University of Rochester
Privacy Officer
As a community, the University of Rochester is defined by a deep commitment to Meliora - Ever Better. Embedded in that ideal are the values we share: equity, leadership, integrity, openness, respect, and accountability. Together, we will set the highest standards for how we treat each other to ensure our community is welcoming to all and is a place where all can thrive. Job Location: 30 Corporate Woods, Brighton, New York, United States of America, 14623 Opening: Regular Time Type: Full time Scheduled Weekly Hours: 40 Department: 900003 Medical Center Finance Work Shift: UR - Day (United States of America) Range: UR URG 113 Compensation Range: $77,216.00 - $115,824.00 The referenced pay range represents the minimum and maximum compensation for this job. Individual annual salaries/hourly rates will be set within the job's compensation range, and will be determined by considering factors including, but not limited to, market data, education, experience, qualifications, expertise of the individual, and internal equity considerations. Responsibilities
General Purpose: Responsible for the privacy of protected health information through ongoing activities consisting of development, implementation, maintenance of and adherence to University of Rochester policies and procedures in compliance with federal and state laws. Serves as primary privacy consultant for designated areas of responsibility. Essential Functions: Interprets Health Insurance Portability and Accountability Act (HIPAA) privacy regulations together with state and other federal laws regarding confidentiality of protected health information (PHI). Develops and advises on entity-specific relevant policies related to privacy and confidentiality of patient information. Collaborates and contributes with Chief Privacy Officer to identify, develop, implement and maintain system-wide privacy policies and procedures. Coordinates with and keeps senior leadership apprised of areas of responsibility as appropriate. Ensures entity-specific policies and procedures are updated in accordance with policies. Receives, documents, tracks, investigates and takes action on patient, family and workforce member initiated privacy complaints and breaches. Meets or discusses with patients and families about privacy complaints, which can often be of a highly sensitive nature. Defuses upset patients and contains the situation internally. Oversees development of correctional plans or process changes and remediation after issue has been investigated. Coordinates and recommends consistent application of sanctions of workforce members and business associates in cooperation with appropriate Human Resource Business Partner, Medical Director, Office of Counsel, and Dean for Graduate Medical Education, etc. as appropriate. Responsible for maintaining appropriate breach notification risk assessments, files, documentation, etc. Apprises and involves Chief Privacy Officer if/when appropriate. Performs ongoing audit reviews and monitoring of activities, requiring knowledge of electronic medical record systems and in-depth understanding of auditing tools to ensure compliance with federal privacy regulations and policies. Implements and oversees development of corrective action plans and required procedural changes in response to violations of privacy policies and practices. Apprises and involves Chief Privacy Officer and senior leadership if/when appropriate of issues, concerns and progress in dealing with privacy related issues affecting the organization. Serves as consultant and/or subject matter expert in organizational privacy activities, such as health system-wide Privacy Workgroup, Privacy Officer Committee, Regional HIPAA Group, Research Committees, Policy Management Team and other committees, as appropriate. Serves as advisor on HIPAA to Institutional Review Board as required. Maintains current knowledge of privacy guidelines as they pertain to research to ensure compliance with research guidelines and regulations. Ensures areas of responsibility utilize and maintain appropriate privacy authorizations, consents, notices and materials reflecting organization privacy practices and legal requirements. Reviews and negotiates terms of business associate agreement contracts for vendors who perform a function of a business associate as defined in the privacy regulation for areas of responsibility. Serves as liaison with Forms Management vendor. Develops content for mandated privacy training of workforce members. Oversees and ensures delivery of privacy training and orientation to employees, physicians and other workforce members in entity/entities of responsibility. Keeps workforce current with updates, changes and necessary information as they relate to privacy issues. Authors and publishes privacy materials on intranet for ongoing knowledge and awareness of privacy. Ensures adherence to patient rights as mandated under HIPAA regulations, including inspections, receipt of copies, amendments to patient health and billing records, restrictions of disclosures, requesting confidential communications and receiving disclosure tracking reports of access to protected health information. Works closely with the Health Information Management Department and other appropriate parties to manage patient rights in the Privacy Rule. Acts as resource to staff supporting various clinical information systems, including recommending and terminating user access, documentation and advising on provision of access. Serves as privacy liaison for users of clinical and information systems, including Rochester Regional Health Information Organization (RHIO). Serves as liaison to regulatory and accrediting bodies for matters relating to privacy. Other duties as assigned. Minimum Education & Experience
Bachelor's degree and 4 years of healthcare administration, information systems, compliance, auditing or related experience required Or equivalent combination of education and experience Licenses And Certifications
Nationally recognized certification in health information management upon hire preferred The University of Rochester is committed to fostering, cultivating, and preserving an inclusive and welcoming culture to advance the University's Mission to Learn, Discover, Heal, Create
and Make the World Ever Better. In support of our values and those of our society, the University is committed to not discriminating on the basis of age, color, disability, ethnicity, gender identity or expression, genetic information, marital status, military/veteran status, national origin, race, religion, creed, sex, sexual orientation, citizenship status, or any other characteristic protected by federal, state, or local law (Protected Characteristics). This commitment extends to non-discrimination in the administration of our policies, admissions, employment, access, and recruitment of candidates, for all persons consistent with our values and based on applicable law.
