HIPAA Consultant

About Fusemachines

Fusemachines is a leading AI strategy, talent, and education services provider. Founded by Sameer Maskey Ph.D., Adjunct Associate Professor at Columbia University, Fusemachines has a core mission of democratizing AI. With a presence in 4 countries (Nepal, United States, Canada, and Dominican Republic and more than 400 full-time employees). Fusemachines seeks to bring its global expertise in AI to transform companies around the world.

About the Role

This role is responsible for overseeing and ensuring the organization's compliance with the Health Insurance Portability and Accountability Act (HIPAA) and related privacy and security regulations, such as HITECH Act. This role involves developing, implementing, and maintaining policies and procedures, training staff, conducting audits, and responding to incidents to protect the confidentiality, integrity, and availability of patient health information, ensuring legal and security compliance, and mitigating the risks associated with data breaches and violations

Qualification & Experience

• Advanced degree in Computer Science, Healthcare Management, or a related field

• A minimum of 10 years of progressively responsible experience in compliance and privacy in healthcare, IT, or related field

• Demonstrate comprehensive familiarity with regulations spanning multiple industries, encompassing areas such as IT, First Tier Related Entities, healthcare (including HIPPA and HITECH), GDPR, Electronic Health Records, consulting, government contracts and the ability to comprehend regulatory landscape across other diverse sectors

• Proven track record of successfully leading compliance and privacy initiatives at a strategic level

• Strong analytical skills and the ability to assess complex regulatory landscapes and translate them into actionable strategies

• Excellent communication, negotiation, and interpersonal skills, with the ability to collaborate and influence at all organizational levels

• Compliance Certification and Healthcare Privacy Certification required

• Relevant certifications like certified information systems security professional - CHPS, CISSP, CIPP are a plus

• Experience driving knowledge transfer and training programs is a plus

• Experience helping Solution Architects to design and implement appropriate compliance strategies, policies, procedures and guidelines is a plus

Required skills/Competencies

• Strong understanding of healthcare operations, IT security, and privacy best practices

• In-depth understanding of healthcare regulations such as HIPAA, HITECH Act, etc

• Ability to interpret and apply complex healthcare laws and regulations to organizational policies and practices

• Strong ethical principles and the ability to make sound decisions based on ethical considerations

• Proficiency in assessing compliance risks, identifying potential violations, and developing strategies to mitigate risks

• Capability to develop, update, and implement compliance policies and procedures tailored to the organization's needs, ensuring policies are effectively communicated and enforced

• Develop and deliver compliance training programs to educate employees, contractors, and stakeholders on compliance requirements and best practices

• Strong experience establishing monitoring systems to track compliance with policies and regulations

• Strong Analytical skills to assess data and identify trends that may indicate compliance issues, Utilizing data to improve compliance efforts

• Ability to adapt to evolving regulatory requirements and industry changes

• Effective leadership and management abilities to lead compliance teams and initiatives within the organization

• Proficiency in identifying compliance-related problems and developing solutions to address them effectively

• Experience working with development teams, including solution architecture to make sure that any application is compliant with the different regulatory requirements

• Familiarity with compliance software and tools for tracking and managing compliance efforts

Responsibilities

• Policy Development and Implementation: Develop, update, and implement policies, procedures, and guidelines to ensure compliance with privacy and security regulations for the healthcare industry, ensuring that all staff members are aware of and adhere to them

• Risk Assessment and Management: 

  • Conduct regular risk assessments to identify vulnerabilities and risks to protected health information (PHI), and

  • Develop and implement risk mitigation strategies and security controls

• Training and Education focus on HIPAA:

  • Provide security and privacy training and education programs for employees, contractors, and business associates

  • Ensure ongoing awareness of security and privacy requirements and best practices.

• Privacy and Security Audits:

  • Perform regular audits and assessments of the organization's privacy and security practices, and

  • Identify areas of non-compliance and implement corrective actions

• Incident Response:

  • Develop and manage an incident response plan for breaches or suspected breaches of PHI, and

  • Investigate and report any security incidents or breaches as required by law

• Vendor and Business Associate Management:

  • Oversee compliance among third-party vendors and business associates, and

  • Review and monitor agreements to ensure they meet security and privacy requirements

• Compliance Reporting:

  • Prepare and submit required HIPAA compliance reports to regulatory authorities as necessary and

  • Keep abreast of changes in HIPAA regulations and adjust compliance efforts accordingly

• Documentation and Recordkeeping: Maintain accurate and up-to-date records of HIPAA, and other relevant security and privacy compliance efforts, risk assessments, policies, and training programs

• Internal Communication:

  • Serve as a point of contact for employees, management, and other stakeholders regarding HIPAA, and other relevant security and privacy, compliance matters, and

  • Promote a culture of privacy and security awareness

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status