Health Information Compliance Alert

Published on Fri Jan 04, 2013 PDF

From responsibilities relating to the use and disclosure of  protected health information, to developing guidance and assisting  in the implementation of your organization’s polices and  procedures, privacy officers are hot commodities these days.  Take a detailed look at some of their mind-boggling responsibilities!

Position Title: (Chief) Privacy Officer

Immediate Supervisor: Chief Executive Officer, Senior Executive, or Health Information Management (HIM) Department Head

General Purpose: The privacy officer oversees all ongoing activities related to the development,  implementation, maintenance of, and adherence to the organization’s policies and procedures covering the privacy of, and access to, patient health information in compliance with federal and state laws and the healthcare organization’s information privacy practices.

Responsibilities:

• Provides development guidance and assists in the identification, implementation, and maintenance of organization information privacy policies and procedures.
• Works with organization senior management and corporate compliance officer to establish an organization-wide Privacy Oversight Committee.
• Serves in a leadership role for the Privacy Oversight Committee’s activities.
• Performs initial and periodic information privacy risk assessments and conducts related ongoing compliance monitoring activities.
• Works with legal counsel and management, key departments, and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
• Oversees, directs, delivers, or ensures delivery of initial and privacy training and orientation to all employees, volunteers, medical and professional staff, contractors, alliances, business associates,and other appropriate third parties.
• Participates in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements.
• Establishes with management and operations a mechanism to track access to protected health information.
• Works cooperatively with the HIM Director and other applicable organization units in overseeing patient rights to inspect, amend, and restrict access to protected health information when appropriate.
• Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s privacy policies and procedures.
• Ensures compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organization’s workforce. Initiates, facilitates and promotes activities to foster information privacy awareness within the organization and related entities.
• Serves as a member of, or liaison to, the organization’s IRB or Privacy Committee, should one exist.
• Works with all organization personnel involved with any aspect of release of PHI.
• Maintains current knowledge of applicable federal and state privacy laws and accreditation standards.
• Serves as information privacy consultant to the organization for all departments and appropriate entities.
• Cooperates with the HHS Office for Civil Rights, other legal entities, and organization officers in any compliance reviews or investigations.

Source: This file was adapted with permission of the American Health Information Management Association, copyright 2003.