The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other individually identifiable health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of protected health information and sets limits and conditions on the uses and disclosures that may be made of such information without an individual’s authorization. A covered entity must designate a privacy official who is responsible for the development and implementation of the policies and procedures of the entity. The Privacy Officer is responsible for the development, implementation, and maintenance of privacy policies privacy policies and procedures, educating the workforce on privacy practices, receiving complaints, conducting investigations, handles incidents related to patient data breaches, and knowledge management of privacy practices.

The Privacy Officer is primarily responsible for all ongoing activities related to the availability, integrity and confidentiality of provider, employee, and business information with privacy policies in accordance with federal and state laws.

This position is a full-time, onsite position (not remote) with typical office hours of 8am-5pm Monday through Friday.

Required Skills/Abilities:

• Bachelor’s degree in Health Administration, Health Information Management, Information Systems, or related field.
• Minimum of five (5) years’ experience in the health care field
• Strong knowledge of HIPAA, ARRA, HITECH and other applicable federal and state privacy laws.
• Demonstrated ability to work collaboratively across departments, including legal, compliance, Human Resources, and Information Technology (IT).
• Excellent written and verbal communication skills.
• Ability to manage sensitive and confidential information with discretion within required timelines.
• Microsoft Office Application proficiency

Physical Requirements:

• Sitting for prolonged periods of time at a desk.
• Computer use that requires visual acuity, typing, use of mouse/keyboard, and staring at a screen for extended periods of time.
• Occasionally lifting objects of up to 25 pounds such as files, office supplies, assisting patients when needed, etc.
• Walking and standing for continuous periods around the office or clinic as needed.
• Fine motor skills for tasks like typing, writing, handling small objects or equipment and materials.
• Adequate mobility for daily interactions, movement throughout the clinic or office environment daily, and traveling between company locations as needed.

Certifications/Licenses/Education/or Experience in a related field:

• Certification in Healthcare Privacy and Security (e.g., CHPS, CIPP, CHPC) preferred

Job Duties / Responsibilities:

• Serves as the Highlands Oncology Group’s designated Privacy Officer and primary point of contact for all privacy and/or HIPAA privacy-related concerns or complaints employees, patients, or third parties.
• Ensure internal compliance with privacy practices and enforce consistent application of sanctions for non-compliance across the organization.
• Develop, maintain, and update HIPAA-related privacy policies and procedures to ensure compliance with federal and state regulations.
• Ensure policies are effectively communicated to all staff and incorporated into onboarding and annual training programs .
• Conduct regular reviews and risk assessments to identify areas for improvement or updates in policy.
• Monitor internal control systems and collaborate with IT to ensure appropriate access levels, user permissions, and information security safeguards are in place and maintained.
• Maintain up-to-date knowledge of all applicable federal and state privacy laws and standards, ensuring the organization is aligned with current regulatory expectations.
• Monitor advancements in privacy technologies and regulatory guidance to ensure appropriate organizational adaptation and continuous compliance.
• Receive, document, and investigate complaints from patients regarding potential HIPAA violations or privacy concerns.
• Conduct investigations into potential privacy violations or breaches, ensure timely mitigation or corrective actions, and report confirmed incidents to regulatory authorities (e.g., HHS OCR) in accordance with legal and regulatory timeframes.
• Prepare and submit all required state and federal reports related to privacy incidents and compliance efforts.
• Provide privacy compliance training and education to staff and leadership, and present updates and compliance metrics to appropriate committees and senior management as needed.
• Identify Business Associates and ensure all required Business Associate Agreements (BAAs) are executed and maintained in a centralized Master List in compliance with HIPAA regulations.
• Support audits and compliance reviews by internal departments and regulatory agencies.
• Perform risk assessments and develop mitigation strategies as required by HIPAA and related frameworks.
• Promote a culture of privacy and confidentiality throughout the organization.
• Respond to complaints in a timely and compliant manner, ensuring resolutions are compliant with organizational policy and federal regulations.
• Maintain a log of all privacy-related complaints and outcomes for audit and tracking purposes.
• Coordinate breach notification efforts in accordance with HIPAA requirements, including reporting to affected individuals, the Department of Health and Human Services (HHS), and the media when applicable.
• Implement corrective actions to prevent recurrence of unauthorized disclosures.
• Ensure that the organization’s Notice of Privacy Practices (NPP) is accurate, up-to-date, and accessible to all patients.
• Oversee the distribution of the NPP to patients and obtain documentation of receipt when required.
• Review and revise the NPP as necessary, especially when there are significant changes to privacy practices or laws.

Highlands Oncology Group offers a full, comprehensive, and competitive benefits package that includes medical, dental, vision, life, supplemental insurance policies, paid time off (PTO) and a 401k with a company match.