Health Info Privacy Spec

Overview

Health Information Privacy Specialist

Full-Time, 80 hours per pay period, Day Shift

Covenant Health Overview:

Covenant Health is the region’s top-performing healthcare network with 10 hospitals (http://www.covenanthealth.com/hospitals/) , outpatient and specialty services (http://www.covenanthealth.com/services/) , and Covenant Medical Group (http://www.covenantmedicalgroup.org/) , our area’s fastest-growing physician practice division. Headquartered in Knoxville, Covenant Health is a community-owned integrated healthcare delivery system and the area’s largest employer. Our more than 11,000 employees, volunteers, and 1,500 affiliated physicians are dedicated to improving the quality of life for the more than two million patients and families we serve every year. Covenant Health is the only healthcare system in East Tennessee to be named a Forbes “Best Employer” seven times.

Position Summary:

Responsible for problem solving issues relative to privacy complaints, investigations, misdirected faxes, amendment & correction of records, more complicated release of information concerns (e.g. decedents, POA’s, health oversight), access and audit trail monitoring. Participates in environment of care rounds / risk assessment rounds to ensure proper privacy and security protections are in place. Provides training and education related to privacy and confidentiality for hospital/ facility system users, including physicians, and ancillary hospital staff. Analyzes information, audit trails, complaints to ensure privacy protections are in place and policies / regulations are followed. This position is responsible for helping to maintain the integrity of the health information data.

Recruiter: Kathleen Rice || kkarnes@covhlth.com || 865-374-5391

Responsibilities

Exercises independent judgment in case investigation and interviews to determine whether or not a valid privacy concern has occurred including the who, what, when, where, how, and why.

Works closely with management to analyze the problem, including looking at systems and processes for prevention and mitigation.

Consults with human resources, management and the Integrity Compliance Officer on disciplinary actions, including individual trending and monitoring for future information access capabilities/ restrictions.

Interacts with physicians and their office staff on privacy concerns and resolutions.

Responsible for memorializing detailed case documentation to support findings and actions, which may be utilized in future audit or defense response.

Travels to various Covenant Health facilities to investigate, interview, education and monitor privacy activities often with little advance notice.

Serves as first line consultant to PHI storage, retention, destruction, access issues.

Assists with accessing secure flash drives, monitoring unsecured emails, electronic transfer or storage or PHI/PII.

Performs basic HIPAA Risk Assessment for PHI risk exposure and security issues with walk-through analysis and provides report to leadership for correction actions.

Evaluates privacy cases by completing HIPAA Risk Assessment to assess for Low Probability of Compromises (non-reportable breaches) and escalates to legal counsel with discussion of case any that are questionable or above low probability of compromise (reportable breaches).

Monitors and approves HIPAA Business Associate Agreements (BAAs) with vendors for standard agreements and consults legal counsel any changes, questions, or unusual BAA items for advise and follows through to resolution.

Captures and maintains PHI inventory of non-IT supported electronic devices (eDevice assets) for systems that collect, use, store, share and dispose of PHI (in its life cycle) to protect against breach.

Assures the facility staff maintains patient confidentiality and follows all policies and procedures related to privacy, confidentiality and release of information.

Monitors the verification and certification of proper access and proper release of health information. Ensure role-based / need-to-know accesses, like with hospital/ facility staff or physician offices.

Monitors audit reports to ensure proper access of records for the purpose of preserving data integrity and for proper accessibility such as electronic HIM (eHIM) access via daily monitoring of access reports (like Sovera Optical Imaging access reports) and more complex release of information issues (like with decedents or legal representative/ POA’s or health oversight surveyors)..

Conducts training classes for privacy, security and confidentiality for various individuals. In-services new employees, volunteers, students, vendors, physician’s offices and other individuals, as needed. Informs staff of any procedural changes involved. Provides training to physicians and other hospital personnel. Regularly orients and trains physicians to privacy and works with them to learn the record completion/ amendments & corrections via various applications.

Serves as central contact and the liaison person between the hospital/ facility and the I&C staff, vendors, various support staff, and others for the purposes of privacy/ security improvements and enhancements.

Responds to patient concerns and complaints regarding privacy policies and procedures, working with various others to assure that appropriate actions are taken to resolves such problems.

Serves as initial contact between ancillary departments and Director of Privacy/ I&C office in identifying and trouble shooting privacy issues and questions.

Completes Accounting of Disclosure database entries and Risk Assessments for privacy cases.

Monitors, investigates and problem solves on privacy/ release of information concerns, such as mis-directed faxes, inappropriate accesses, HIPAA amendment of records, Identity Theft, audit trail monitoring and routine privacy concern investigations.

Audits and monitors system access in the imaging & other various electronic record systems for appropriateness. Helps ensure that proper system security is in place to protect access and confidentiality.

Solves problems in the hospital/ facility relative to information privacy and protections. This includes looking at problems over time and trending to identify the causes.

Coordinates meetings with ancillary departments, as necessary, to resolve identified problems. Completes follow-up to ensure suggested results in the desired outcomes, working closely with physicians, nursing personnel and other system users to resolve issues.

Enhances professional growth and development through participation in educational programs, current literature, in-service meetings and workshops.

Participates in health information protections by attending meetings and serving on committees as required, such as the system Privacy Officers Committee.

Attends various meetings as required. Participates on and/ or leads teams and/or committees as required. Services as committee member on various committees. Records and distributes meeting minutes as required.

Has good general knowledge of all other systems utilized in the facility for problem solving and management purposes.

Perform other related duties as assigned or requested.

Qualifications

Minimum Education:

Will accept any combination of formal education and/or prior work experience sufficient to demonstrate possession of the knowledge, skill and ability needed to perform the essential tasks of the job, typically such as would be equivalent to an Associates degree. Preference may be given to individuals possessing an Associates degree or higher in a directly-related field from an accredited college or university (e.g. AS in Health Information Technology or BS in Health Information Administration)

Minimum Experience:

A minimum of four (4) years of directly-related work experience with emphasis on technology and management.

Licensure Requirement:

Certification in Healthcare Privacy and Security (CHPS), Certified Compliance Professional (CCP), Certified in Healthcare Compliance (CHC), Registered Health Information Technician (RHIT) or Registered Health Information Administrator (RHIA) preferred.

Apply/Share

Job Title Health Info Privacy Spec

ID 4093736

Facility Covenant Health Corporate

Department Name Centralized Privacy