The Compliance Officer is responsible for overseeing and enforcing compliance with information security standards and regulatory frameworks, including HIPAA, 340B, and others as documented. Under the supervision of the IT Director, this role develops, implements, and monitors policies and procedures to ensure organizational adherence to legal and ethical requirements. They provide records management and oversight for patients, investigations for non-compliance, and credentialing services for employees.
Responsibilities
HIPAA Compliance
a. Manage HIPAA policies and procedures to ensure patient data is secure.
b. Conduct regular audits, assessments, and training sessions for health staff.
c. Serve as primary investigator regarding HIPAA issues and violations.
d. Collaborate with IT and Health Director to address any gaps in data security and to enforce compliance.
Pharmacy Compliance (340b)
a. Review 340b Pharmacy policies and activities implemented by Pharmacy to ensure regulations are adhered to.
b. Conduct regular IT security audits, assessments, and training sessions for pharmacy staff.
c. Serve as technical point of contact for investigations regarding 340b issues.
FTCA
a. Facilitate the Federal Tort Claims Act (FTCA) application process.
b. Collaborate with HR, clinical, finance and administrative teams on all required activities.
c. Manage online and physical document library for all FTCA applications.
Credentialing
a. Oversee healthcare provider credentialing and privileging process for efficiency and completeness.
b. Collaborate with Health, HR, and Finance to ensure compliance with licensure standards.
c. Ensure timely processing and documentation.
IT Security
Monitor IT-driven security and compliance activities for all departments. Assist IT Director in training staff on policies and best practices. Work with the IT director to ensure Business Associate Agreements are in place and up to date. Review and assist in updating all IT Security policy frameworks to ensure compliance and alignment with Criminal Justice Information Systems (CJIS), Payment Card Industry (PCI), Family Education Rights and Privacy Act (FERPA), Food and Drug Administration (FDA) et. al.
Vaccine Technology
a. Conducts regular audits to ensure vaccine notifications systems and refrigerator technology is operational.
b. Monitor frequency and processes for compliant activities performed by clinic managers.
c. Collaborate with State vaccine officials on access to networks and equipment upgrades.
Physical Security
a. Conducts regular audits and reviews to ensure Physical Protection policy is adhered to and compliant.
b. Work with IT Director and Public Health and Safety officer to implement and test emergency systems.
c. Collaborate with Maintenance department to ensure working operation of alarm systems.
d. Test 911 and E911 systems with appropriate departments and emergency officials to ensure working operation.
Customer Service Liaison
a. Act as the main point of contact for patient and Tribal member complaints and issues.
b. Document each complaint thoroughly and prepare reports for Tribal Administrator and Council.
c. Ensure all complaints are handled within appropriate compliance rules and regulations.
d. Consult with management on decisions and courses of action.
Records Management
a. Build workflows for patient records requests that involve Protected Health Information (PHI and ePHI)
b. Oversee processes for handling and distribution of all Secure Data (ePHI, CJI, PII, etc.) Ensure that processes are in place for patients to access and amend health records.
c. Coordinate with clinical records staff to ensure secure delivery of patient information.
d. Assist appropriate departments in secure collection and distribution of all information requests.
Quality Improvement
Conduct regular assessments of patient care processes. Facilitate peer reviews for health care providers. Provide quarterly reporting on performance metrics for quality of care. Coordinate quality improvement with a cross-functional team of stakeholders.
Investigation and Enforcement
a. Serve as lead investigator for all non-compliance issues.
b. Provide regular reporting to IT Director and appropriate leaders to ensure stable and secure operations.
c. Collaborate with HR and appropriate supervisors on sanctions and enforcement.
d. Work on special investigations under supervision of Legal, Tribal Administrator, Health Director, and/or HR.
General Requirements:
- Must be insurable through the Tribe’s vehicle insurance required.
- Must pass a criminal and fingerprint background check according to P.L. 101-630 standards required.
- Must pass a pre-employment alcohol/drug screening required.
Education and Experience:
- Bachelor’s Degree in a related field from an accredited university or a minimum of five (5) years’ experience in a health care setting with active compliance and IT Security requirements and frameworks.
- Five (5) years’ experience working in a medical or a health clinical setting required.
- Two (2) years’ experience in an administrative or supervisory position required.
- One (1) year experience in administration of health clinics in both remote and non-remote settings required.
- Preferred experience working with Native Americans.
License & Certification:
- Must possess, maintain, and provide proof of a valid Utah Driver’s License.
- Must possess, maintain, and provide proof of a valid Certification or equivalent experience in HIPAA Privacy and Security Compliance, or complete within one (1) year of hire.
- Must possess, maintain, and provide proof of a valid Certification or equivalent experience in Healthcare Compliance, or complete within one (1) year of hire.
- Must obtain CISA, Security+, GIAC GX-FA, or equivalent certification within one (1) year of employment.
- Complete training for 340b compliance through a HRSA sponsored education program, such as 340b University.
- Complete annual training for HIPAA compliance that aligns with HHS 405d content and requirements.
- Group Health Care Plan (Health, Dental, Vision, Life/AD&D and Long-Term Disability). Employer paid premiums for Employee, Spouse and Dependents
- Supplemental/Voluntary Benefits (Aflac, Life/AD&D and Short-Term Disability)
- HSA Bank Account - Monthly employer contributions
- Retirement Plan (401k, Roth) - Dollar for dollar match up to 6%
- Paid Vacation/Annual Leave
- Paid Sick Leave
- Paid Holidays (Federal, State and Tribal) - Paid according to set work schedule only
- Paid Birthday Leave
- Paid Bereavement Leave
- Employee Assistance Program
- Education Assistance Program
- Wellness Program - Earn up to $1,000 into your HSA account per year