Director of Health Information Services/HIPPA Privacy Officer

Website slocum_dickson Slocum Dickson Medical Group

Multi-specialty physician group

JOB SUMMARY:     Responsible for ensuring the efficient operation and provision of services from the departments of HIS and completion of duties as per SDMG policies and procedures.


  1. Directs activities and personnel in the HIS (Medical Records, Transcription and Data Collections) Departments to ensure the efficient operation.
  2. Interviews, hires and oversees training of personnel for departments.
  3. Assures adequate staffing and proper coverage for departments.
  4. Oversees priority coverage in absence/shortage of staff.
  5. Oversees the purchasing, justification, and proposal of new equipment and supplies for the departments.
  6. Develops policies and procedures for the departments and ensures compliance.
  7. Evaluates, counsels, disciplines, and terminates staff as per SDMG policies and procedures.
  8. Develops quality assurance standards and checks compliance on a regular basis.
  9. Schedules staff according to need and priority of coverage and mandates overtime if required.
  10. Oversees the scheduling of vacations, personal leave days, and holidays of personnel.
  11. Produces statistics for administration, as requested, to show increase/decrease of production and workload of both departments.
  12. On a daily basis, and throughout the day as needed, monitors all departmental workqueues to ensure work is being completed in a timely manner.
  13. Runs productivity reports, as needed. Reviews this information with staff and uses this information when completing staff performance reviews.
  14. Attends administrative meetings and schedules meetings with administration and/or other supervisors when warranted.
  15. Assists with Electronic Medical Record Steering Committee by assisting with developing an agenda for each meeting. Takes meeting minutes as needed.
  16. Prepares monthly reports for Corporate Compliance meetings. Takes meeting minutes as needed.
  17. Co-Chairs and pulls appropriate medical records on a monthly basis for Peer Review Committee.
  18. Maintains employee Time Clock on a weekly basis, approving time in system and editing time as needed.
  19. Assists with HIPAA related issues/complaints and follows-up appropriately.
  20. Meets regularly with the Chief Operating Officer to report any concerns, problems, and any other pertinent information of the status of the departments.
  21. Responds appropriately to all complaints by taking effective corrective action and/or notifying Administration.
  22. Notifies Administration if a problem has not been resolved and is of a serious nature or detrimental to any department or the Clinic itself.
  23. Ensures compliance with New York State Laws and Federal Regulations in areas of confidentiality and release of patient information.
  24. Serves as the HIPAA Privacy Officer for the Group. The HIPAA Privacy Officer supervises all ongoing activities related to the development, implementation, maintenance of, and adherence to the policies and procedures related to the privacy and access to patients protected health information (PHI) in accordance with federal and state laws. The duties of the HIPAA Privacy Officer also include the following:
  • Maintain current knowledge of applicable federal and state privacy laws related to the privacy regulation.
  • Serves as the Group’s point of contact, along with the Quality Manager, for any HIPAA related complaints. Works closely with the Chief Operating Officer and the Human Resources Director on the appropriate disciplinary actions necessary related to any HIPAA complaints and/or breaches.
  • Reports any HIPAA complaints/concerns to the Corporate Compliance Officer and Corporate Compliance Committee
  • Acts as the Group’s point of contact for any HIPAA request for amendments, accounting of disclosures, requests for restrictions and confidential communications.
  • Responsible for confidentiality and HIPAA Privacy training for all employees. Provides orientation on the Group’s Confidentiality and HIPAA policy for all new employees including providers.
  • Cooperates with the Office of Civil Rights and other legal entities in privacy compliance reviews or investigations.
  • Performs on-going privacy compliance monitoring activities and conducts random audits/reviews to include any high-profile cases
  • Works with the Group’s management staff to ensure the appropriate Business Associate Agreements are in place
  • Reports any breaches as outlined in the Groups Breach Notification Policy
  1. Strives to improve performance and courteous service of the departments.
  2. Strives to discuss and improve problems and issues which impact the departments.
  3. Prepares and oversees budgets for the departments.
  4. Demonstrates the ability to make prompt, competent decisions as problems arise.
  5. Develops and revises job descriptions.
  6. Properly completes and submits Employee Performance Evaluations in a timely manner.
  7. Actively serves on committees, specifically, Corporate Compliance, Risk Management, Peer Review, EMR, and attends other meetings on a regular basis.
  8. Assists the EMR Trainers/IT Department with EMR related issues
  9. Ensures compliance with documentation standards.
  10. Conducts chart reviews as needed.
  11. Assists with other duties as assigned by the Chief Operating Officer.
  12. May be exposed to hazardous drugs.
  13. Attends OSHA training upon initial employee orientation and annually completes an OSHA competency.

RELATIONSHIP WITH OTHERS:  Deals with Administration, physicians, supervisors, clinical staff, patients, and departmental personnel in relationships to the functions of the departments.  Must have the ability to deal effectively and courteously with all.

EDUCATION/EXPERIENCE/KNOWLEDGE:  Bachelor Degree in Health Information Management and Registered Health Information Administrator (RHIA) certification required.  Supervisory experience and thorough knowledge of computer systems required.  Experience dealing with a wide variety of professionals and personalities required.  A RHIT certification in lieu of RHIA acceptable provided that extensive supervisory and computer experience can be demonstrated.  Prefer supervisory experience in outpatient clinic setting.