Manager of Compliance, Security, and Privacy

Company: Saginaw County Community Mental Health Authority
Location: Saginaw
Posted on: June 21, 2022

Job Description:

POSITION SUMMARY: This position directs and is responsible for all subject matters related to regulatory and State contract compliance, security, and privacy. This position will also act as a mentor and leader to help guide all members of the Business Intelligence and Information Technology Department Teams about role specific subject matter and primary responsibilities. This person will be knowledgeable in all areas of law and statutory regulation pertaining to state and federal health care compliance Scope Summary: As the Manager of Compliance, Security & Privacy and SCCMHA's Compliance Officer, this position oversees the implementation and continued compliance to federal and state laws. Is a resource for the Management Team, Leadership, Clinicians, Providers, & Staff Members. Is responsible for the SCCMHA Compliance and Privacy Program. Leads all risk assessments and creates an associated corrective action & work plan. Responds to alleged violations of Compliance-related complaints and prepares all oral and written follow-up reports & recommendations. Maintains information of all sources of federal and state regulatory publications providing analysis to SCCMHA Management in all areas of SCCMHA compliance risk exposure. Scans and reads the Federal Register, MDHHS Medicaid Manual and L Letters, the web site of the Office of the Inspector General (OIG) and Michigan Department of Health and Human Services (MDHHS), and other key regulatory agencies, industry journals, electronic news services, association newsletters and conferences. Maintains compliance related subject-matter expertise related to current laws, statutes, regulations, and contractual obligations that impact healthcare operations. Facilitates proper reporting of violations to applicable government agencies including MDHHS and MSHN as indicated by the law or contract. Responsible for all policies and procedures related to the operation of the Compliance Program. Handles, investigates, and prepares needed reports for all Medicaid Fair Hearings in partnership with other key staff informants. As SCCMHA's Security Officer, this position is a Primary Member of the Information and Network Security Team. This position is responsible for the security of the agency's network, hardware, information systems, infrastructure, PHI, and all other digital assets. Responsible for the continuous management of information security policies, procedures, and technical systems to maintain the confidentiality, integrity, and availability of all SCCMHA information systems. Is responsible for all information security internal auditing, risk assessments, staff security & awareness training and policies & procedures. As SCCMHA's Privacy Officer, this position will ensure HIPAA compliance and create, keep current & maintain, and review in total semi-annually, all applicable policies and procedures. Serves as the SCCMHA Privacy Officer, responsible for maintaining compliance with Michigan and Federal regulations which among other things, protects the privacy of SCCMHA consumer health records. These regulations include the Michigan Mental Health Code, HIPAA, and 42 CFR Part 2. Facilitate and promote privacy awareness within SCCMHA. Works with staff regarding the proper release of PHI to ensure compliance with SCCMHA policies, procedures, and legal requirements. Develop, provide, and monitor, in conjunction with the Training Department, training and education programs for new employees as well as on-going training for all staff, related to Compliance and HIPAA. This position will be knowledgeable about and actively support culturally competent recovery-based practices; person centered planning as a shared decision-making process with the individual, who defines his/her life goals and is assisted in developing a unique path toward those goals; and a trauma informed culture of safety to aid consumer in the recovery process.Job Requirements:Compliance Officer --- - - -Oversees the implementation and continued compliance to federal and state laws. - --- - - -Maintains current regulatory resources; provides timely regulatory updates to the Management Team, Leadership, Clinicians, Staff and Contracted Providers. --- - - -Performs ongoing monitoring of all areas of privacy, identifies and assesses areas of privacy risk, and acts decisively on issues of potential non-compliance. --- - - -Develops & manages the day-to-day operations of the SCCMHA Compliance and Privacy Program. --- - - -Evaluate potential risks by conducting on-going and annual security and other risk assessments. --- - - -Creates an associated corrective action & work plan to provide focus to the Compliance Department for the coming year. --- - - -Respond to alleged violations of Compliance-related regulations, policies, procedures, and standards of conduct by conducting or overseeing investigations into such allegations. --- - - -Manages the SCCMHA Fraud and Abuse Hotline --- - - -Conduct investigations and collaborate with other departments, including outside counsel as appropriate, to provide guidance and direct compliance related issues to appropriate channels for investigation and resolution. --- - - -Prepare oral and written reports, including recommendations for improvement based on audit and investigative reports. --- - - -Maintain information links with primary and secondary sources of federal and state regulatory publications providing analysis to SCCMHA Management in all areas of SCCMHA compliance risk exposure. Establish a routine of scanning and reading the Federal Register, MDHHS Medicaid Manual, L Letters and MDHHS and MSHN Contracts and any Amendments, federal grant awards and related Cooperative Agreements, the web site of the Office of the Inspector General (OIG) and other key regulatory agencies, industry journals, electronic news services, association