Direct and provide oversight of DUHS Compliance Program, Direct and monitors the system-wide compliance activities and staff on a daily basis for all DUHS facilities. Contributes to planning, designing, implementing, and managing compliance program, including develop and implement policies and procedures, educational programs, and internal review to determine the effectiveness of the Compliance Program to meet regulatory compliance with applicable laws and regulations. Reports to DUHS Chief Compliance Officer. Assumes management responsibilities of a team of Compliance professionals.
Privacy specific description:
The Privacy Director works with the Chief Compliance & Privacy Officer across DUHS, Duke University Schools of Medicine and Nursing and their affiliates (Duke Health) to develop, operate and monitor an effective privacy program. The Privacy Director will develop and monitor compliance with federal and state privacy regulations, as well as general industry privacy standards related to protected health information and other restricted or sensitive information collected, used, and/or retained. Assumes management responsibilities of a team of Privacy professionals.
Provide direction and oversight of certain areas of operations including auditing and monitoring, Medicare conditions of participation, licensure, compliance hotline and investigations, Anti-kickback and Stark Law, conflicts of interests, and privacy.
Review, revise, develop and/or direct written policies, procedures and guidelines designed to address operational processes and compliance with laws and regulations and related compliance functions.
Create and oversee training programs related to regulatory risk areas to educate employees in policies, procedures and regulatory requirements relevant to their work, and coordinate training programs to achieve effectiveness.
Monitor new regulations and impact on business and provide technical guidance to affected departments.
Lead annual risk assessments to identify regulatory vulnerabilities and risks and prioritize risks to develop and oversee compliance plan.
Lead regulatory audits, including manage planning, identify gaps and effectiveness of current controls, analyze findings and develop remediation plans for addressing deficiencies as needed and oversee implementation of corrective actions.
Create and monitor key metrics to monitor and assess effectiveness of key compliance activities and implement departmental process improvements.
Analyze compliance quality assurance reports from operational departments to evaluate areas of opportunities of non-compliance and direct revisions of internal controls that should be strengthened.
Manage external agencies queries and investigations, including drafting and overseeing responses to agencies and implementing corrective action or appeals.
Chair and facilitate facility compliance committees and summarize and report compliance activity to the DUHS Chief Compliance Officer and facility leadership.
Develop reports for Senior Leadership, and Compliance/Audit Committee, DUHS Board of Directors in coordination with the DUHS Chief Compliance Officer.
Privacy Director Specific Responsibilities (if applicable):
The Privacy Director will specifically serve as healthcare privacy subject matter expert for Duke Health and its Affiliated Covered Entity, working closely with clinical and research faculty and staff to create compliance with healthcare and research privacy laws and regulations.
Lead privacy evaluation and collaborate with staff to maintain data uses are in compliance with agreements including business associate agreements and other contractual restrictions, and applicable laws, regulations, and policies.
Collaborate with Procurement, IT Security and business with the review and negotiation of business associate agreements and privacy language as needed, particularly for HIPAA and privacy issues.
Complete audits, risk assessment activities, analysis, and corrective actions.
Continuously learn about new regulatory requirements and industry trends and incorporate within the privacy program.
Manages and oversees privacy-related investigations and complaints and the resolutions in collaboration with other compliance leaders, team members, and counsel, as appropriate.
Assists with the development and implementation of privacy policies and procedures.
Assists with the creation of, and conducts as appropriate, system-wide compliance training and education programs and outreach to continuously build relationships and awareness around importance of privacy.
Prepares and reviews privacy related tracking reports, incidents, and data analytics to identify opportunities for educational opportunities and policies, procedures and process improvement.
Oversee the breach notification process, including any follow-up with affected individuals (e.g., call teams in response to reported breach) and external agencies investigations, including drafting responses and remediation and implementing corrective action.
Maintains knowledge of rules and regulations (HIPAA, HITECH, state privacy laws and Identity Theft laws) that impact specific ministries and the organization and acts as a subject matter expert to support and provide guidance to workforce members.
Required Qualifications at this Level
Work requires organizational, analytical and communication skills acquired through the completion of a bachelor degree program in Business Administration or Health Administration.
A Juris Doctor degree, CPA, Masters degree in Hospital Administration, Business Administration or a related field is preferred.
Privacy Director Specific: Advanced Degree or Juris Doctor degree and privacy certifications including IAPPs CIPP or CIPM, preferred.
Work requires a minimum of five years experience in compliance within the healthcare industry, health care privacy to include leadership experience. Demonstrated ability to proactively identify and manage risks and develop appropriate internal controls. Proficient knowledge of laws, regulations, and standards related to health care compliance within state and federal information privacy laws, including but not limited to HIPAA, including as apllied to reasearch with practical experience applying privacy laws to clinical research and clinical care. Requires outstanding analytical, written, and verbal communication skills.
OR AN EQUIVALENT COMBINATION OF RELEVANT EDUCATION AND/OR EXPERIENCE.
Job Code: 00005331 COMPLIANCE DIRECTOR Job Level: I1
Duke is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status.
Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas—an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.
Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essential job functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.
As a world-class academic and health care system, Duke Health strives to transform medicine and health locally and globally through innovative scientific research, rapid translation of breakthrough discoveries, educating future clinical and scientific leaders, advocating and practicing evidence-based medicine to improve community health, and leading efforts to eliminate health inequalities.