Compliance & Privacy Officer

Overview

Compliance & Privacy Officer - Stony Brook CPMP 

Location: St. James, NY

Schedule: Full time

Days/Hours: Monday - Friday; 8 AM - 5 PM

Salary Range: $215,000 - $240,000 (pay will be determined based on experience, preferred qualifications, and education)

Our compensation philosophy aims to provide marketable compensation programs and to compensate employees based on relevant experience and education. Individual compensation discussions begin during the hiring process and may occur during job review and promotional opportunities. Salaries vary depending on experience, education and current market for the position. Human Resources determines the external and internal equitable salary for each employee. The above salary range (or hiring range) represents Stony Brook CPMP’s good faith and reasonable estimate of the range of possible compensation at the time of posting

Responsibilities

SUMMARY: The Compliance & Privacy Officer for the Clinical Practice Management Plan (CPMP) and Stony Brook Accountable Care Organization (SB-ACO) will carry out the Compliance Program for the Clinical Practice Management Plan and the SB-ACO.

S/he is responsible for the oversight and assessment of the compliance and privacy programs for University Faculty Practice Corporations (UFPCs), S.B. Community Medical, P.C. (SBCM), Meeting House Lane Medical Practice, P.C. (MHL), and SB-ACO.

The Compliance & Privacy Officer reports directly to each Board of Directors and is responsible for providing guidance and education to physicians and non-physician practitioners, clinical department leaders, and other workforce members regarding compliance with federal and state rules, regulations, and laws on billing and business practices, and organizational policies and procedures as prescribed in the Code of Conduct. The Compliance and Privacy Officer partners and collaborates with Stony Brook Medicine’s Chief Compliance Officer to implement an effective compliance program.

In collaboration and partnership with Stony Brook Medicine’s Chief HIPAA Privacy Officer, serves as the leader in HIPAA compliance and is responsible for planning and directing the HIPAA Privacy Program, including but not limited to daily program operations, program development, implementation, and maintenance of HIPAA Privacy Policies and Procedures, monitoring program compliance, investigating and tracking incidents and breaches in compliance with applicable federal and state HIPAA regulations, particularly regarding the organizations access to and use of protected health information (PHI) for CPMP and its UFPCs, SBCM, and MHL.

The Compliance & Privacy Officer will mentor the CPMP compliance department team members and collaborate with other Stony Brook Medicine and University compliance leaders. Also, s/he will create and implement annual compliance and privacy work plans for CPMP and SB-ACO. The Compliance & Privacy Officer will partner with the Executive Directors of CPMP and SB-ACO, as well as other leaders, to provide continual risk assessment and develop comprehensive policies and procedures, compliance training, and investigations.

Job Duties & Essential Functions:

• Design, implement and report on programs, policies, and practices to ensure compliance with federal, state, and local regulatory requirements. Respond to all allegations of noncompliance as it relates to violations of rules, regulations, policies, procedures, and the Code of Conduct. Ensure the implementation of new compliance and privacy regulations.
• Lead, manage, conduct, and oversee compliance investigations and audits throughout the CPMP, its UFPCs, SBCM, MHL, and SB-ACO, including compiling reports with recommendations to physician leaders, clinical administrators, the Board of Directors, and management. Prepare reports for the CPMP and SB-ACO Compliance Committees and department leadership related to auditing and monitoring and activities conducted by the compliance department.
• Facilitate quarterly compliance committee meetings for CPMP and SB-ACO, and report to the Board of Directors of each quarterly. Participate in operations meetings and collaborate with risk management, the quality department, and legal counsel.
• Develop compliance and privacy training materials and provide training for all new staff and providers, as well as provide ongoing compliance education and training throughout CPMP, its UFPCs, SBCM and MHL and as requested for other areas. Ensure that SB-ACO Covered Persons receive annual compliance and privacy training and as-needed educational programs and materials on compliance and privacy-related issues. Maintain and distribute compliance educational material and regulatory compliance updated to the applicable individuals and areas.
• Cooperate with the U.S. Department of Health and Human Services Office for Civil Rights and other federal and state regulators conducting HIPAA compliance reviews or investigations.
• Maintains and promotes a compliance hotline that allows confidential reporting of issues anonymously and emphasizes the non-retaliation policy. Investigate all credible reports received on the compliance hotline and through any other means or refer them to the appropriate entity or department for investigation and resolution.
• Guide management and leadership of the clinical departments on compliance issues and inquiries; collaborate with management for reasonable solutions with process improvements.
• Respond to all requests from individuals regarding their HIPAA rights.
• Work with the Chief HIPAA Privacy Officer and partner with internal departments and operational leaders representing organizational privacy interests to ensure overall organizational HIPAA compliance. Serve as the internal subject matter expert on HIPAA Privacy
• Strengthen and enhance CPMP’s and SB-ACO’s Compliance & Privacy programs. Develop and implement annual compliance work plans and review compliance-related policies and procedures. Report on changes in applicable HIPAA Privacy laws and regulations, update relevant policies and procedures, and provide training as needed.
• Conduct HIPAA privacy investigations and track incidents and breaches. Partner with the Chief Privacy Officer to conduct a risk assessment for all reported and suspected potential violations involving protected health information (PHI) for breach determination. Report reportable breaches involving PHI in accordance with Breach Notification requirements of federal and state law. Maintain records and supporting documentation for investigations and breach risk assessments, including but not limited to mitigation actions, communications, and notifications.
• Monitor the performance of the Compliance & Privacy programs and related activities, continuously taking appropriate steps to improve its effectiveness.
• Other duties as assigned, including management and supervision of the CPMP compliance department staff.