newsletters and conferences. --- - - -Maintain compliance related subject-matter expertise related to current laws, statutes, regulations, and contractual obligations that impact healthcare operations; including the Mental Health Code, MI Social Welfare Act, the Social Security Act, civil liberties, federal Managed Care rules, federal rules for privacy, IS and IT security, accreditation standards, quality, and contracts to determine compliance-related program needs and provide strategic advice to SCCMHA Management Team. --- - - -Collaborate with Quality & Medical Records Supervisor to review legal parameters for release of consumer health care records as per HIPAA and 42 CFR. from specific requesting parties including consumers/their families, other health care providers, and by court subpoena - --- - - -Facilitate proper reporting of violations to applicable government agencies as indicated by the law regulation and contract. --- - - -Develop, implement, maintain, and revise policies and procedures for the general operation of the Compliance Program and its related activities to prevent illegal, unethical, or improper conduct in collaboration with the Chief Executive Officer, Chief Information Officer, Chief Finance Officer, Chief of Network Operations, Executive Clinical Director, and the Compliance and Policy Team. --- - - -Develop reports and metrics that demonstrate the effectiveness of the Compliance Program. --- - - -Act as primary SCCMHA contact for Administrative (Medicaid) Fair Hearings. Work with staff to secure clinical information for fair hearings. Prepare hearing summaries and works closely with the state Administrative Tribunal. Serve as Hearing Officer for Medicaid Fair Hearings. --- - - -Coordinate document submission to MDHHS and MSHN as necessary. Participate in periodic technical assistance sessions with Mid State Health Network and Michigan Association of Community Mental Health Boards. --- - - -Provide project planning support to compliance workgroups. Receive and file workgroup documentation. Monitor workgroup documentation and provide guidance in necessary elements for documentation quality. --- - - -Represents SCCMHA on MSHN Compliance Committee and on the Community Mental Health Association of MI (CMHA's) Legislative & Policy Committee and Contract and Financial Issues Committee. --- - - -Completes regular reporting for SCCMHA to MSHN for OIG matters. --- - - -Submit Medicaid Fair Hearing Reports to MSHN on a quarterly basis. - --- - - -Submit Annual Litigation Reports to MSHN on an annual basis. --- - - -Submit OIG Reports to MSHN on a quarterly basis. - --- - - -Responsible for the management of legal subpoenas or summons for information, records, court appearance and related legal matters. --- - - -Receives and responds to Freedom of Information Act (FOIA) requests within required timelines as per statute. --- - - -Annually reviews MDHHS and MSHN Contracts and any attachments or amendments to identify changes, additional provisions and responsibilities and writes summary of changes for CEO, Management Team and SCCMHA Board of Directors --- - - -Cooperate with the Office of Civil Rights (OCR) and other legal entities and organization officers in any compliance reviews, audits, or investigations. --- - - -Performs monthly Streamline Verify checks. Primary Member of the Information and Network Security Team --- - - -Directs & ensures that all tasks & responsibilities of the Information and Network Security Team are prioritized, planned & completed in the necessary timeline to ensure proper information & network security. Although this position may not be the staff member who completes the activities, this position will be responsible for their completion. - Security Officer Internal Auditing --- - - -Regularly review audit logs, access reports, and security incident tracking reports. --- - - -Perform ongoing information & security risk assessments and audits to ensure that information systems are protected and meet HIPAA requirements. --- - - -Cooperate with the Office of Civil Rights (OCR) and other legal entities and organization officers in any compliance reviews, audits, or investigations. --- - - -Lead an incident response team to contain, investigate, and prevent future computer security breaches. --- - - -Regularly monitor attempts by unauthorized persons to log on to the SCCMHA information system. Risk Assessment --- - - -Ensure that the access control, disaster recovery, business continuity, incident response, and risk management needs of the organization are properly addressed. --- - - -Perform an enterprise-wide risk assessment of SCCMHA's information systems. --- - - -Will develop and maintain an in-depth understanding of SCCMHA's administrative, physical, and technical safeguards. Privacy Officer --- - - -Serves as the SCCMHA Privacy Officer, responsible for maintaining compliance with Michigan and Federal regulations which among other things, protects the privacy of SCCMHA consumer health records. These regulations include the Michigan Mental Health Code, HIPAA, and 42 CFR Part 2. - --- - - -Provide relevant information to SCCMHA Management Team, Leadership, Clinicians, Providers, & Staff with respect to the SCCMHA Compliance and Privacy program to identify and mitigate risk related to Compliance, Privacy, and IS/IT Security. --- - - -Maintain lines of communication with respect to Compliance and Privacy issues, including the confidential Fraud and Abuse Hotline. --- - - -Assess training needs relevant to Compliance, HIPAA, and other related topics, and incorporate into an Annual Compliance plan. --- - - -Develop, provide, and monitor, in conjunction with the Training Department, training and education programs for new employees as well as on-going training for all staff, related to Compliance, HIPAA, 42-CFR and other related topics. -

Keywords: Saginaw County Community Mental Health Authority, Saginaw , Manager of Compliance, Security, and Privacy, Executive , Saginaw, Michigan