Job Summary
The Privacy Auditor manages a portfolio of privacy-related complaints and investigations to ensure they are handled appropriately, thoroughly and in a timely fashion. Gathers facts by conducting medical record reviews, system audit log reviews, Internet searches, interviews, and liaising with other department management as needed. Uses active listening and customer service experience to manage difficult conversations, especially with patients exercising their privacy rights. Provides written communications and reports to supervisors, Human Resources, etc. and makes recommendations for corrective action plans.
What You`ll Do
- Responds timely and professionally to privacy-related questions from employees and patients.
- Investigates, analyzes, and documents privacy-related concerns reported to the Corporate Compliance Office, including the Compliance hotline; identifies and assures that immediate mitigation steps taken.
- Participates in research, data gathering, and interviews related to the Privacy Program`s investigations/reviews.
- Works with Human Resources on privacy incident investigations to assure disciplinary action steps and follow through occurs.
- Researches and understands HIPAA and related privacy obligations.
- Assists with conducting audits of accesses to the EMR system(s), investigating potential inappropriate access to patient information.
- Prepares clear and concise draft reports presenting review and investigation results and recommended corrective actions.
- Performs a range of mainly straightforward assignments using prescribed guidelines or policies to analyze and resolve problems. Develops competence by performing structured work assignments.
- Identifies risk areas and assists with implementation procedures to ensure compliance with privacy-related policies and corrective action plans.
- Participates in the development and performance of the Privacy Program`s compliance work plan for the organization.
- May lead reviews, projects, or project steps within a broader project.
- Assists in reviews by external regulators, as necessary.
- Assists with development of training aids/educational materials.
- Develops a comprehensive and advanced working understanding of compliance privacy and security program to become an authoritative resource within the organization.
Mission Statement
Michigan Medicine improves the health of patients, populations and communities through excellence in education, patient care, community service, research and technology development, and through leadership activities in Michigan, nationally and internationally. Our mission is guided by our Strategic Principles and has three critical components; patient care, education and research that together enhance our contribution to society.
Why Join Michigan Medicine?
Michigan Medicine is one of the largest health care complexes in the world and has been the site of many groundbreaking medical and technological advancements since the opening of the U-M Medical School in 1850. Michigan Medicine is comprised of over 30,000 employees and our vision is to attract, inspire, and develop outstanding people in medicine, sciences, and healthcare to become one of the world’s most distinguished academic health systems. In some way, great or small, every person here helps to advance this world-class institution. Work at Michigan Medicine and become a victor for the greater good.
What Benefits can you Look Forward to?
- Excellent medical, dental and vision coverage effective on your very first day
- 2:1 Match on retirement savings
Required Qualifications*
Privacy Specialist Senior
- Bachelor`s degree in business, Health Care Administration or related field and 7 or more years of experience and / or combination of education and related experience.
- Certification in healthcare privacy and/or compliance (CHC, CHPC) from a credentialing body such as HCCA, or other recognized institution.
- Five (5) or more years of relevant experience in a healthcare compliance or privacy program and/or senior level healthcare operations, with working knowledge of health laws and regulations, accreditation.
- Has working knowledge of HIPAA, HITECH, and familiarity with healthcare and legal terminology.
- Ability to maintain confidentiality of sensitive and private information in accordance with applicable laws, policies and rules.
- Ability to plan, organize, and prioritize multiple tasks and work independently to meet deadlines and exercise sound professional judgment.
- Ability to work effectively with individuals at all levels and with varying backgrounds both within and outside the organization.
- Knowledge of and demonstrated ability to use logical, analytical, and problem-solving based methodologies to investigate complaints and concerns from patients, staff, faculty, and others, preferably experience in investigating privacy-related complaints and concerns.
- Ability to work independently with minimal supervision.
- Excellent organizational, written and verbal skills, with the ability to quickly analyze issues and craft practical, business-oriented solutions.
- Exceptional customer service, and presentation skills; Proficiency in all Microsoft office programs including Word, Excel, Outlook, and PowerPoint.
Privacy Specialist Intermediate:
- Bachelor`s degree in business, Health Care Administration or related field and 5 or more years of experience and / or combination of education and related experience.
- 3+ years` relevant experience specific to HIPAA Privacy and/or Security, conducting investigations and/or in a regulatory/legal role, or equivalent combination of education and experience.
- Ability to interact and communicate effectively with all levels of staff.
- Ability to research and understand HIPAA, HITECH, and other compliance obligations of basic and moderate complexity, including state and federal statutes and regulations.
- Strong critical thinking, analytical and problem-solving skills to effectively identify, investigate and analyze HIPAA compliance and incidents
- Detail-oriented with excellent organizational skills and ability to manage multiple assignments.
- Able to work independently with structured work assignments, under appropriate supervision, but obtains appropriate guidance when handling issues/cases involving higher complexity.
Desired Qualifications*
Privacy Specialist Senior:
- Degree in healthcare, healthcare administration, legal training and/or another related field. Certified in Healthcare Privacy Compliance (CHPC) or similar certification, or ability to take and pass CHPC exam and achieve certification no later than 24 months from hire date.
- Experience using electronic medical record systems, preferably Epic system.
- Proficient using Microsoft Excel and Sharepoint applications.
Privacy Specialist Intermediate:
- Degree in healthcare, healthcare administration, legal training and/or another related field.
- Experience using electronic medical record systems, preferably Epic system.
- Proficient using Microsoft Excel and Sharepoint applications.
- Certified in Healthcare Privacy Compliance (CHPC) or similar certification, or ability to take and pass CHPC exam and achieve certification no later than 24 months from hire date. Additional certification is encouraged but not required.
- Working knowledge of medical terminology and medical record documentation.
Modes of Work
Positions that are eligible for hybrid or mobile/remote work mode are at the discretion of the hiring department. Work agreements are reviewed annually at a minimum and are subject to change at any time, and for any reason, throughout the course of employment. Learn more about the .
Underfill Statement
This position may be underfilled at a lower classification depending on the qualifications of the selected candidate.
Additional Information
Cover Letter is a must with resume including interest and relevant experience
Research & writing skills will be assessed if asked to interview
CHPC examination to achieve certification at approx. 24 months from hire date
Background Screening
Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings. Background screenings are performed in compliance with the Fair Credit Report Act. Pre-employment drug testing applies to all selected candidates, including new or additional faculty and staff appointments, as well as transfers from other U-M campuses.
Application Deadline
Job openings are posted for a minimum of seven calendar days. The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.
U-M EEO/AA Statement
The University of Michigan is an equal opportunity/affirmative action employer.