The Privacy Specialist independently manages a portfolio of privacy-related questions, issues, complaints and investigations to ensure they are handled appropriately, thoroughly and in a timely fashion. Gathers facts by conducting medical record reviews, system audit log reviews, Internet searches, regulation searches, interviews, and liaising with other department management as needed. Uses active listening and customer service experience to manage difficult conversations, especially with patients exercising their privacy rights. Provides written communications and reports to supervisors, Human Resources, etc. and makes recommendations for corrective action plans.
What You'll Do
Responds timely and professionally to privacy-related questions from employees and patients.
Investigates, analyzes, and documents privacy-related concerns reported to the Compliance Office, including the Compliance hotline; identifies and assures that immediate mitigation steps taken.
Participates in research, data gathering and interviews related to the Privacy Program’s investigations/reviews.
Works with Human Resources on privacy incident investigations to assure disciplinary action steps and follow through occurs.
Researches and understands basic HIPAA and related privacy obligations.
Assists with conducting audits of accesses to the EMR system(s), investigating potential inappropriate access to patient information.
Prepares clear and concise draft reports presenting review and investigation results and recommended corrective actions.
Performs a range of mainly straightforward assignments using prescribed guidelines or policies to analyze and resolve problems. Develops competence by performing structured work assignments.
Works under limited supervision, but seeks and receives instruction, guidance and direction from others, with growth toward handling work assignments of higher complexity.
Identifies risk areas and assists with implementation procedures to ensure compliance with privacy-related policies and corrective action plans.
Participates in the development and performance of the Privacy Program’s compliance work plan for the organization.
May lead reviews, projects or project steps within a broader project.
Assists in reviews by external regulators as necessary.
Assists with development of training aids/educational materials.
Develops a comprehensive and advanced working understanding of compliance privacy and security program to become an authoritative resource within the organization, and obtains certification within 2 years of being in the position—e.g., CHC, CPC).
Bachelor’s degree or 7 years’ similar work experience, or equivalent combination of education and work experience, and/or demonstrated performance with high level work quality & productivity.
3+ years’ relevant experience specific to HIPAA Privacy and/or Security, conducting investigations and/or in a regulatory/legal role, or equivalent combination of education and experience.
Ability to interact and communicate effectively with all levels of staff.
Ability to research and understand HIPAA, HITECH, and other compliance obligations of basic and moderate complexity, including state and federal statutes and regulations.
Strong critical thinking, analytical and problem-solving skills to effectively identify, investigate and analyze HIPAA compliance and incidents
Detail-oriented with excellent organizational skills and ability to manage multiple assignments.
Able to work independently with structured work assignments, under appropriate supervision, and able to recognize need for and seek appropriate guidance when handling issues/cases that may be more complex.
Degree in healthcare, healthcare administration, legal training and/or other related field and/or familiarity with medical terminology and medical record documentation.
Familiarity with Michigan Medicine policies and procedures.
Experience using electronic medical record systems, etc., preferably with the Epic® system.
Proficient using Microsoft Excel® and Sharepoint® applications.
Certified in Healthcare Privacy Compliance (CHPC) or similar certification.
Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings. Background screenings are performed in compliance with the Fair Credit Report Act. Pre-employment drug testing applies to all selected candidates, including new or additional faculty and staff appointments, as well as transfers from other U-M campuses.
Job openings are posted for a minimum of seven calendar days. The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.
U-M EEO/AA Statement
The University of Michigan is an equal opportunity/affirmative action employer.