Manager of Compliance, Security, and Privacy
Company: Saginaw County Community Mental Health Authority
Location: Saginaw
Posted on: June 21, 2022
|
|
Job Description:
POSITION SUMMARY: This position directs and is responsible for
all subject matters related to regulatory and State contract
compliance, security, and privacy. This position will also act as a
mentor and leader to help guide all members of the Business
Intelligence and Information Technology Department Teams about role
specific subject matter and primary responsibilities. This person
will be knowledgeable in all areas of law and statutory regulation
pertaining to state and federal health care compliance Scope
Summary: As the Manager of Compliance, Security & Privacy and
SCCMHA's Compliance Officer, this position oversees the
implementation and continued compliance to federal and state laws.
Is a resource for the Management Team, Leadership, Clinicians,
Providers, & Staff Members. Is responsible for the SCCMHA
Compliance and Privacy Program. Leads all risk assessments and
creates an associated corrective action & work plan. Responds to
alleged violations of Compliance-related complaints and prepares
all oral and written follow-up reports & recommendations. Maintains
information of all sources of federal and state regulatory
publications providing analysis to SCCMHA Management in all areas
of SCCMHA compliance risk exposure. Scans and reads the Federal
Register, MDHHS Medicaid Manual and L Letters, the web site of the
Office of the Inspector General (OIG) and Michigan Department of
Health and Human Services (MDHHS), and other key regulatory
agencies, industry journals, electronic news services, association
newsletters and conferences. Maintains compliance related
subject-matter expertise related to current laws, statutes,
regulations, and contractual obligations that impact healthcare
operations. Facilitates proper reporting of violations to
applicable government agencies including MDHHS and MSHN as
indicated by the law or contract. Responsible for all policies and
procedures related to the operation of the Compliance Program.
Handles, investigates, and prepares needed reports for all Medicaid
Fair Hearings in partnership with other key staff informants. As
SCCMHA's Security Officer, this position is a Primary Member of the
Information and Network Security Team. This position is responsible
for the security of the agency's network, hardware, information
systems, infrastructure, PHI, and all other digital assets.
Responsible for the continuous management of information security
policies, procedures, and technical systems to maintain the
confidentiality, integrity, and availability of all SCCMHA
information systems. Is responsible for all information security
internal auditing, risk assessments, staff security & awareness
training and policies & procedures. As SCCMHA's Privacy Officer,
this position will ensure HIPAA compliance and create, keep current
& maintain, and review in total semi-annually, all applicable
policies and procedures. Serves as the SCCMHA Privacy Officer,
responsible for maintaining compliance with Michigan and Federal
regulations which among other things, protects the privacy of
SCCMHA consumer health records. These regulations include the
Michigan Mental Health Code, HIPAA, and 42 CFR Part 2. Facilitate
and promote privacy awareness within SCCMHA. Works with staff
regarding the proper release of PHI to ensure compliance with
SCCMHA policies, procedures, and legal requirements. Develop,
provide, and monitor, in conjunction with the Training Department,
training and education programs for new employees as well as
on-going training for all staff, related to Compliance and HIPAA.
This position will be knowledgeable about and actively support
culturally competent recovery-based practices; person centered
planning as a shared decision-making process with the individual,
who defines his/her life goals and is assisted in developing a
unique path toward those goals; and a trauma informed culture of
safety to aid consumer in the recovery process.Job
Requirements:Compliance Officer --- - - -Oversees the
implementation and continued compliance to federal and state laws.
- --- - - -Maintains current regulatory resources; provides timely
regulatory updates to the Management Team, Leadership, Clinicians,
Staff and Contracted Providers. --- - - -Performs ongoing
monitoring of all areas of privacy, identifies and assesses areas
of privacy risk, and acts decisively on issues of potential
non-compliance. --- - - -Develops & manages the day-to-day
operations of the SCCMHA Compliance and Privacy Program. --- - -
-Evaluate potential risks by conducting on-going and annual
security and other risk assessments. --- - - -Creates an associated
corrective action & work plan to provide focus to the Compliance
Department for the coming year. --- - - -Respond to alleged
violations of Compliance-related regulations, policies, procedures,
and standards of conduct by conducting or overseeing investigations
into such allegations. --- - - -Manages the SCCMHA Fraud and Abuse
Hotline --- - - -Conduct investigations and collaborate with other
departments, including outside counsel as appropriate, to provide
guidance and direct compliance related issues to appropriate
channels for investigation and resolution. --- - - -Prepare oral
and written reports, including recommendations for improvement
based on audit and investigative reports. --- - - -Maintain
information links with primary and secondary sources of federal and
state regulatory publications providing analysis to SCCMHA
Management in all areas of SCCMHA compliance risk exposure.
Establish a routine of scanning and reading the Federal Register,
MDHHS Medicaid Manual, L Letters and MDHHS and MSHN Contracts and
any Amendments, federal grant awards and related Cooperative
Agreements, the web site of the Office of the Inspector General
(OIG) and other key regulatory agencies, industry journals,
electronic news services, association newsletters and conferences.
