Compliance And Privacy Officer - 40009106

Durham County Government employs approximately 1,900 employees that work towards providing needed services throughout the community. With a wide array of services, Durham County Government is at the heart of a rapidly growing and diverse area offering residents, employees and visitors exciting opportunities to live, work, grow and play. For more information about Durham County Government, visit www.dconc.gov.

DEPARTMENT:       

 

Legal

DATE POSTED:         

   

January 07, 2025

CLOSING DATE:           

 

Until Filled

HIRING RANGE:

 

$64,093 - $86,488

POSITION NUMBER:        

    

40009106

JOB TYPE:

Full-Time, (37.5 hrs)

 

 

RESPONSIBILITIES:

Oversees and manages the daily operations of the current Compliance and Privacy program. Work is performed under the general supervision of the Risk Manager, Deputy County Attorney and/or County Attorney. 

 

TYPICAL TASKS:

• Responsible for the development and implementation of compliance and privacy policies and procedures for the County as well as receiving, investigating, and responding to privacy and compliance complaints for the County. This job description will serve as the privacy officer’s written designation in compliance with 45 CFR §164.530(a)(2).
• Responsible for ensuring patients’ rights in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and providing guidance on the use and disclosure of confidential information, highly restricted information, personally identifiable information, and protected health information.
• Ensure that Durham County and its stakeholders are implementing reasonable practices, policies, and controls to ensure it meets applicable federal, state, and local statutes, regulations, and requirements (i.e., including, but not limited to 42 CFR Part 2; NCGS 122c; NCGS Chap. 75 Art. 2A; PCI-DSS). Duties may vary according to the assigned office.
• Oversees and manages the daily operations of the program, development, implementation, and maintenance of policies and procedures (department and county level).
• Provides real-time consultation and support to County department Privacy Officers.
• Provides subject matter expertise regarding applicable state and federal laws, state policies, standard procedures, and controls to confirm they are appropriately embedded in the County’s risk management compliance practices.
• Drafts, updates, and maintains appropriate privacy and confidentiality consent, authorization forms, medical releases, Business Associate agreements, Data Use agreements, Notices of Privacy Practices, and information notices and materials reflecting current organizational and legal practices requirements with regards to privacy.
• Drafts and provides compliance, privacy, and HIPAA related training to employees, contractors, and privacy officers.
• Monitors program compliance through regular auditing and monitoring of processes, practices, and documents to identify weaknesses.
• Conducts investigations and tracks incidents, breaches, and claims.
• Makes breach determinations and reports breaches to internal stakeholder/executive leadership and external regulatory bodies.
• Provides recommendations for corrective actions and sanctions; works closely with Human Resources and department stakeholders to issue sanctions.
• Ensures patients' rights in compliance with the Health Insurance Portability and Accountability Act (HIPAA); NCGS 122c; 42 CFR Part 2; and any other applicable state or federal law or regulation with the over-arching goal of ensuring that any such privacy policies and procedures meet federal, state, and local regulations and requirements.
• Receives patient privacy complaints; investigates complaints; and communicates findings with internal stakeholders as well as the complainant.
• Reviews all HIPAA/Human Subjects related research proposals and advises the department on the applicable laws and appropriate data use agreements.
• Identifies and assesses areas of privacy risk and prepare recommendations that mitigate the risks.
• Drafts periodic and annual reports on the Compliance and Privacy Program and reports Compliance Program status to Executive Leadership.
• Serves as the Chair for the HIPAA Compliance Committee as well as the Privacy Group.
• Performs related tasks as required.

 

KNOWLEDGE, SKILLS AND ABILITIES:

• Thorough knowledge of privacy laws, regulations, and best practices.
• Thorough knowledge of the principles, methods, materials, practices and references utilized in legal research.
• Thorough knowledge of legal office procedures and practices.
• General knowledge of local government law, torts, contracts, civil rights, and administrative process.
• Ability to read and interpret contracts, County, state, and federal codes and regulations, insurance policies and other technical data and reports related to the management of County risks.
• Ability to effectively communicate in writing and orally with all levels of County government as well as the insurance industry personnel, attorneys, citizens, and state and federal government officials.
• Ability to effectively negotiate with insurance industry personnel, attorneys, citizens, and County personnel, sometimes in advisory situations.
• Strong subject matter expertise and knowledge of all relevant privacy laws, regulations, industry standards and best practices.

 

EDUCATION AND EXPERIENCE:

• Requires a bachelor’s degree in a relevant field such as, but not limited to, public health, health care administration, social work, business administration, public administration or a related field.
• Requires four (4) years of responsible, professional level experience working in a compliance, privacy, regulatory compliance, healthcare law and/or administration, risk management, or healthcare privacy role.
• A master’s degree in public health, health care administration, law or a related field may be substituted for one (1) year of required experience
• Graduation from a recognized law school, and two years of experience in healthcare or related experience, some of which is in municipal or county work, can be accepted in lieu of four years of experience.
• Auditing experience is a plus.

 

 

CERTIFICATION, LICENSE AND SPECIAL REQUIREMENTS:

• Certification in the following is required within one year of hiring: Certified in Healthcare Privacy Compliance (CHPC) and Certified Information Privacy Manager (CIPM).
• Certifications in one or more of the following is highly desired, but not required: Certified HIPAA Privacy Security Expert (CHPSE), Certified Information Privacy Professional (CIPP), Certified Ambulance Privacy Officer (CAPO), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologists (CIPT), Certified in Healthcare Compliance (CHC), Certified in Healthcare Privacy Compliance (CHPC), or Certified in Healthcare Research Compliance (CHRC).

Durham County Government is an Equal Opportunity Employer