The Mental Health Center of Denver
Receive alerts when this company posts new jobs.
HIPAA Privacy and Security Officer
at The Mental Health Center of Denver
Reporting directly to the Chief Operating Officer, the HIPAA Privacy & Security Officer will interact with all facets and levels of the organization in managing privacy and information security compliance related to Mental Health Center of Denver’s diverse scope of health care programs and service offerings. This position will be responsible for continuing to build and maintain Mental Health Center of Denver’s HIPAA privacy and security programs, including upholding the organization’s policies and procedures, designing and implementing training and education programs, and being the subject matter expert on HIPAA privacy and security requirements. The HIPAA Privacy & Security Officer will partner frequently with the Director of Compliance, the Director of Health Information Systems Management (that is, Medical Records), and the Director of Information Technology.
Candidates for this position must have deep understanding of all aspects of the HIPAA Privacy and Security Rules, including the ability to articulate and explain them to others and apply them to Mental Health Center of Denver.
HIRING RANGE: $85,000 - $93,000
ESSENTIAL JOB FUNCTIONS:
- Provides strategic planning and direction for privacy and information security efforts in accordance with the vision, values, and mission of the Mental Health Center of Denver. Promote and model a HIPAA-centric culture and provide education and support within the organization, as well as with key external stakeholders.
- Ensures that the HIPAA requirements for access control, disaster recovery, business continuity, and incident response, and facility security are properly addressed.
- Possesses the knowledge and ability to apply the principles of health information management, including access, release of information, accounting of disclosures, and right to amend Protected Health Information (PHI).
- Provides guidance to staff on questions concerning use and disclosure of protected health information.
- Ensures alignment between HIPAA privacy and security programs, including policies and procedures, training, and investigations.
- Other duties as assigned.
- Works with Compliance Department to create, maintain, and revise HIPAA privacy and security policies, procedures, forms, notices, and associated materials. Collaborates with other departments (e.g., Human Resources, Information Systems, and Real Estate) as appropriate.
- Assists in the administration and oversight of Business Associate Agreements (BAA), confidentiality agreements, or other contracting matters related to HIPAA privacy and security requirements.
- Conducts audits to determine if organization is complying with HIPAA privacy and security policies, procedures, and applicable regulatory standards. Collaborates with impacted parties to develop and implement action plans to address audit findings.
- Conducts periodic risk assessments to identify, prioritize, and evaluate HIPAA privacy and security risks. Identify gaps and implement mitigation or corrective action plans that align with organizational objectives, contractual obligations, and applicable regulations.
- Performs ongoing risk assessments and audits to ensure that information systems are adequately protected and meet HIPAA certification requirements.
- Oversees audits and risk assessments contracted to third parties, including an annual risk assessment of the electronic health record and an annual information systems security audit.
- Reviews role-based access controls, oversees audits of access to PHI, recommends appropriate action necessary as a result of audit activities.
- Conducts HIPAA-related compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions. Manages and conducts privacy walk-throughs of clinical and residential sites.Training/Education/Security Reminder.
- Oversees development and delivery of HIPAA privacy and security training, orientation, and on-going education.
- Creates awareness program, to include reminders about privacy/information security requirements.
- Establishes and administers a process for receiving, documenting, tracking, investigating and taking action on questions, concerns, and complaints regarding potential breaches of PHI. Promptly, properly, and consistently addresses issues and takes steps to prevent recurrence.
- Provides guidance to Human Resources to promote consistent and appropriate sanctions for failure to comply with state and federal privacy and security requirements, as well as organizational policies and procedures related to privacy and security.
- When required, performs a risk assessment consistent with the HIPAA Breach Notification Rule. In the event of a breach, coordinates all notification requirements consistent with the HIPAA Breach Notification Rule and applicable state law.
- Leads an incident response team to contain, investigate, and prevent future computer security breaches.