Privacy Officer

Do you envision finding a meaningful role with an inclusive and compassionate team? At Children’s Mercy, we believe in making a difference in the lives of all children and shining a light of hope to the patients and families we serve. Our employees make the difference, which is why we have been recognized by U.S. News & World Report as a top pediatric hospital, for eleven consecutive years.

Children’s Mercy is in the heart of Kansas City – a metro abounding in cultural experiences, vibrant communities and thriving businesses. This is where our patients and families live, work and play. This is a community that has embraced our hospital and we strive to say thanks by giving back. As a leader in children’s health, we engage in meaningful programs and partnerships throughout the region so that we can improve the lives of children beyond the walls of our hospital.

The role of the Privacy Officer is to ensure the Enterprise, its employees and Medical staff understand and maintain the highest level of compliance with internal policies and external laws and regulations as they relate to privacy and information security issues. This includes ensuring the Children's Mercy Enterprise (CME), including the CMH Employee Health Plan (CMEHP) and their staff maintain the highest level of privacy of patient information as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH) and other privacy and security related laws and regulations. Serves as a role model for ethical management behavior, promoting awareness and understanding of positive ethical and moral principles consistent with the missions of the CME and those required by law.

At Children’s Mercy, we are committed to ensuring that everyone feels welcomed within our walls. A successful candidate for this position will join us as we strive to create a workplace that reflects the community we serve, as well as our core values of kindness, curiosity, inclusion, team and integrity.

Additionally, it’s important to us that we remain transparent with all potential job candidates. Because we value the safety of the patients and families we serve, as well as the Children’s Mercy staff, we want to let you know that the seasonal influenza vaccine is a condition of employment for all employees in our organization. New employees must be willing to be vaccinated if found non-immune to measles, mumps, rubella (MMR) and chicken pox (varicella) and/or without evidence of tetanus, diphtheria, acellular pertussis (Tdap) vaccination since 2005. If you are selected for this position, you will be asked to supply your immunization records as proof of vaccination. If you and have any concerns about receiving these vaccines, medical and/or religious exemptions can be further discussed with Human Resources.

Oversight of the Privacy and Information Security Compliance Program. As the Hospital's designated Privacy Officer, you will maintain an effective privacy program to ensure compliance with federal and state laws, related to privacy and confidentiality of health information, including but not limited to HIPAA or HITECH. In collaboration with Information Security, provide independent oversight of the CME Information Security Program:

• Manage day-to-day privacy activities within the CME (Children’s Mercy Hospital, CMEHP, CM Home Care, Children’s Mercy Research Institute (CMRI)) including but not limited to acting as a resource on privacy related questions, concerns, or strategic planning.
• Perform or oversee the performance of internal investigations, resulting from reported privacy and security concerns within regulatory time frames and in accordance with the departmental established processes.   When indicated, collaborate with Office of General Counsel (OGC), Employee Relations, IS Cybersecurity Governance and Risk Services (GRS) and other departments to assist with the investigations and resolutions.
• Cooperate with the Office of Civil Rights, other regulatory entities and CME, in any review or investigation.
• Conduct  risk assessments and monitoring activities relative to privacy and security requirements.
• Oversee the performance of periodic access reviews to ensure access to PHI is in accordance with HIPAA and other compliance requirements.
• Develop or review policies and procedures that establish privacy standards.  This includes collaborating with other departments and individuals to assure appropriate policies are developed, implemented and in compliance with privacy requirements.
• Evaluate the adherence to policies that guide or support the provision of information security services and align with industry-regarded best practice.
• Ensure consistent application of sanctions for failure to comply with privacy and security policies.
• Monitor all developments and changes in laws and regulations that impact privacy policies and initiatives.  In addition, identify legislative and/or regulatory changes that set forth new requirements and ensure needed changes are implemented in the Information Security Program.
• Maintains a comprehensive privacy training and educational program for employees, Medical Staff, volunteers, agents and others as appropriate.
• Participate in the ongoing review, monitoring and maintenance of all business associate agreements.
• Review or delegate the review of Incident Reports to identify and mitigate potential privacy issues.
• Ensure that Intranet and Internet privacy content is accurate and current.
• Oversee the monitoring of the privacyofficer@cmh.edu email box and respond to correspondence in a timely and professional manner.
• Provide regular reports of privacy activity to the VP, Chief Compliance Officer.

