Job Description - Compliance and Privacy Officer eHealth

Sample Position Description

Position Title: Healthcare Compliance and Privacy Officer, eHealth organization

Immediate Supervisor: General Counsel, Executive Vice President or Other Senior Executive

General Purpose: The compliance/privacy officer serves as the process owner for activities that serve to provide appropriate access to, and protect the privacy and integrity of patient and provider information. The compliance/privacy officer works with others to make sure products comply with applicable laws and standards governing privacy and security.

Responsibilities:

Serves as an internal health information security and confidentiality consultant. Advises the organization about current privacy and security legislation. Assists General Counsel in dealing with various self-regulatory initiatives, such as Hi-Ethics and the Internet Healthcare Coalition's eHealth Code of Ethics. Originates white papers regarding health information privacy and security

Develops, implements and oversees privacy and security policies and procedures for employees. Initiates and conducts activities to create information privacy and security awareness and education within the company

Develops and implements health information privacy and security policies and procedures for contractors and business partners with access to health information

Develops product requirements and specifications for health information privacy and security

Develops the health information retention plan

Develops release of information policies and procedures

Develops website content on privacy

With the Compliance Program Manager, performs health information risk and compliance assessments

Monitors compliance with information security policies and procedures

Evaluates requests for health information for clinical research and coordinate responses/action with the Institutional Review Board

Represents the voice of the consumer with respect to privacy-related complaints

Qualifications:

Baccalaureate degree in health information administration or related field, or law degree; certification as an RHIA, with the American Health Information Management Association; experience with electronic health information systems; experience with health information confidentiality management.