Western Connecticut Health Network (hereinafter referred to as “WCHN” or the “Network”) is seeking a Senior Compliance Officer/HIPAA Privacy and Security Officer & Administrative Director, Internal Investigations for its Corporate Compliance Department. The Senior Compliance Officer/HIPAA Privacy and Security Officer & Administrative Director, Internal Investigations will be responsible for internal compliance investigations, data incident response and data breach management. More specifically, pursuant to HIPAA regulations found at 45 CFR sections 164.530 [a] and 45 CFR 164.308 [a], this individual will serve as WCHN's HIPAA Privacy and Security Officer, and will oversee the Network's privacy initiatives from a compliance and audit perspective. This Administrative Director will report directly to the Chief Compliance, Audit, and Privacy Officer (“CCAPO”).
Work for Us Working for WCHN, which is comprised of Danbury Hospital; New Milford Hospital; Norwalk Hospital; Western Connecticut Medical Group; and Western Connecticut Home Care, you can make a meaningful difference in the lives of other people. Our WCHN Department of Research and Innovation, focused on the field of molecular science and personalized medicine, ranks among our country’s leading research organizations. Our Network offers many opportunities to grow your own skills and expertise – we offer competitive pay and a great working environment. Job Summary:
Perform internal investigations, as warranted, in response to compliance violations, problems, issues, and concerns. ?
Serve as WCHN's HIPAA Privacy Officer and Security Officer ?
Maintain compliance and privacy intake/incident data base and oversee the operation of the WCHN Confidential Compliance Helpline.
Develop and implement HIPAA policies and procedures related to implementation of administrative, physical, and technical safeguards including, for example, policies related to the following: (i) sanction/disciplinary measures; (ii) notice of privacy practices; (iii) incidental PHI use; (iv) whistleblower protection; (v) individual patient rights (e.g., with regard to PHI, the right to access, inspect, amend, receive accounting, receive notice of privacy practices, request certain restrictions, receive notice of a breach of their PHI, file a privacy complaint); (vi) business associate agreement; (vii) information system activity review policies (e.g., audit logs, access reports, and security tracking reports; (viii) workforce security as related to the appropriate level of protected health information (“PHI”) access (e.g., workforce clearance procedures, termination procedures) that should be granted to workforce members; (ix) information access management; (x) privacy and security awareness and training; (xi) security incident procedures; (xii) testing and revision procedures related to contingency plans; (xiii) facility security plan; (xiv) maintenance records; (xv) physical safeguards for workstations that access PHI; (xvi) PHI disposition policies and procedures: (xvii) media re-use; (xviii) data backup and storage; (xix) emergency access; (xx) automatic logoff; (xxi) encryption and decryption; (xxii) PHI integrity and authentication; and (xxiii) protection of PHI from alteration.
Develop and implement policies and procedures regarding (i) fraud, waste and abuse; (ii) record management; (iii) complaint and incident management, and (iv) investigatory procedures.
Supervise and manage subordinate personnel.
Develop, implement, and conduct Network-wide training and education on compliance issues including, without limitation, privacy issues.
Formal Education and Job-Related Experience: This position requires a minimum formal education of Bachelor Degree and minimum of seven years or more job-related experience. Certification: Auditor of Information Systems (CISA), or Healthcare Compliance (CHC), or Information Privacy (CIPP-US) Required Skills:
The ability to analyze data and investigational findings and summarize in a coherent, concise, and organized manner in written form.
Ability to act independently; excellent communication and written skills; leadership skills; proficiency in Microsoft PowerPoint, Excel, and Word and Westlaw and/or LexisNexis legal information systems; the ability to develop, lead and implement computer-based and live training and education programs; perform enterprise-wide risk identification, assessment, scoring, and prioritization activities; perform auditing and monitoring; perform internal investigations, interview witnesses, and maintain corresponding documentation of investigatory functions; past supervisory experience; time management skills; and an understanding of State and Federal privacy, record retention, and fraud, waste, and abuse laws.
Certification in at least one of the following at the time of appointment to the position: (i) certified as an auditor of information systems ("CISA" designation) from ISACA; (ii) certified in risk and information system control ("CRISC" designation) from ISACA; (iii) certified as a manager in information security ("CISM" designation) from ISACA; (iv) certified in the governance of enterprise information technology ("CGEIT" designation) from ISACA; or (v) certified as a professional in information systems security ("CISSP") designation) from (ISC)2; and 2. Certification in: (i) healthcare compliance ("CHC" designation) from the Compliance Certification Board within three (3) months of appointment (must be eligible to take the certification exam at the time of appointment); or (ii)(a) compliance and ethics ("CCEP" designation) from the Compliance Certification Board at the time of appointment; and (b) certification in health care compliance ("CHC" designation) within 12 months of appointment; and 3. Certification in information privacy ("CIPP-US") from the International Association of Privacy Professionals within six (6) months of appointment (must be eligible to take the examination at the time of appointment).
Criteria Desired (Not required): Master's Degree in information systems, compliance, accounting, public health or health services administration, business administration, organizational effectiveness, or management is strongly desired. Juris Doctor Degree is preferred. To apply to this job contact Jessica Tolla, Human Resources Recruiter Western CT Health Network at firstname.lastname@example.org To learn more about Western Connecticut Health Network. Visit our website at: http://www.westernconnecticuthealthnetwork.org/ To Visit our Career site and search jobs and to apply click here: http://www.westernconnecticuthealthnetwork.org/departments/careers Western Connecticut Health Network and its affiliates are equal opportunity employers. This philosophy calls for equal opportunities for employment, training, and advancement regardless of sex, race, creed, age, marital status, national origin, ancestry, religion, disability, sexual orientation or any other status protected by law.
About Western Connecticut Health Network
Working for Western Connecticut Health Network (hereinafter “WCHN” or the “Network”), comprised of Danbury Hospital; New Milford Hospital; Norwalk Hospital; Western Connecticut Medical Group; and Western Connecticut Home Care, you can make a meaningful difference in the lives of other people. Our WCHN Department of Research and Innovation, focused on the field of molecular science and personalized medicine, ranks among our country’s leading research organizations. Our Network offers many opportunities to grow your own skills and expertise – we offer competitive pay and a great working environment.
BACK TO TOP
ENA Job Center is Just One of the Benefits.
Discover what else ENA Membership has to offer!
The job you are trying to reach from was originally posted at ENA Job Center.