[COMMENT1]                                                            SPARROW HOSPITAL AND HEALTH SYSTEM

                                                                                     JOB DESCRIPTION

                                                                                         MANAGEMENT

 

 

1. Job Title:  Chief Privacy Officer                                       2. Date:    5/24/2001                         

 

3. Corresponding Role Statement:         Executive     X  Director        Manager       Supervisor                                                   

4. Department #:   8232        Department Name:   IS Administration                                                   

 

5. Class Code:            Pay Grade:             6. Status:     X  Exempt        Non-Exempt

 

7. Reports Directly To (Position):  Vice President Information Services / CIO                           

 

 

8. Purpose of Job:

The Sparrow Health System Chief Privacy Officer oversees all ongoing activities related to the development, implementation, maintenance of, and adherence to the Health System’s policies and procedures covering the privacy of, and access to, patient health information in compliance with federal and state laws and Sparrow’s information privacy practices.

 

9. Principle Duties and Responsibilities (Consistent With The Role Statement):

 

·         Implement and maintain Sparrow  Health System's Privacy Program, policies and procedures in accordance with federal and state regulations and accreditation standards while maintaining efficient, effective, and cost-sensitive operations in a manner consistent with Sparrow's mission.

·         Work with organization senior management and corporate compliance officer to establish an organization-wide Privacy Oversight Committee.

·         Serve in a leadership role for the Privacy Oversight Committee’s activities.

·         Perform initial and periodic information privacy risk assessments and conducts related ongoing compliance monitoring activities in coordination with the entity’s other compliance and operational assessment functions.

·         Work with legal counsel and management, Health System entities, and committees to develop and maintain appropriate privacy and confidentiality consents, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.

·         Oversee, direct, and optimize delivery of privacy training and orientation to all associates, volunteers, medical and professional staff, contractors, alliances, business associates, and other appropriate third parties.

·         Participate in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.

·         Establish with management and operations a mechanism to track access to protected health information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.

·         Work cooperatively with the Health Information Management Director and other applicable organization units in overseeing patient rights to inspect, amend, and restrict access to protected health information when appropriate.

·         Establish and administer a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel.

·         Administer compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organization’s workforce, extended workforce, and for all business associates, in cooperation with Human Resources, Data Security Administration, Administration, and legal counsel as applicable.

·         Initiate, facilitate and promote activities to foster information privacy awareness within the organization and related entities.

·         Serve as a member of, or liaison to, the organization’s Institutional Research Board. Also serve as the information privacy liaison for users of clinical and administrative systems and information.

·         Work collaboratively with the Chief Security Officer to align all system-related privacy plans and practices with security plans and practices throughout the Health System.

·         Work with all organization personnel involved with any aspect of release of protected health information, to achieve full coordination and cooperation under the organization’s policies and procedures and legal requirements

·         Maintain current knowledge of applicable federal and state privacy laws and accreditation standards, and monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.

·         Serve as information privacy consultant to the organization for all departments and appropriate entities.

·         Cooperate with the Office of Civil Rights, other legal entities, and organization officers in any compliance reviews or investigations.

·         Work with organization administration, legal counsel, and other related parties to represent the organization’s information privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulations, or standards.

 

 

10. Working Conditions:

 

a)       Office and computer room environment.

b)       Some travel required.

c)       Extensive keyboard usage and exposure to CRT/monitor.

d)       Minimal exposure to latex, less than 10%.

 

 

11. Positions That Report Directly To This Position:

 

a)       Must develop and maintain effective collegial relationship with staff, physicians, executives and Board Members. Manages all individuals as relates to their responsibilities of privacy and confidentiality.

 

 

12. Knowledge, Skills, Experience Required (Consistent With The Role Statement):

 

·         Masters prepared in Health Administration, Business Administration, or related field.  Bachelor's required.

·         Minimum of seven years Healthcare experience.  Working knowledge of healthcare operations in an organization of similar size and complexity required.

·         Broad based clinical or management leadership experience with knowledge or complex systems and systems change with demonstrated success in tactical and analytical thinking.

·         Certification as a Registered Health Information Administrator (RHIA) or Registered Health Information Technician (RHIT) preferred with experience relative to the size and scope of the organization.

·         Knowledge and experience in information privacy laws, access, release of information, and release control technologies.

·         Knowledge in and the ability to apply the principles of Health Information Management, project management, systems and process thinking and change management. Readily accepts change and influence organizational change.

·         Practical experience with payor organizations desirable.

·         Proficient computer, written and verbal communication skills.  Excellent presentation skills with ability to relate effectively to physicians, all levels of the organization and associates in a fluid, flexible and adaptive fashion.

 

 

13. Approvals:

 

    Director:                                                                          Date:                                 

 

    Executive:                                                                         Date:                                 

 

    Human Resources:                                                              Date:                                  

 

This description is intended to indicate the kinds of activities and levels of work difficulty required for positions with this title and should not be construed as declaring the specific duties and responsibilities of any particular position.  The duties described should not be held to exclude other duties not mentioned that are of similar kind or level of difficulty.

 

5/92