--- - - -Maintain compliance related subject-matter expertise
related to current laws, statutes, regulations, and contractual
obligations that impact healthcare operations; including the Mental
Health Code, MI Social Welfare Act, the Social Security Act, civil
liberties, federal Managed Care rules, federal rules for privacy,
IS and IT security, accreditation standards, quality, and contracts
to determine compliance-related program needs and provide strategic
advice to SCCMHA Management Team. --- - - -Collaborate with Quality
& Medical Records Supervisor to review legal parameters for release
of consumer health care records as per HIPAA and 42 CFR. from
specific requesting parties including consumers/their families,
other health care providers, and by court subpoena - --- - -
-Facilitate proper reporting of violations to applicable government
agencies as indicated by the law regulation and contract. --- - -
-Develop, implement, maintain, and revise policies and procedures
for the general operation of the Compliance Program and its related
activities to prevent illegal, unethical, or improper conduct in
collaboration with the Chief Executive Officer, Chief Information
Officer, Chief Finance Officer, Chief of Network Operations,
Executive Clinical Director, and the Compliance and Policy Team.
--- - - -Develop reports and metrics that demonstrate the
effectiveness of the Compliance Program. --- - - -Act as primary
SCCMHA contact for Administrative (Medicaid) Fair Hearings. Work
with staff to secure clinical information for fair hearings.
Prepare hearing summaries and works closely with the state
Administrative Tribunal. Serve as Hearing Officer for Medicaid Fair
Hearings. --- - - -Coordinate document submission to MDHHS and MSHN
as necessary. Participate in periodic technical assistance sessions
with Mid State Health Network and Michigan Association of Community
Mental Health Boards. --- - - -Provide project planning support to
compliance workgroups. Receive and file workgroup documentation.
Monitor workgroup documentation and provide guidance in necessary
elements for documentation quality. --- - - -Represents SCCMHA on
MSHN Compliance Committee and on the Community Mental Health
Association of MI (CMHA's) Legislative & Policy Committee and
Contract and Financial Issues Committee. --- - - -Completes regular
reporting for SCCMHA to MSHN for OIG matters. --- - - -Submit
Medicaid Fair Hearing Reports to MSHN on a quarterly basis. - --- -
- -Submit Annual Litigation Reports to MSHN on an annual basis. ---
- - -Submit OIG Reports to MSHN on a quarterly basis. - --- - -
-Responsible for the management of legal subpoenas or summons for
information, records, court appearance and related legal matters.
--- - - -Receives and responds to Freedom of Information Act (FOIA)
requests within required timelines as per statute. --- - -
-Annually reviews MDHHS and MSHN Contracts and any attachments or
amendments to identify changes, additional provisions and
responsibilities and writes summary of changes for CEO, Management
Team and SCCMHA Board of Directors --- - - -Cooperate with the
Office of Civil Rights (OCR) and other legal entities and
organization officers in any compliance reviews, audits, or
investigations. --- - - -Performs monthly Streamline Verify checks.
Primary Member of the Information and Network Security Team --- - -
-Directs & ensures that all tasks & responsibilities of the
Information and Network Security Team are prioritized, planned &
completed in the necessary timeline to ensure proper information &
network security. Although this position may not be the staff
member who completes the activities, this position will be
responsible for their completion. - Security Officer Internal
Auditing --- - - -Regularly review audit logs, access reports, and
security incident tracking reports. --- - - -Perform ongoing
information & security risk assessments and audits to ensure that
information systems are protected and meet HIPAA requirements. ---
- - -Cooperate with the Office of Civil Rights (OCR) and other
legal entities and organization officers in any compliance reviews,
audits, or investigations. --- - - -Lead an incident response team
to contain, investigate, and prevent future computer security
breaches. --- - - -Regularly monitor attempts by unauthorized
persons to log on to the SCCMHA information system. Risk Assessment
--- - - -Ensure that the access control, disaster recovery,
business continuity, incident response, and risk management needs
of the organization are properly addressed. --- - - -Perform an
enterprise-wide risk assessment of SCCMHA's information systems.
--- - - -Will develop and maintain an in-depth understanding of
SCCMHA's administrative, physical, and technical safeguards.
Privacy Officer --- - - -Serves as the SCCMHA Privacy Officer,
responsible for maintaining compliance with Michigan and Federal
regulations which among other things, protects the privacy of
SCCMHA consumer health records. These regulations include the
Michigan Mental Health Code, HIPAA, and 42 CFR Part 2. - --- - -
-Provide relevant information to SCCMHA Management Team,
Leadership, Clinicians, Providers, & Staff with respect to the
SCCMHA Compliance and Privacy program to identify and mitigate risk
related to Compliance, Privacy, and IS/IT Security. --- - -
-Maintain lines of communication with respect to Compliance and
Privacy issues, including the confidential Fraud and Abuse Hotline.
--- - - -Assess training needs relevant to Compliance, HIPAA, and
other related topics, and incorporate into an Annual Compliance
plan. --- - - -Develop, provide, and monitor, in conjunction with
the Training Department, training and education programs for new
employees as well as on-going training for all staff, related to
Compliance, HIPAA, 42-CFR and other related topics. -
Keywords: Saginaw County Community Mental Health Authority, Saginaw , Manager of Compliance, Security, and Privacy, Executive , Saginaw, Michigan
Click
here to apply!
|