The Regional Compliance and Privacy Manager will help execute CHRISTUS' Corporate Compliance and Privacy Work Plans at the regional level. The Manager will facilitate the region's compliance with federal and state laws and regulations. Additionally, the Manager will investigate actual and suspected compliance and privacy incidents and report findings in accordance with CHRISTUS Investigations Policies. The manager helps ensure compliance with payor regulations and integrity of internal controls; recommends improvements in internal control structure; reviews medical records to establish accuracy of patient billing and charge capture process.
Assist the Regional Compliance and Privacy Officer with auditing and monitoring to ensure compliance with applicable laws and regulations including but not limited to the Health Information Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, Medicare and Medicaid and other federal and state privacy regulatory requirements;
Assist the Regional Compliance and Privacy Officer with execution of the CHRISTUS Health System annual work plan;
Assist with developing compliance and privacy risk assessments, participate in the development of appropriate workflows and corrective actions to address identified gaps and deficiencies;
Conduct regular Privacy Reviews to monitor employees' privacy knowledge. Coordinate and conduct "privacy walkthroughs;"
Take a proactive approach to implement systems and processes to prevent and/or mitigate privacy and compliance concerns in the region.
Ensure CHRISTUS maintains appropriate privacy and confidentiality consent forms, authorization forms, information notices and materials, and updated BAAs for your region;
Work with identified departments to develop and implement operational compliance and privacy training. Track privacy training and completion rates for your region
Collaborate with Information Security Officer or their regional designee to perform annual risk assessments. Assist in the development of a plan for assessing access to PHI and PII by employees, consultants, and business associates;
Assist in the development and/or execution of a complaint workflow so that departments can timely report compliance and privacy complaints received from patients, regulatory entities or internal privacy events, to the Compliance department;
Investigate suspected or reported incidents involving the use, disclosure, and storage of PHI including potential breaches, patient complaints and OCR complaints;
Assist the Regional Compliance and Privacy Officer and businesses in the preparation and coordination of regulatory audits, including OIG, OCR, and accreditation agencies;
Work with the Regional Compliance and Privacy Officer to prepare submission of required reporting of compliance incidents and/or HIPAA breaches to Federal and State regulators, as appropriate;
Coordinate with patients whose PHI has been breached or who have reported a concern.
Coordinate with IT Security Officer or regional designee regarding security issues
Assist in the completion of annual Compliance and Privacy risk assessment processes
Track Privacy training completion for your area of responsibility
Ensure Business Associate Agreements (BAAs) are updated within your region and area of responsibility
Maintain current knowledge of applicable federal and state laws applicable to healthcare privacy
Maintain rapport with business units to facilitate solid communications
Serve as a resource for questions regarding application of relevant laws and regulations and the privacy program policies and procedures
Provide appropriate privacy updates to the CHRISTUS Health Regional Compliance & Privacy Director, Director of Privacy and the VP/Chief Compliance and Privacy Officer for regional and system board reporting
Provide or direct compliance or privacy education, as permitted
Develop and deliver course content for targeted training initiatives as directed by the annual work plan
Initiate, facilitate, and promote activities to foster awareness of privacy within all entities
Coordinate and conduct, whenever possible, privacy monitoring "walkthroughs" at entities
Respond to and resolve compliance or privacy related issues received via the CHRISTUS Health Integrity Line
Maintain a process to document and track the progress of investigations and mitigation of privacy issues in the incident management system (e.g., Privacy Pro, Ethics Point, etc.)
Prepares the regional report for the system Compliance Office and Board of Directors, as directed by the CHRISTUS Health Regional Compliance & Privacy Director.
Research compliance, HIPAA Privacy and other privacy regulations as needed or requested and provide written guidance to affected parties
Other projects and duties as assigned.
Bachelor's Degree required; prefer in business, accounting, health care administration, legal
Knowledge of HIPAA Privacy
Working knowledge of hospital operation processes
Knowledge of audit and investigation techniques
Minimum of 3 to 5 years' general healthcare experience with knowledge of hospital operations, physician services and basic health plan requirements.
Prefer 5 years of general privacy experience
Prefer 4 years of experience in regulatory research and knowledge of federal and state law
CHRISTUS HEALTH is an international Catholic, faith-based, not-for-profit health system comprised of almost more than 600 services and facilities, including more than 60 hospitals and long-term care facilities, 350 clinics and outpatient centers, and dozens of other health ministries and ventures. CHRISTUS operates in 6 U.S. states, Colombia, Chile and 6 states in Mexico. To support our health care ministry, CHRISTUS Health employs approximately 45,000 Associates and has more than 15,000 physicians on medical staffs who provide care and support for patients. CHRISTUS Health is listed among the top ten largest Catholic health systems in the United States.