Qualifications

Required Qualifications:

• Bachelor’s degree required
• Certification in Health Care Compliance (CHC), Certification in Healthcare Privacy Compliance (CHPC), or Graduate Certificate in Health Care Compliance is required
• A minimum of 8 (eight) years of leadership and/or supervisory experience is required.
• At least 5 (five) years of experience in health care compliance is required
• Ability to work collaboratively with physicians, non-physicians and practitioners, leaders and workforce members of clinical, financial, and other departments
• Knowledge and demonstrated experience with healthcare regulations and related state and federal information privacy, confidentiality, security, and breach notification laws and regulations, including but not limited to access, use, disclosure, or HIPAA
• Mental agility and strong communication skills regarding privacy with the ability to understand broad enterprise risks in a complex health system
• Ability to manage multiple initiatives at the same time.
• In-depth knowledge and understanding of fulfilling the elements of an effective compliance program.
• Strong analytical, communication and presentation skills are required.
• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

Preferred Qualifications:

• Strongly prefer physician practice plan compliance or physician office compliance experience.
• Master’s degree preferred.
• Academic medical center compliance experience preferred.
• Privacy Officer experience within an academic healthcare hybrid entity.
• Accountable Care Organization experience preferred.
• Clinical background preferred (e.g., M.D., D.O., R.N., PA, N.P., R.T.).
• Membership or coding certification through the American Health Information Management Association or the American Academy Professional.

Physical Demands:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is regularly required to communicate with patients, staff and medical providers. The employee must be able to exchange accurate information in these situations. This position is largely sedentary and requires the employee to remain stationary for a majority of the day. Any additional physical demands will be outlined and provided by management. 

The responsibilities and tasks outlined in this job description are not exhaustive and may change as determined by the needs of CPMP. 

StaffCo is a Professional Employer Organization, commonly referred to as a PEO, duly organized and registered under the New York Professional Employer Organization law. StaffCo and SUNY have entered into a professional employer agreement under which StaffCo is the employer of Stony Brook Clinical Practice Management Plan employees and responsible for all aspects of employment, including hirings, promotions, disciplines, terminations, the day-to-day direction and supervision of work, as well as labor relations and collective bargaining. StaffCo is fully responsible for providing all payroll and human resources services, including the payment of wages, collecting and reporting payroll taxes and maintaining any and all employee benefits.  SUNY Stony Brook Hospital is responsible for the operation of the hospital and provision of health care and is the co-employer as is necessary to conduct its responsibilities and for related licensure, regulatory or statutory requirements and obligations.    

Given StaffCo’s employment responsibilities, it is deemed the “employer” for employment and labor law purposes.  Thus, the employees are private sector employees of StaffCo, not public sector employees of SUNY.  The private sector nature of the StaffCo employees has been approved by NYS Civil Service and upheld in a decision by the US National Labor Relations Board. 

CPMP provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, creed, gender, national origin, age, disability, marital or veteran status, sexual orientation, gender identity or expression, or any other legally protected status.  This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall and transfer, leaves of absence, compensation and training.

CPMP expressly prohibits any form of workplace harassment based on race, color, religion, creed, gender, national origin, age, disability, marital or veteran status, sexual orientation, gender identity, or any other legally protected status.  Improper interference with the ability of CPMP’s employees to perform their job duties may result in discipline up to and including discharge.