Serve as the officer responsible for the design, implementation, operation, and enforcement of a corporate compliance program that meets the expectations of federal and state privacy regulations, and Edifecs’ contractual obligations under Business Associate Agreements (and similar agreements) with its healthcare customers.
Serve as the leader of Edifecs’ Privacy and Security Task Force.
Provide input and guidance on HIPAA and other regulatory requirements and developments, and update senior management regarding the status of compliance efforts at Edifecs.
Develop, review, update, implement and maintain policies and procedures relating to compliance with current regulatory requirements, privacy, security, confidentiality, and the protection of PHI and ePHI.
Perform regular assessments of compliance risks and develop a risk matrix proactively identifying areas of vulnerability and approaches to addressing the same.
Work to minimize the cost and organizational resources that privacy/security compliance places on Edifecs’ business.
Oversee the work of third parties that provide certifications and/or conduct vulnerability assessments, security risk audits, and compliance reviews of Edifecs’ systems and products.
Receive and respond to compliance and security inquiries in customer contracts, requests for proposals, security addenda, and business associate agreements.
Maintain written documentation of actions, activities or assessments in accordance with state and federal law.
Develop and implement educational and training programs focused, among other topics, on confidentiality, the protection of PHI and ePHI, elements of the compliance program, and developments in privacy regulatory requirements.
Work with legal counsel, management, and key departments (including IT, Operations, Engineering, and Product Support) to ensure that Edifecs has and maintains the appropriate privacy and security safeguards that meet federal and state requirements.
Conduct all other duties assigned by the Privacy and Security Task Force.
Degree in health care administration, business administration, information technology, law, or similar field, and at least five years increasingly responsible related experience.
Strong understanding of the health care industry and regulatory standards and requirements, including HIPAA and HITECH.
Strong knowledge of technology, security, vulnerability and risk analysis.
Ability to maintain a view of the essential role of compliance as facilitative, not punitive.
Ability to implement a forward-looking approach to predict trends and create solutions, not merely the ability to identify problems or risks.
Ability to read, analyze and interpret governmental regulations, including healthcare regulations and technical/security requirements.
Ability to write clear, concise reports, business correspondence, and procedures.
Demonstrated organization, communication, and presentation skills.
Edifecs is an equal-opportunity employer.
Edifecs - 20 months ago