this position is commensurate with experience.
-Retirement Savings Plan
-22 vacation days
-8 Paid Holidays
-Tuition benefits for employee, spouse and dependent children
-Free Metro Link/ Bus pass
-Free Life Insurance
-Health, Dental, Vision
-Health Savings Accounts (HSA)
-Long Term Disability Insurance
-Flex Spending Plan
Med School HR website (medschoolhr.wustl.edu)
Applicant Special Instructions:
- Normal administrative office setting.
- Flexible work schedule.
- High stress caused by work deadlines.
- Planning functions may occur at any of the buildings on campus and will require physical capability to get to each location.
Internal Applicant Instruction:
Please attach a copy of your most current signed performance evaluation (completed within the last 18 months) to your online account. If you have not received a performance evaluation, you may provide two current signed letters of recommendation (written within the last 18 months), preferably to include one letter from either a current or recent former supervisor. To attach these documents, go to: My Career Tools, Add Attachment, Attachment Type – Performance Reviews or Letters of Recommendation.