The Compliance and Privacy Officer shall oversee all ongoing activities related to the development, implementation and maintenance of NEMS’ Corporate Compliance Program (CCP) and privacy policies in accordance with applicable federal and state laws, regulations and standards (e.g., Department of Health and Human Services, including the Centers for Medicare and Medicaid Services (CMS) and the Office of the Inspector General (OIG); California Department of Health Care Services; etc.). The Compliance and Privacy Officer assists senior management and the NEMS Board of Directors in carrying out their respective roles and responsibilities by providing compliance monitoring, reporting, training and advice.
Manages all aspects of effective compliance and privacy programs, including education and training; monitoring and auditing; conducting and documenting investigations; addressing violations and monitoring corrective actions; maintaining data and analytics that report on compliance department operations; and acting as a consultative resource for health care regulatory matters.
Provides oversight and leadership to the implementation and ongoing operation throughout NEMS Corporate Compliance Program (CCP).
Oversees the establishment and maintenance of policies and procedures to support the CCP and privacy program throughout NEMS.
Provides assurance that CCP training programs acquaint all NEMS employees and contractors with the NEMS CCP and Code of Conduct, including updating this information through mandatory, periodic retraining.
Understands OIG compliance standards and HIPAA/HITECH requirements.
Should have working knowledge of HRSA program requirements (including FTCA policies); federal and state reimbursement program requirements (e.g., FQHC, Medicare and Medicaid); federal and state anti-kickback and physician self-referral laws (e.g., Stark and PORA); and provider and practitioner licensure and scope of practice requirements, privacy and consent laws.
Must have in-depth working knowledge of current privacy regulations and other pertinent and applicable state and federal regulations related to PHI and experience implementing such regulations.
Establishes and administers a process for receiving, documenting, tracking, investigating and taking action on all complaints concerning privacy policies and practices; investigates and evaluates suspected breaches, sends notification letters to patient when required, and submits required reports to OCR. Reports to the outside agencies timely in accordance to the law. Provides remediation and training to mitigate privacy breaches.
Ensures consistent application of sanctions for failure to comply with privacy policies for all individuals in the practice/organization’s workforce, extended workforce, and for all business associates, in cooperation with his/her immediate supervisor, Human Resources, and the information security officer.
Coordinates with regulatory agencies when requested and assists compliance program management and administration in compliance reviews, audits and investigations.
Collaborates across entities in response to alleged violations of rules, regulations, policies, procedures, and standards of conduct by evaluating or recommending the initiation of investigative procedures.
Oversees, directs, delivers, or ensures delivery of compliance/privacy education, training and orientation to all employees, volunteers, medical and professional staff and applicable business associates.
Participates in the development, implementation, and ongoing compliance monitoring of all business associate agreements to ensure that all privacy concerns, requirements and responsibilities are addressed.
Performs periodic compliance audits of individuals who access PHI. Establishes and maintains a mechanism to track access to protected health information, within the purview of the practice/organization and as required by law to allow qualified individuals to review or receive a report on such activity.
Performs periodic compliance audits of critical policies and procedures to ensure consistency between written and actual practices.
Facilitates and leads the Compliance Workgroup and present updates to the NEMS Board of Directors and its Compliance Committee. Has direct access to the Board of Directors and legal counsel for the purpose of making reports and recommendations on compliance matters.
Oversees alongside the Health Information Services Manager and ensures the right of the practice/organization’s patients to inspect, amend and restrict access to protected health information, when appropriate.
Serves as a member of, or liaison to, the organization’s IRB or Privacy Committee, should one exist. Also serves as the information privacy liaison for users of clinical and administrative systems
Reviews all system-related information security plans throughout the practice/ organization’s IT network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department, if applicable.
Minimum 3 years experience in a documented compliance and HIPAA compliance role.
Bachelor’s degree in Business, Health Care, Law/Legal or related field preferred.
Bi-lingual in Cantonese and/or Mandarin and English is an asset.
Healthcare Compliance and Healthcare Privacy Compliance Certifications preferred.
Advanced proficiency in various computer applications, e.g. word processing, Excel spreadsheet, e-mail, database management, and presentation software, specifically Microsoft Office Suite.
Excellent communication skills including negotiation skills; must be persistent and persuasive.
North East Medical Services (NEMS) is one of the largest community health centers in the United States targeting the medically underserved Asian population. Based in San Francisco, the non-profit community health center offers comprehensive health care services to a variety of patients, a majority of whom are uninsured or low-income. NEMS offers linguistically-competent and culturally-sensitive he...alth care services in many languages and dialects, including Cantonese, Mandarin, Toishan, Vietnamese, Burmese, Korean, Spanish, and Hindi.(dotted line)NEMS operates ten clinics throughout the San Francisco Bay Area, with the main clinic located at 1520 Stockton Street in Chinatown/North Beach; five additional clinics in San Francisco's Portola, Visitacion Valley, Richmond districts and Sunset districts; as well as satellite sites in Daly City and San Jose.NEMS has over 60 health care providers who offer a range of medical specialties, including Internal Medicine, Pediatrics, Family Practice, Obstetrics/Gynecology, Dentistry, Optometry, Ophthalmology, Cardiology, and Radiology. In addition, ancillary services such as mental health, podiatry, nutrition, pharmacy, laboratory and social services strengthen the quality of care that patients receive.The unique multilingual and culturally-sensitive direct service staff allows patients to adequately express themselves in a familiar environment to increase the relevancy and excellence of care they receive. Health education programs, many of which bridge the gap between Western and Asian medical practices, are available at the clinic and through weekly radio broadcasts on local Chinese media. The programs address preventative health care education and practices as it relates to the cultural needs of the community.? North East Medical Services (NEMS) is a Health Center Program grantee under 42 U.S.C. 254b, and a deemed Public Health Service employee under 42 U.S.C. 233(g)-(n).