Join the World's Top Legal Talent Network

The System Manager, HIPAA Privacy and Compliance is primarily responsible for the UofL Health system, including UofL Physicians to help ensure the safety and privacy of patient PHI. The scope of this program is enterprise wide and includes information in electronic, print and other formats. The purpose of this program is to assure that the information created, acquired or maintained by UofL Health and its authorized users is used in accordance with its intended purpose; to monitor PHI access, use and disclosure and; to assure that UofL Health workforce members comply with statutory and regulatory requirements.

Responsibilities

Performs audit activities for access to information systems and creates a resultant set of documents

• Assist the Director, Compliance, Risk & Audit Services with building a strategic and comprehensive privacy and compliance program that minimizes risk and ensures confidentiality of PHI.
• Assists with the development and implementation of corporate privacy and compliance policies, standards and procedures. Work with key department leaders in the development of such policies.
• Serves in a leadership role to all departments for privacy compliance.
• Manages and delivers initial and ongoing privacy and compliance training’s to workforce members on standards and procedures
• Collaborate with the HIPAA-Security Officer on compliance issues as necessary to ensure alignment between security and privacy compliance.
• Responds to and assist with mitigation for privacy and/or security incidents (breaches), respond to alleged policy violations, or complaints from external parties.
• Evaluate privacy trends, evolving threats, risks and vulnerabilities and apply tools to mitigate risk as necessary.
• Assist with the development and implementation of an ongoing risk assessment program targeting PHI privacy matters. Recommend methods for vulnerability detection and remediation.
• Keep abreast of latest privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to UofL Health and its mission.
• Assist in the breach notification process for HHS and patient reporting requirements
• Other duties as assigned.

Qualifications

Experience:

• Minimum five (5) years of experience in HIPAA Privacy regulatory requirements.
• Experience in developing and administering a healthcare privacy program, preferred.

Certification:

• Bachelor’s degree, required. Advanced degree preferred.
• CHC certification required. Prefer to have certification at time of hire but will allow 6 months to obtain after hire.