Privacy Officer

UnityPoint Health is seeking a Privacy Officer to join our Compliance team! In compliance with the HIPAA Privacy Rule, the Privacy Officer will be responsible for privacy issues in one or more Markets, assisting in other Markets as needed, and participating in the implementation of a standardized privacy program applicable to the entire system. The responsibilities for this role include:

• Collaborating with the management team in the design, implementation, and monitoring of privacy initiatives to ensure adherence to patient privacy regulations/laws (e.g. HIPAA, Part 2, Mental Health state laws, etc.);
• Developing and overseeing appropriate privacy-related education for new employees and existing staff members;
• Investigating suspected cases of improper privacy activity, misuse of data, mitigation, breach notification, education/training, and coordinate reporting to the applicable Compliance Committee as appropriate and recommend corrective steps.

If you enjoy working in Privacy, we would love for you to apply! A background or interest in privacy issues relating to the conduct of medical research is a plus!

Location: Applicants must reside in the Midwest as there will be travel to UnityPoint Health's markets in Iowa, Illinois, and Wisconsin

Hours: Monday-Friday, 8am-5pm

At UnityPoint Health, you matter. We're proud to be recognized as a Top 150 Place to Work in Healthcare by Becker's Healthcare several years in a row for our commitment to our team members.

Our competitive Total Rewards program offers benefits options that align with your needs and priorities, no matter what life stage you're in. Here are just a few:

• Expect paid time off, parental leave, 401K matching and an employee recognition program.

• Dental and health insurance, paid holidays, short and long-term disability and more. We even offer pet insurance for your four-legged family members.

• Early access to earned wages with Daily Pay, tuition reimbursement to help further your career and adoption assistance to help you grow your family.

With a collective goal to champion a culture of belonging where everyone feels valued and respected, we honor the ways people are unique and embrace what brings us together.

And, we believe equipping you with support and development opportunities is a vital part of delivering an exceptional employment experience.

Find a fulfilling career and make a difference with UnityPoint Health.

• Work in collaboration with the System Privacy Officer and Market Information Security Officer to maintain the privacy and security program for assigned Market(s).
• Support other Market Privacy Officers by handling incidents and matters from other Markets to ensure equitable distribution of work.
• Establish subject matter expertise as requested by the System Privacy Officer to support the system-wide privacy program.
• Support standardization of the privacy program across Markets, including standardized training and policies.
• Participate in system-wide initiatives impacting privacy.
• Plan, execute and manage a variety of technical, investigative, and education-based projects as a key member of the Compliance Department.
• Respond to investigations and/or inquiries from regulatory agencies on privacy concerns including, but not limited to: the Office of Civil Rights, Attorney General, accreditation bodies, etc.
• Develop communication tools and vehicles to disseminate and update management and staff on privacy initiatives, related policies and procedures, and regulations.
• Serve as a resource to providers and team members in establishing methods to improve efficiency and reduce vulnerability to privacy issues.
• Ensure Markets have appropriate Business Associate Agreements in place and perform ongoing monitoring thereof.
• Work with the management team in the design, implementation and monitoring of the privacy program and initiatives to promote and ensure adherence to federal and state privacy laws and regulations.
• Develop and oversee appropriate privacy-related education for new employees and existing team members.
• Assist in the development and execution of a Privacy Auditing and Monitoring Plan.
• Investigate suspected cases of improper privacy activity, coordinate reporting to the applicable regulatory bodies and Compliance Committee as appropriate, and recommend corrective steps.
• Ensure compliance with privacy monitoring and documentation requirements.
• Manage the process to receive, investigate, document, and respond to all privacy complaints.
• Ensure process for compliance with patient rights(i.e. accounting of disclosures, request to amend, right to access, restrict use and disclosure, and specific remedial privacy training)
• Collaborate with HR to ensure consistent application of sanctions for violations of privacy rules.
• Perform privacy walk-throughs and physical space assessments.
• Work with the System Privacy Officer to ensure that the organization has and maintains appropriate privacy and confidentiality consents, authorization forms, privacy notices, privacy policies and procedures, and business associate agreements.
• Prepare periodic reports to System Privacy Officer and leadership on status of privacy and security initiatives.
• Participate in periodic enterprise-wide meetings related to privacy/security.
• Support an environment of innovation, learning, teamwork, and professional practice, consistent with the mission, vision and values of the organization.
• Provide resources to help ensure all organization services, policies and procedures follow agency standards, regulatory mandates, accrediting bodies and federal, state and local regulations as appropriate.
• If delegated, function as the Identity Theft Prevention Officer.
• Collaborate with other Market Privacy Officers in building strong relationships in areas of responsibilities.
• Serve as a member or liaison to affiliate IRB as applicable.

• Bachelor's degree + 5 years of Privacy experience or equivalent required
• Certifcation in Healthcare Privacy (CHPC), Certified HIPAA Professional (CHP), Certified Information Privacy Professional (CIPP) required
• Experience within a large, complex healthcare organization and strong knowledge of federal and state privacy laws preferred