Manages and processes all incoming and outgoing requests to transfer medical records to and from the center, providing authorized individuals with timely access to patient information without compromising the security of patient records.  

Safeguards confidentiality of the medical records and complies with all local, state, and federal laws pertaining to medical records.

Answers telephone in a timely manner, following organizational and departmental policy. Is calm, collected, professional, friendly, and helpful with all phone and walk-in requests for patient records.  Is persistent with locating patient records—able to troubleshoot with retrieval of records multiple locations.  Able to comfortably use PC and all software programs utilized by the clinic.

Releases patient health information by phone, fax or mail following clinic and organizational guidelines.  Completes these tasks in a timely and thorough manner, including all copies of letters, dictation, labs, and x-rays requested by clinical staff.  Sends dictated letters to physician for signature before faxing referrals.  Maintains strict confidentiality of patient information.

Pulls records in response to requests in an accurate and timely fashion according to department protocol. 

During lag times, able to evaluate whether other employees need help, then provides this assistance.  Provides excellent customer service when assisting others.  Knows all assignments within the ambulatory site medical records department and is able to fill in for coworkers scheduled and unscheduled time off.  Assists in training of new employees as requested.  May perform any clerical duty assigned in a continuously changing medical practice.

HIPAA Compliance Program development and oversight. 

Oversees HIPAA program development and compliance, assuring compliance with all HIPAA regulations concerning use, retrieval, storage, and sharing of medical records.

Performs initial and periodic privacy risk assessments and conducts ongoing monitoring activities in coordination with other compliance and operation assessment functions, including the implementation of appropriate safeguards for protection from intentional or unintentional unauthorized uses and disclosures of PHI.

Conducts ongoing monitoring activities for protection from intentional or unintentional unauthorized uses and disclosures of PHI.

Assists in the implementation and maintenance of the center’s privacy and security policies and procedures, including HIPAA, and Data Breach Notification.

Works with Director of Operations, Business Office Supervisor, and other personnel to ensure that the center has and maintains appropriate privacy Authorization forms, information notices, and materials reflecting current center policies and legal practices and requirements. 

Training and education. 

Works with the Director of Human Resources to coordinate training and education activities to ensure that the center’s workforce and related entities understand and comply with their privacy obligations. 

Facilitates initial and ongoing privacy training and orientation to the center’s workforce, contractors, and business associates, if appropriate.

Initiates, facilitates and promotes activities to foster information privacy awareness within the center.

Attends from time to time professional development seminars and/or classes relating to health information privacy to keep abreast of developing issues in the area.

Maintains current knowledge of applicable federal and state privacy laws and regulations and monitors advancements in information privacy technologies to ensure the center’s adaptation and compliance.

Business Associate Agreements (BAAs). 

Participates in the development, implementation, and ongoing compliance monitoring of all BAAs to ensure that all privacy concerns, requirements, and responsibilities are addressed.

 The Privacy Officer, in conjunction with the center’s workforce, imposes appropriate corrective measures, including termination of an agreement, if necessary, to ensure business associate compliance with applicable agreements.

Patient rights: Works cooperatively with the center’s workforce to facilitate patients’ rights to inspect, amend, restrict access to, or request confidential communications with respect to their PHI, when appropriate.  The Privacy Officer:

Oversees the publishing, maintenance, and amendments of the center’s Notice of Privacy Practices (NPP) and coordinates the obtaining of the patients’ written acknowledgment of their receipt of the center’s NPP.

Reviews and responds to all requests for disclosure of PHI for non-routine purposes to ensure compliance with the center’s policies and procedures and legal requirements relating to such disclosures.

Establishes, with the assistance of the center’s workforce, a mechanism to track disclosures of PHI, as required by law, and to allow patients to review or receive an accounting of such activity.

Complaints, investigations, and sanctions. 

Cooperates with the Secretary of HHS and other governmental entities in any privacy compliance review or investigation.

Investigates and resolves all allegations of noncompliance with the center’s privacy policies and procedures or federal or state law, including overseeing the implementation of corrective measures, as necessary. 

Establishes and administers a process for receiving, documenting, and taking all appropriate action with respect to complaints concerning the center’s privacy policies and procedures.

Ensures internal compliance with privacy policies and procedures and consistent application of disciplinary action for failure to comply with such policies and procedures.

The individual must have an Associate's degree or equivalent from two-year college or technical school; or six months to one year related experience and/or training; or equivalent combination of education and experience.

Willingness to learn necessary types of computer applications including electronic health record system

Ability to work in a team environment and maintain good working relationships with co-workers and patients

Ability to work under pressure in a fast-paced environment, required.

Previous experience in a patient care setting preferred and/or knowledge of medical terminology preferred.