HIPAA Compliance Officer
Develop and conduct verification and validation audits or reviews of privacy and security requirements and associated mitigating controls including those involving more complex requirements (i.E., reviewing and synthesizing multiple federal and state laws as well as industry and organizational standards)
Develop and implement monitors for compliance with privacy and security requirements and associated mitigating controls including those involving more complex requirements (i.E., reviewing and synthesizing multiple federal and state laws as well as industry and organizational standards)
Conduct investigations of detected violations of privacy and security requirements
Prepare written reports on findings, conclusions and recommendations for audits, investigations and monitors: prepare written reports and oral presentations of privacy and security related issues for various committees and executive personnel
Assist with the development and implementation of corrective action plans
Develop and coordinate outreach and educational activities regarding privacy and security issues
Receive and respond to communications regarding privacy and security inquiries
Support the privacy risk management program
Assist with the development and implementation or assessment and remediation of mitigating controls for privacy and security requirements
Review and analyze new and revised federal, state and industry requirements for information privacy and security and identifies potential risks and assists with mitigating those risks to the organization
Education: Bachelor's Degree (Nursing, Health Information Management, Business, Information Systems or related field) required; Juris Doctor, Master of Healthcare Administration preferred.
Licenses/Certifications: Relevant industry certification such as CHC, CHPC, CHPS, CISA, CISSP, CIA, or CIPP preferred.
Experience/ Knowledge/ Skills:
Four (4) or more years of experience in information privacy and security auditing, operations, or consulting services required.
Demonstrate knowledge of Information Privacy and Security Requirements (e.G., HIPAA Privacy and Security Rule, Texas Medical Records Privacy Act, Texas Health & Safety, NIST, GLB, FACT Red Flag PCI Rule, ISO 27001, HITRUST), healthcare systems (e.G., hospitals, insurers, provider networks).
Demonstrated ability to review and synthesize multiple complex requirements to identify objectives, benchmarks and other metrics for review.
Strong organization and planning, critical thinking, research and analysis, interpersonal and communication (written and verbal) skills.
Ability to prioritize demands of multiple projects and meet deadlines, be able to work independently, and demonstrate sound judgment and decision making.
Familiarity with fixed/standard or dynamic data queries (e.G., MS Access, SQL, general application reporting tools).
Strong knowledge of working with spreadsheets (e.G., MS Excel, Lotus), word processing (e.G., MS Word, Word Perfect), and presentation (e.G., MS PowerPoint, MS Visio) applications.