Provide supervisory oversight:

• Identify appropriate staffing levels in the Privacy/Security and general compliance section of the Compliance department.
• Recruit, hire and evaluate privacy/security and general compliance staff.
• Maintain job descriptions and competencies for privacy/security and general compliance staff.
• Provide oversight to privacy/security and general compliance staff by delegating work as appropriate and establishing work standards to be achieved.

Serve as a resource to CME on issues related to compliance with HIPAA laws, regulations, policies and procedures:

• Collaborate with the Health Information Management Director and other applicable personnel to track access to protected health information and allow appropriate individuals to receive a report on such activity.
• Collaborate with the Patient Advocate, Patient Access, Health Information Management, Employee Relations and other applicable departments to assure patients’ rights as outlined in the HIPAA Privacy Rule.
• Serve as a resource and ancillary reviewer to the Hospital’s IRB, Research Institute, Case Presentation Authors and Quality initiatives.

In collaboration with the VP, Chief Compliance Officer maintain an effective Corporate Compliance Program to ensure compliance with federal and state laws as it relates to General Compliance. General Compliance excludes billing, research, privacy and information security and potentially includes oversight of health care sanctions, conflict of interest, non-monetary compensation, gifts and gratuities and conflict of interest:

• Performs or oversees the performance of General Compliance internal investigations in accordance with departmental policies and procedures.
• Conducts risk assessments and monitoring activities relative to General Compliance requirements.
• Collaborates with other departments and individuals to assure appropriate policies are developed, implemented and in compliance with General Compliance requirements.
• Researches and remains familiar with healthcare compliance issues to assure the Hospital addresses all risk areas. 
• Develops and collaborates with other compliance areas to implement the Annual Mandatory Education (AME) and Welcome to Children’s Mercy Orientation (WCO) Compliance Department Education and Training Programs. 
• Ensures that the Intranet and Internet’s General Compliance content is accurate and current.

• Bachelor's Degree in Health Administration, Public Health, or fields related to Compliance and/or Privacy, plus 7 or more years' experience. Required experience in a Healthcare leadership role. Strong experience with HIPAA/HITECH management OR
• Master's Degree in Health Administration, Public Health, or fields related to Compliance and/or Privacy, plus 5 or more years' experience. Required experience in a Healthcare leadership role. Strong experience with HIPAA/HITECH management OR
• Preferred, Juris Doctor (JD). Required experience in a Healthcare leadership role. Strong experience with HIPAA/HITECH management.
• One of the following required upon hire:
  • Certified Healthcare Compliance certification (CHC) through HCCA or
  • Certified Healthcare Privacy Compliance certification (CHPC) through HCCA or
  • Certified in Healthcare Privacy & Security certification (CHPS) through AHIMA 

The benefits plans at Children’s Mercy are one of many reasons we are recognized as one of the best places to work in Kansas City. Our plans are designed to meet the changing needs of our employees and their families.

Pay ranges are market competetive  and all offers are based upon a combination of experience and education. 

This is an intermittent remote position, which means that the person hired will work with his or her manager to determine a schedule that includes both at home and on-site hours at a Children’s Mercy location. The incumbent must live in the Kansas City metro area.

Children’s Mercy hires individuals based on their job skills, expertise and ability to maintain professional relationships with fellow employees, patients, parents and visitors. A personal interview, formal education and training, previous work experience, references and a criminal background investigation all are factors used to select the best candidates. The hospital does not discriminate against prospective or current employees based on the race, color, religion, sex, national origin, age, disability, creed, genetic information, sexual orientation, gender identity or expression, ancestry or veteran status. A drug screen will be performed upon hire. Children’s Mercy is smoke and tobacco free.

CM is committed to creating a diverse and inclusive workforce. Our patients and families come from all walks of life, and so do we. We know that our greatest strengths come from the people who make up our team so we hire great people from a wide variety of backgrounds, not just because it’s the right thing to do, but because it makes our hospital stronger and our patient care more compassionate.

If you share our values and our enthusiasm for service, you will find a home at CM. In recruiting for our team, we welcome the unique contributions that you can bring, including education, ideas, culture, ethnicity, race, sex, sexual orientation, gender identity and expression, national origin, age, languages spoken, veteran status, color, religion, disability and beliefs.