Internal Auditor/Privacy Advocate
 

Position Title:
Internal Auditor/Privacy Advocate

Department:
Administration

Reports To:
Chief Operating Officer (COO)

BRIEF DESCRIPTION OF POSITION:
The Internal Auditor will lead and conduct all aspects of independent risk-based audits to evaluate the effectiveness of internal controls through analysis/testing of business processes and procedures. Test results would be used to anticipate and to identify SAS70 internal control breakdowns or gaps. The Internal Auditor will make recommendations for process improvement documentation and review of controls, as well, as remediation.

The Privacy Advocate role will be responsible for the organization’s privacy practices. He/She will ensure that each facet of the organization complies with its stated policies and procedures. This position requires knowledge and experience to enforce the requirements of HIPPA regulations, an understanding of IT functions and security practices. The duties, will consist of, but are not limited to, overseeing all ongoing activities related to the development, implementation, maintenance of and adherence to the organization’s policies and procedures covering the privacy of and access to patient health information (PHI) in compliance with Federal and State laws.

PRINCIPAL RESPONSIBILITIES:
• Identify/Assess/Document key risks and related controls by walkthrough, personal observation and interviews.
• Prepares planning documentation, detailing risk assessment/scope/timing/testing methodology.
• Ensures all audits are accurate, completed in established timelines and with adherence to SAS70 standards.
• Analyzes and evaluates SAS70 results; ensures that audit results are supported and cleared with Executives and Managers
• Identifies gaps and develops remediation plans; recommends process changes/improvements to process owners for gap remediation and development of follow up procedures.
• Prepares draft reports that identify deficiencies and remediation plans and review with COO.
• Participates in Exit Meeting/review identified deficiencies/disposition with Auditors.
• Interfaces with Matrix leadership to communicate results and ensure compliance
• Interfaces with Quality and IT teams to ensure all projects consider impact of manual/automation changes
• Builds team consensus/facilitate change/recognize/respond to changing business risks/manage multiple priorities.
• Maintains compliance with Federal & State laws related to privacy and security, confidentiality and protection of information resources.
• Collaborates with designated individuals to ensure policies and procedures relating to privacy and security are developed and implemented for the organization’s hardware, software and communications systems.
• Collaborates with departments such as legal counsel, human resources, customer service, accounting and IT to ensure compliance with privacy requirements.
• Monitors all departmental systems development and operations for security and privacy compliance
• Develops corporate privacy policies and procedures for security and privacy compliance that includes, but not limited to, notice of information practices, handling of PHI (protected health information) and recordkeeping procedures
• Develops, implements and administers corporate-wide request for access/disclosure verification procedure that reasonably verifies the identity of the individual or entity requesting access and/or legal authority to request the PHI.
• Develops and implements a corporate-wide privacy training program for employees and cyber security awareness.
• Privacy training to all members of the workforce, including all employees, volunteers, trainees and other persons under their direct control of an entity on an unpaid basis, who are not business partners but who are likely to have contact with PHI.
• Maintains privacy retraining for all employees on a periodic basis, at a minimum of every three years.
• Proactively searches literature for changes and developments in privacy requirements

QUALIFICATIONS, EDUCATION AND EXPERIENCE:
• Bachelor’s degree in Finance, Accounting or Business Administration
• Minimum 2 years experience in internal and external audit or related finance experience
• Minimum 2 to 5 years of experience in healthcare regulatory experience
• Minimum 2 to 5 years of experience in information privacy laws, access and release of information
• Minimum 1 year experience in SAS70 Audit and Compliance
• Proficient in Word, Excel and Powerpoint – flowchart capability
• Strong analytical and organizational skills, including database extraction expertise
• Knowledge of AICPA’s standards and Service Auditor Reports Type I and Type II
• Knowledge of Operational processes and IT concepts
• Knowledge of Federal & State Regulations applicable to privacy laws, access and release of information
• Knowledge of the Health Insurance Portability and Accountability Act (HIPPA)

 

 
 
  Note: Medical Matrix, LLP is not affiliated with the Centers of Medicare and Medicaid Services.

 

 
     

2007 Medical Matrix, LLP | Privacy Policy and Legal Statement