As a community, the University of Rochester is defined by a deep commitment to Meliora - Ever Better. Embedded in that ideal are the values we share: equity, leadership, integrity, openness, respect, and accountability. Together, we will set the highest standards for how we treat each other to ensure our community is welcoming to all and is a place where all can thrive. Job Location: 30 Corporate Woods, Brighton, New York, United States of America, 14623 Opening: Regular Time Type: Full time Scheduled Weekly Hours: 40 Department: 900003 Medical Center Finance Work Shift: UR - Day (United States of America) Range: UR URG 113 Compensation Range: $77,216.00 - $115,824.00 The referenced pay range represents the minimum and maximum compensation for this job. Individual annual salaries/hourly rates will be set within the job's compensation range, and will be determined by considering factors including, but not limited to, market data, education, experience, qualifications, expertise of the individual, and internal equity considerations. Responsibilities
General Purpose: Responsible for the privacy of protected health information through ongoing activities consisting of development, implementation, maintenance of and adherence to University of Rochester policies and procedures in compliance with federal and state laws. Serves as primary privacy consultant for designated areas of responsibility. Essential Functions: Interprets Health Insurance Portability and Accountability Act (HIPAA) privacy regulations together with state and other federal laws regarding confidentiality of protected health information (PHI). Develops and advises on entity-specific relevant policies related to privacy and confidentiality of patient information. Collaborates and contributes with Chief Privacy Officer to identify, develop, implement and maintain system-wide privacy policies and procedures. Coordinates with and keeps senior leadership apprised of areas of responsibility as appropriate. Ensures entity-specific policies and procedures are updated in accordance with policies. Receives, documents, tracks, investigates and takes action on patient, family and workforce member initiated privacy complaints and breaches. Meets or discusses with patients and families about privacy complaints, which can often be of a highly sensitive nature. Defuses upset patients and contains the situation internally. Oversees development of correctional plans or process changes and remediation after issue has been investigated. Coordinates and recommends consistent application of sanctions of workforce members and business associates in cooperation with appropriate Human Resource Business Partner, Medical Director, Office of Counsel, and Dean for Graduate Medical Education, etc. as appropriate. Responsible for maintaining appropriate breach notification risk assessments, files, documentation, etc. Apprises and involves Chief Privacy Officer if/when appropriate. Performs ongoing audit reviews and monitoring of activities, requiring knowledge of electronic medical record systems and in-depth understanding of auditing tools to ensure compliance with federal privacy regulations and policies. Implements and oversees development of corrective action plans and required procedural changes in response to violations of privacy policies and practices. Apprises and involves Chief Privacy Officer and senior leadership if/when appropriate of issues, concerns and progress in dealing with privacy related issues affecting the organization. Serves as consultant and/or subject matter expert in organizational privacy activities, such as health system-wide Privacy Workgroup, Privacy Officer Committee, Regional HIPAA Group, Research Committees, Policy Management Team and other committees, as appropriate. Serves as advisor on HIPAA to Institutional Review Board as required. Maintains current knowledge of privacy guidelines as they pertain to research to ensure compliance with research guidelines and regulations. Ensures areas of responsibility utilize and maintain appropriate privacy authorizations, consents, notices and materials reflecting organization privacy practices and legal requirements. Reviews and negotiates terms of business associate agreement contracts for vendors who perform a function of a business associate as defined in the privacy regulation for areas of responsibility. Serves as liaison with Forms Management vendor. Develops content for mandated privacy training of workforce members. Oversees and ensures delivery of privacy training and orientation to employees, physicians and other workforce members in entity/entities of responsibility. Keeps workforce current with updates, changes and necessary information as they relate to privacy issues. Authors and publishes privacy materials on intranet for ongoing knowledge and awareness of privacy. Ensures adherence to patient rights as mandated under HIPAA regulations, including inspections, receipt of copies, amendments to patient health and billing records, restrictions of disclosures, requesting confidential communications and receiving disclosure tracking reports of access to protected health information. Works closely with the Health Information Management Department and other appropriate parties to manage patient rights in the Privacy Rule. Acts as resource to staff supporting various clinical information systems, including recommending and terminating user access, documentation and advising on provision of access. Serves as privacy liaison for users of clinical and information systems, including Rochester Regional Health Information Organization (RHIO). Serves as liaison to regulatory and accrediting bodies for matters relating to privacy. Other duties as assigned. Minimum Education & Experience
Bachelor's degree and 4 years of healthcare administration, information systems, compliance, auditing or related experience required Or equivalent combination of education and experience Licenses And Certifications
Nationally recognized certification in health information management upon hire preferred The University of Rochester is committed to fostering, cultivating, and preserving an inclusive and welcoming culture to advance the University's Mission to Learn, Discover, Heal, Create
and Make the World Ever Better. In support of our values and those of our society, the University is committed to not discriminating on the basis of age, color, disability, ethnicity, gender identity or expression, genetic information, marital status, military/veteran status, national origin, race, religion, creed, sex, sexual orientation, citizenship status, or any other characteristic protected by federal, state, or local law (Protected Characteristics). This commitment extends to non-discrimination in the administration of our policies, admissions, employment, access, and recruitment of candidates, for all persons consistent with our values and based on applicable law.