(A) General.
(1) The Privacy Officer of the department shall be selected from time to time by the Chief of the Department, and shall have overall responsibility to ensure the compliance of the department with this policy. Because the department operates on a 24 hour per day 7 day per week schedule, it is not feasible for one individual to serve as full time Privacy Officer. Accordingly, the Chief of the Department may designate the position of Shift Commander on-duty as the Privacy Officer of the Department, and the Shift Commander may also in turn designate assistant Privacy Officers authorized to act on his or her behalf in his or her absence. The Village Manager shall lend such assistance as may be requested by the Privacy Officer from time to time to enable and facilitate the enforcement and administration of this policy by the Privacy Officer.
(2) The Privacy Officer shall also coordinate closely with the Village Personnel Director to ensure that any health related information arising as a result of workplace injury or accident involving village personnel is handled in strict accordance with this policy. At his or her discretion, the Privacy Officer, upon the approval of the Department Chief, may circulate and prepare memoranda of understanding between the department and other departments of the village that may acquire or come into contact with PHI to ensure awareness of such other departments of this policy, and to ensure compliance therewith.
(B) Privacy Officer job description and responsibilities.
(1) The Privacy Officer oversees all activities related to the development, implementation, and maintenance of department and village policies and procedures covering the privacy of PHI. This person serves as the key compliance officer for all federal and state laws that apply to the privacy of patient information, including the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA).
(2) This individual is tasked with the responsibility of ensuring that all of the organization's patient information privacy policies and procedures related to the privacy of, and access to, patient health information are followed.
(a) Duties and responsibilities.
1. Develop policies and procedures on staff training related to the privacy of patient health information and protected health information;
2. Develop policies on the security of health care information including computer and password security and patient data integrity;
3. Defines level of staff access to PHI and minimum necessary requirement for staff based on the required job responsibilities;
4. Oversees, directs, delivers, and ensures the delivery of initial and ongoing privacy training and orientation to all staff members, employees, volunteers, students and trainees.
5. Serves as the contact person for the dissemination of PHI to other health care providers;
6. Serves as the contact person for patient complaints and requests;
7. Processes patient request for access to and amendment of health information and consent forms;
8. Processes all patient accounting requests;
9. Ensures the capture and storage of patient PHI for the minimum period required by law;
10. Ensures compliance with all applicable privacy rule requirements and works with legal counsel and other managers to ensure the company maintains appropriate privacy and confidentiality notices and forms and materials.
11. Cooperates with the state and federal government agencies charged with compliance reviews, audits and investigations.
(b) Qualifications.
1. Educational requirements.
a. High school diploma or GED equivalent. Four-year college degree preferred, with a working knowledge of the privacy rule required.
b. Maintains current knowledge of applicable federal and state privacy laws and monitors changes in privacy practices for the fire protection industry to ensure current organizational compliance.
2. Mental requirements of the job.
a. Reading and writing skills required. Experience working with the public is essential.
b. Demonstrated organization, facilitation, communication and presentation skills.
3. Disclaimer. The information provided in this description has been designated to indicate the general nature and level of work preformed by incumbents within this job. It is not designed to be interpreted, as a comprehensive inventory of all duties, responsibilities, qualifications and working conditions required of employees, assigned to this job. Management has sole discretion to add or modify duties of the job and to designate other functions as essential at any time. This job description is not an employment agreement or contract.
(Ord. 0030-03, passed 4-2-03)