HIPAA Compliance Auditor

ECB Position: schedule will vary based on need of department - working hours will be Monday through Friday.

Job Summary: The HIPAA Compliance Auditor provides direct support to the Saint Francis Health System (SFHS) Compliance Program, pursuant to the Privacy function. The auditor intakes all privacy records: documents the findings, researches applicable policies/procedures/laws/regulations, supports holistic investigation of matter(s), prepares required action items resulting from investigation findings and performs routine auditing and monitoring of privacy related elements to improve compliance across the enterprise.

Minimum Education: Bachelor's degree in health-related discipline, Management Information Systems, or Business Administration.

Licensure, Registration and/or Certification: Certification in Healthcare Compliance (CHC) and/or Certification in Healthcare Privacy Compliance (CHPC), preferred.

Work Experience: Minimum 3 years of healthcare environment within an operations role with experience in health information management or medical business office. 1 year of experience in auditing/monitoring access to information in clinical applications, preferred. Hospital or physician office operations experience is a plus. Epic experience is a plus.

Knowledge, Skills and Abilities: Advanced proficiency within Excel utilizing tables, pivot tables, data organization, calculating formulas, and filtering information to provide quality data. Superior ability to collect, analyze, and disseminate significant amounts of information with attention to detail and accuracy. Excellent communication skills, both written and verbal that present clear and concise information.

Essential Functions and Responsibilities: Analyzes and reviews reports on user access to health information within SFHS' electronic health record application per SFHS' privacy and security policies and procedures. Performs periodic risk assessments across user groups to identify high-risk areas for privacy breaches within the electronic health record. Performs periodic and planned audits of access to SFHS patient medical records to validate that only persons with a treatment relationship or other need to know bases have accessed the patient's electronic health record. Conducts special audits of access to electronic records in response to patient complaints, as needed. Prepares reports for SFHS management on privacy audits and findings, including: compliance with SFHS policies, and identified privacy breeches, if any. Follows up with Leadership to initiate corrective actions in response to other identified privacy incidents. Assists with the privacy monitoring program, as needed. Supports the SFHS Information Security Program as needed to ensure coordination of activities and alignment between privacy and security.

Decision Making: Independent judgment in planning sequence of operations and making minor decisions in a complex technical or professional field.

Working Relationships: Works with other healthcare professionals and staff. Works frequently with individuals at Director level or above.

Special Job Dimensions: None.

Supplemental Information: This document generally describes the essential functions of the job and the physical demands required to perform the job. This compilation of essential functions and physical demands is not all inclusive nor does it prohibit the assignment of additional duties.

Location: