HIPAA Privacy Specialist (Healthcare)

Legal & Compliance Worcester, Massachusetts


Position at UMass Memorial Health Care

At UMass Memorial Health Care, Everyone is a Caregiver regardless of title. Exceptional patient care, academic excellence and leading-edge research make UMass Memorial the premier health care system of Central and Western Massachusetts, and a place where we can help you build the career you deserve. We are more than 14,000 employees, working together as one health care system. And everyone, in their own unique way, plays an important part, everyday.
Requisition # 191734
Title: HIPAA Privacy Specialist
Department: Corporate Compliance
Location: UMass Memorial Health Care – 1 Biotech Park, Worcester, MA.

CHC and/or CPC Privacy Certification required.
Knowledge of state and federal privacy regulations for healthcare organizations.

Excellent oral and written communication and presentation skills
Familiarity with Epic and  Fair Warning EMR access monitoring  desired.

Knowledge of 42 CFR Part 2 federal regulations relative to Alcohol/Substance Use Disorder treatment records is a definite plus.
Position Summary:
Responsible for monitoring and maintaining UMass Memorial Health Care’s (UMMHC) compliance with regulations related to the Privacy and Data Breach elements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as other Federal and State privacy laws. This includes development, implementation and adherence to UMMHC’s policies and procedures covering the privacy of protected health information, patient rights under HIPAA, data breach response, and other UMMHC information privacy practices.  Works with members of UMMHC’s privacy and security leadership and appropriate offices to foster the development and operational implementation of appropriate information privacy practices throughout the organization.
Position Qualifications:
Associate’s degree in Business Administration, Health Care or related field required; advanced degree is a significant plus. A minimum of three years of progressively responsible experience in a regulatory field in a health care setting or relevant clinical management experience. Knowledge and experience in information privacy laws.  Demonstrated organization, facilitation, communication and presentation skills.  Independent decision-making capabilities.  Ability to utilize a variety of computerized software applications such as word processing, spreadsheets, databases, presentations, etc.
Major Responsibilities:
Maintains current knowledge of HIPAA privacy and data breach regulatory guidance and applicable Federal and State privacy laws and monitors changes to ensure organizational awareness. Provides direction to and facilitates HIPAA compliance at UMass Memorial (UMM) member entities.
Assists the Chief Privacy Officer in the development of an annual Work Plan and reporting performance indicators to measure the effectiveness of the privacy program.
Assists the Chief Privacy Officer in conducting privacy investigations. Recommends appropriate follow-up actions related to patient privacy complaints/incidents, etc. Utilizes results of incidents to recommend monitoring programs and remediation plans.
Maintains the Privacy complaint process (including the Privacy Line and email inquiry account) for receiving, documenting, tracking, investigating, and preparing responses to inquiries received from patients, employees, and other sources.
Assists with external reviews or investigations from the Office for Civil Rights and other regulatory or law enforcement authorities.
Identifies policies requiring development/revision and develops plans for monitoring the status of and compliance with these policies.
Provides privacy training, orientation and awareness to all members of the workforce including employees, volunteers, students, and other appropriate third parties.
Performs periodic privacy risk assessments and related ongoing compliance monitoring activities, including effectiveness assessments of privacy policies and procedures.
Participates in the implementation and monitoring of business associate agreements to ensure privacy concerns, requirements and responsibilities are addressed.
Serves as a member of the Privacy & Information Security Workgroup and HIPAA Advisory Group. Periodically provide reports to the Privacy & Information Security Workgroup and the HIPAA Advisory Group.
Communicates with the Privacy and Information Security Officers upon the discovery of potential information security issues that may impact UMM’s ability to comply with its privacy policies.
Complies with established departmental policies, procedures, and objectives.
Attends meetings, conferences, and seminars as required or directed.
Demonstrates the use of quality improvement processes in daily operations.
Complies with all health and safety regulations and requirements.
Respects diverse views and approaches, and contributes in maintaining an environment of professionalism, tolerance, civility and acceptance toward all employees, patients and visitors.
Performs other similar and related duties as required or directed.
All responsibilities are essential job functions.
We’re striving to make respect a part of everything we do at UMass Memorial – for our patients and for each other. We’re expecting that our new caregivers practice our six Standards of Respect: Acknowledge, Listen, Communicate, Be Responsive, Be a Team Player, and Be Kind, to help us make respect a part of how we take care of business everyday.

As an equal opportunity and affirmative action employer, UMMHC recognizes the power of a diverse community and encourages applications from individuals with varied experiences, perspectives and backgrounds. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, gender identity and expression, protected veteran status or other status protected by law.

If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at talentacquisition@umassmemorial.org. We will make every effort to respond to your request for disability assistance as soon as possible.