The Manager of HIPAA Privacy is primarily responsible for the the University of Louisville Hospital (ULH) and UofL Physicians privacy program and to help ensure the safety and privacy of ULH/UofL Physicians’ PHI. The scope of this program is enterprise wide and includes information in electronic, print and other formats. The purpose of this program is to assure that the information created, acquired or maintained by ULH/UofL Physicians and its authorized users is used in accordance with its intended purpose; to monitor ULH/ UofL Physicians PHI access, use and disclosure and; to assure that ULH/UofL Physicians complies with statutory and regulatory requirements regarding privacy of PHI.
- Builds a strategic and comprehensive privacy program that defines, develops, maintain and implements policies and processes that enable consistent, effective privacy practices enterprise-wide.
- Performs audit activities for access to information systems and creates a resultant set of documents
- Assists the VP of Compliance and Audit Services with building a strategic and comprehensive privacy program that minimizes risk and ensures confidentiality of PHI.
- Assists with the development and implementation of ULH/UofL Physicians privacy policies, standards and procedures. Work with key department leaders in the development of such policies.
- Serves in a leadership role to all departments for privacy compliance.
- Oversees, develops and delivers initial and ongoing privacy training to workforce members on standards and procedures related to privacy of PHI.
- Collaborate with the HIPAA-Security Officer on compliance issues as necessary to ensure alignment between security and privacy compliance.
- Assist with the development and implementation of an Incident Reporting and Response system to address ULH/UofL Physicians privacy and/or security incidents (breaches), respond to alleged policy violations, or complaints from external parties.
- Evaluate privacy trends, evolving threats, risks and vulnerabilities and apply tools to mitigate risk as necessary.
- Assist with the development and implementation of an ongoing risk assessment program targeting PHI privacy matters. Recommend methods for vulnerability detection and remediation.
- Keep abreast of latest privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to ULH/UofL Physicians and its mission.
- Manages the breach notification
- Other duties as assigned.
MINIMUM EDUCATION & EXPERIENCE
- Bachelor’s degree, required. Advanced degree preferred.
- Minimum five (5) years of experience in HIPAA Privacy regulatory requirements.
- Experience in developing and administering an information security program, preferred.
- CHC certification required.
KNOWLEDGE, SKILLS, & ABILITIES
- Excellent project management, written and oral communications skills.
- Ability to work collaboratively with a broad range of constituencies.
- Service Excellence – responsive, informs constituents of process, pleasant to work with, educates and provides timely, accurate information
- Presentation – can speak in front of people to deliver necessary material or messaging
- Interpersonal – can build effective, strong working relationships with employees, colleagues, management and vendors through trust, communication, and credibility
- Office environment – office, sitting, computer, walking, lifting etc.