General Summary Supports and is committed to operating an effective Corporate Compliance and Privacy Program. Works under general direction to perform ongoing activities related to developing, implementing, maintaining, and adhering to policies and procedures in compliance with federal, state, and local laws and regulations. Under general supervision, works closely with key stakeholders to implement elements of the Corporate Compliance and Privacy Program to ensure compliance with existing and new federal and state laws and regulations affecting the University of Maryland Medical System (UMMS).

Responsibilities include representing assigned policy and procedure development areas, performing privacy and compliance risk assessments, education and training, and auditing and monitoring. Responsible for facilitating the development and maintenance of the Compliance and Privacy Work Plan. Works collectively with hospital management and other personnel to ensure that Corporate Compliance and Privacy Program initiatives are implemented across UMMS.

Principal Responsibilities and Tasks

The following statements describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all job duties performed by personnel so classified.

Accountable for the Compliance Program at Member Organizations (MOs). Directs assigned MO-specific risk assessments related to HIPAA and privacy compliance. Conducts risk assessment analysis identifying high, medium, and low risks. Works with UMMS System and Physician Compliance Leadership to compile Executive reports on Member Organizations aggregate risk assessment findings and recommendations. Communicates risks to both technical and non-technical stakeholders.

Lead assigned Member Organization Privacy Monitoring Program and ensure ongoing monitoring of inappropriate/unauthorized access and disclosures through the use of electronic record monitoring applications and features (e.g., Protenus, Break-the-Glass, etc.) and data loss prevention applications in accordance with the Health Information Technology for Economic and Clinical Health Act and HIPAA Privacy Rule. Perform trend analyses. Prepare summary reports for Executive Leadership on privacy monitoring activities.

Serves as an expert resource in interpreting and providing guidance to departmental representatives on developing policies specific to their departmental needs.

Oversees development and dissemination of compliance policies and procedures.

Leads the development and approves use of monitoring and auditing tools for assigned areas. Reviews reporting to ensure adherence to compliance and privacy. Recommends actions based on self-monitoring results to ensure that programs and procedures follow regulatory requirements.

Directs local compliance and privacy auditing and monitoring activities. Reviews findings as required for compliance with various regulatory guidelines. Identifies and escalates issues to executive leadership. Ensure compliance monitoring reports are updated.

Accountable for assuring timely completion of all management action plans resulting from compliance-related findings by internal audit for assigned Member Organizations.

Provides ongoing compliance and privacy education including regular training sessions and special topic training.

Develops activities to foster compliance and privacy awareness through various modes of publicity (publications, newsletters, fairs, Intranet, etc.).

Maintains local systems to solicit, evaluate and respond to complaints, problems, and issues through all means of communication. Coordinates and oversees investigations, responses to violations, and corrective actions for reports of alleged fraud and noncompliance.

Ensures all escalated complaints for supported Member Organizations are resolved timely and satisfactorily.

Based on investigation report findings, reviews recommendations and approves adjustments necessary for achieving set objectives.

Utilizes IT systems/tools in managing and coordinating data investigations.

Participates in UMMS and Member Organizations Compliance Committees as the lead compliance and privacy representative. Sets compliance committee agenda. Chairs the assigned Member Organization quarterly compliance committee and ensures the meeting packet is complete and submitted to stakeholders within five calendar days before the meeting.

Monitors and keeps up-to-date with laws, regulations, standards, and guidelines. Communicates and distributes information relating to updates to the appropriate stakeholders.

Prepares reports to meet the needs of local and Corporate executive leadership and the Audit and Compliance Committee of the Board of Directors.

Collaborates with the Director, Physician and Ambulatory Network for pertinent physician-related matters.

Perform other duties as assigned.

Education and Experience

Bachelors degree or an equivalent combination of education and experience is required. Masters degree preferred.

Ten 10 years of related compliance and privacy experience with a background in healthcare regulatory issues, including general familiarity with hospital billing, is required. Four (4) years of experience in healthcare or regulatory fields is preferred.

Certified in Healthcare Compliance or other professional compliance certification (or achieve certification by 12 months from hire date.)

Experience and working knowledge of Corporate Compliance, Audit, Legal, Privacy, or Information Security. Experience with case investigations management and compliance hotline management preferred.