Memorial Sloan-Kettering Cancer Center Compliance Specialist (Privacy) in New York, New York
Compliance Specialist (Privacy)
Job Posting Number: 19862
Professional – Compliance & Audit
March 28, 2018
At Memorial Sloan Kettering (MSK), we’re not only changing the way we treat cancer, but also the way the world thinks about it. By working together and pushing forward with innovation and discovery, we’re driving excellence and improving outcomes.
For the 28th year, MSK has been named a top hospital for cancer by U.S. News & World Report. We are proud to be on Becker’s Healthcare list as one of the 150 Great Places to Work in Healthcare in 2018, as well as one of Glassdoor’s Employees’ Choice Best Place to Work for 2018. We’re treating cancer, one patient at a time. Join us and make a difference every day.
The Compliance Specialist (Privacy) works with the Compliance Manager and Director to prevent and detect non-compliance with various federal and state regulations and MSK policies. The Specialist routinely advises staff at all levels and across functional areas on various privacy policies, and responds to privacy-related inquiries from staff and patients alike. The Analyst handles a regular portfolio of privacy incidents reported to Compliance. For each incident, the Specialist applies discretion and critical judgment in fact-gathering and review, assessment of regulatory factors, and documentation of findings or advice. Specialist responsibilities also include: Triage of confidential inquiries and incidents reported to Compliance; Handling patient privacy concerns and responding directly to patients by phone and in writing; Performing auditing to monitor workforce-member compliance; Acting as a liaison with key departments to address and integrate privacy requirements; and assisting with special projects as needed, including those involving data management.
Develop and maintain knowledge and expertise in key privacy regulations (e.g., HIPAA Privacy and Breach Notification Rules), MSK policies and procedures. Key areas of knowledge and expertise include permitted uses and disclosures of PHI, methods for de-identification, required agreements or authorizations for certain uses/disclosures of PHI, and other key regulatory requirements.
Apply expert knowledge, discretion and critical judgment in all aspects of incident management. Use judgment to determine what information is required and use appropriate means to obtain the information, including interviewing staff members, reviewing medical records or audit trails, reviewing MSK policies, or researching past practices at MSK. As appropriate, escalate issues to the Compliance Manager or Director.
Apply strong interpersonal skills and judgment to respond to direct patient inquiries.
Conduct regular privacy audits to monitor workforce-member compliance with privacy policies.
Apply knowledge of MSK clinical systems and privacy standards to assess compliance of user-access to systems. Acquire and maintain knowledge of other institutional systems that include PHI, and stay informed about updates and modifications to these systems and their audit trails. Review data-access requests for Privacy Office approval; Use judgment and expertise to determine if request can be approved and escalate requests to Manager, as appropriate.
Maintain appropriate documentation of all reviews performed, including audits, incident-management and requests for approval.
Assist Compliance Manager and Director in development of training tools and staff resources designed to promote staff understanding of and compliance with privacy regulations (i.e. HIPAA training presentations).
Analyze and prepare data for internal presentations to key stakeholders and for external regulatory reporting, including reports highlighting trends and variances in data.
A minimum of a Bachelor’s Degree; Master’s preferred
At least three years of experience in a healthcare setting
Knowledge of regulatory requirements, including HIPAA privacy standards
Strong analytical and problem solving skills to identify root cause and resolve complex problems;
Strong oral and written communication skills; ability to synthesize and clearly present complex information.
Strong interpersonal skills to interact effectively with patients and other external parties.
Excellent organization and time-management skills.
Information management skills needed to work with basic database (e.g. Microsoft Access database), develop reports, identify trends, and present information to employees and management staff.
Familiarity with HIS/clinical information systems.
Familiarity with and basic Microsoft Office skills (Word, Excel, PowerPoint); Access knowledge also preferred.
Experience guiding less-experienced staff and/or head project teams.
MSK is an equal opportunity and affirmative action employer committed to diversity and inclusion in all aspects of recruiting and employment. All qualified individuals are encouraged to apply and will receive consideration without regard to race, color, gender, gender identity or expression, sexual orientation, national origin, age, religion, creed, disability, veteran status or any other factor which cannot lawfully be used as a basis for an employment decision.
Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.