"Deputy HIPAA Privacy Officer"

Overview

Under the direction of the Chief HIPAA Privacy Officer (CHPO), the Deputy HIPAA Privacy Officer (DHPO) will ensure that clinical, research and academic activities of the Yale School of Medicine (YSM) related to the privacy of protected health information (PHI) are in compliance with the HIPAA Privacy Rule and related state and federal laws. As the lead HIPAA compliance officer for YSM, the DHPO is responsible for the YSM HIPAA Privacy programs and activities and assuring that they are compliant and consistent with University policies and practices and in keeping with YSM objectives as defined by the Chief Medical Officer (CMO) of Yale Medicine.

Required Skills and Abilities

1. Proven skills in one or more of the following areas: HIPAA compliance, clinical (such as nursing), clinical administration, or medical records management. High level of ethics and integrity in professional matters and sensitivity for confidentiality.
2. Proven knowledge of health information privacy and security laws, use of health information in clinical practice and/or clinical research, and familiarity with general principle of information security practices.
3. Ability to provide effective programmatic leadership in a complex organization, preferably an academic medical center.
4. Exceptional interpersonal skills including ability to interact positively with a broad spectrum of individuals from patients to faculty members. Excellent oral and written communication skills to facilitate understanding of complex regulatory requirements.
5. Detail-oriented with proven organizational skills and analytical ability. Ability to prioritize, problem solve, and work well under time pressure. Ability to work independently and exercise sound judgment.

Preferred Skills and Abilities

1. Minimum seven years of compliance, clinical, clinical administration and/or medical records management experience.
2. Nursing or health care management degree.
3. Experience with clinical practices and with medical records management systems like Epic.
4. Experience in compliance, clinical auditing or breach investigations, developing and presenting trainings, and maintaining data tracking and metrics.
5. Familiarity with academic medical centers.

Principal Responsibilities

1. Oversee compliance with University HIPAA Privacy policies and related legislation and regulation at YSM.
   a. Develop and maintain an ongoing collaborative relationship with relevant departmental staff to ensure robust communication between the HIPAA covered community and the HIPAA Privacy program.
   b. Develop and conduct a comprehensive ongoing compliance education and awareness program to ensure that all YSM departments subject to HIPAA are aware of their HIPAA Privacy obligations.
   c. Implement a routine monitoring program to ensure that all YSM departments subject to HIPAA are compliant with institutional and YSM HIPAA Privacy policies and procedures.
   d. Identify and make recommendations to address areas for improvement. Coordinate activities with the CHPO to ensure a unified approach to HIPAA throughout the covered entity.
2. Work cooperatively with the HIPAA Security Officer and under the direction of the CHPO in monitoring compliance with HIPAA Security policies and procedures and breach notification requirements.
   a. Conduct periodic risk assessments to direct the monitoring program.
   b. Conduct audits in clinical, research and academic areas to quantify areas for improved compliance, including monitoring access to PHI.
   c. Recommend disciplinary actions as appropriate for adverse monitoring results in coordination with the CHPO, CMO, Office of the General Counsel and Human Resources and others as appropriate.
   d. Liaise with relevant internal and external organizations to promote privacy and security protection of PHI to ensure YSM PHI-related IT systems are adequately protected while maintaining superior clinical care.
   e. Identify compliance concerns and recommend solutions to the CHPO and CMO.
3. Respond to, and investigate, potential HIPAA violations and breaches promptly. Ensure CHPO is informed of emergent incidents and provide relevant, standardized information in a timely manner. Notify and work with Human Resources Generalists and attend investigatory meetings with staff where appropriate.
4. Maintain impeccable records of the YSM HIPAA compliance program in keeping with HIPAA and University standards for record confidentiality, integrity and availability. Ensure timely access to documents is available to CHPO.
5. Serve as a resource for HIPAA questions and complaints at YSM from faculty, staff, research participants and patients. Initiate and perform investigations and analyze trends in these areas and develop plans to remediate, collaborating with the CHPO, as appropriate.
6. Collaborate with CHPO to ensure that YSM partners (e.g. Human Investigation Committee, YM Medical Billing Compliance, University Audit) who assist with HIPAA compliance have an adequate understanding of HIPAA requirements.
7. Serve as a liaison with related health care entities including Yale New Haven Health System and affiliated covered entities, and Business Associates to streamline HIPAA Privacy and Security practices.
8. Participate in the University's HIPAA Privacy Program, as stipulated in University policies and procedures. Coordinate activities, consult, and communicate with the CHPO as appropriate. Participate with the CHPO and other University officials in the review and, where necessary, revision of University policies and procedures; in particular, make recommendations regarding policy and procedural revisions that address circumstances unique to the YSM environment and advise University officials of the implications of HIPAA policies and procedures for YSM clinical, academic, and research activities, including the Epic EMR.
9. Maintain a current and complete knowledge of legislation, regulation, guidance, industry standards, and University policies and procedures relating to health information privacy and security.
10. Other duties as assigned.

Required Education and Experience

Bachelor’s degree and six years of related experience; or an equivalent combination of education and experience.