SUMMARY OF POSITION ROLE/RESPONSIBILITIES:



Similar documents
MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Exhibit B Latest revision: May 13, 2015

DESERT COMMUNITY COLLEGE DISTRICT DIRECTOR OF TUTORING AND ACADEMIC SKILLS CENTER (TASC) AND SUPPLEMENTAL INSTRUCTION (SI) BASIC FUNCTION

UNIVERSITY CLINICAL, EDUCATION & RESEARCH ASSOCIATES (UCERA) POSITION DESCRIPTION

Board Approved March 25, 2015 FLSA: EXEMPT DEAN, DISABLED STUDENT PROGRAMS & SERVICES

The Residence Life Coordinator - A Career in Network Marketing

UMDNJ COMPLIANCE PLAN

EXECUTIVE DEAN, INSTRUCTIONAL SERVICES

Institutional Data Governance Policy

SAN JACINTO COLLEGE JOB DESCRIPTION

Who Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

Rowan University Data Governance Policy

BOARD AND CEO ROLES DIFFERENT JOBS DIFFERENT TASKS

C A R L E T O N U N I V E R S I T Y POSITION DESCRIPTION OFFICER USE ONLY. 2. Position No:

POSITION DESCRIPTION

Data Management Standard

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

CORPORATE COMPLIANCE PROGRAM

CLASSIFICATION SPECIFICATION

CLASS SPECIFICATION Human Resources Director. Nonrepresented/All Bureau Directors hired after December 31, 2000 are exempt from Civil Service

DIRECTOR OF HUMAN RESOURCES

INSTITUTIONAL COMPLIANCE PLAN

Health Sciences Compliance Plan

Professional Position Description Section I Position Information Position Title

Definitions: Policy: Duties and Responsibilities: The Privacy Officer will have the following responsibilities and duties:

Information Security Program

Privacy & Security Matters: Protecting Personal Data. Privacy & Security Project

Position Description Cover Sheet. Executive Director, Risk Management and Compliance Division/department: GCO/Risk Management & Compliance

Mott Community College Job Description

Title: Data Security Policy Code: Date: rev Approved: WPL INTRODUCTION

Federal Bureau of Investigation s Integrity and Compliance Program

RIO HONDO COMMUNITY COLLEGE DISTRICT

STATEMENT OF VALUES AND CODE OF ETHICS

Marist College. Information Security Policy

Professional Level Public Health Informatician

How To Manage Information Security At A University

Director, IT Security District Office Kern Community College District JOB DESCRIPTION

Administrative Procedure Manual

ECH Inc POSITION DESCRIPTION. 3. Classification: As per contract negotiated with the incumbent

CLERK & COMPTROLLER, PALM BEACH COUNTY CLASS DESCRIPTION CLASSIFICATION TITLE: MANAGER HUMAN RESOURCES GENERAL DESCRIPTION OF DUTIES

Approved by the Audit and Compliance Committee of the Providence Health & Services Board of Directors

COMPLIANCE CHARTER 1

Fit and Proper Assessment Best Practice

REGULATIONS REGARDING THE ORGANIZATION OF THE FOUNDATION

The ADT Corporation. Audit Committee Charter. December 2014

Corporate Finance Adviser. Code of Conduct

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Mott Community College Job Description

The position is located in Iqaluit and reports to the Director, Policy, and Planning & Communications.

HIPAA Privacy Rule Policies

DEAN OF ONLINE EDUCATION AND LEARNING RESOURCES JC #708 (Saddleback College) (Academic Administration)

Banking Technical Systems Specialist Schematic Code ( )

CHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT)

Human Resources POSITION DESCRIPTION (HR 120)

THE INDEPENDENT COMMISSION OF INVESTIGATIONS JOB SPECIFICATION & DESCRIPTION. Travelling Allowance - $420,000 per annum JOB SPECIFICATION

AUDIT COMMITTEE CHARTER OF THE BOARD OF DIRECTORS I. PURPOSE

Long Beach Community College District Date Adopted: January 30, CLASS SPECIFICATION Director, Classified Human Resources

A RESOLUTION IMPLEMENTING A SECOND ASSERTIVE COMMUNITY TREATMENT TEAM BY CREATING FOUR (4.0 FTE) POSITIONS WASHTENAW COUNTY BOARD OF COMMISSIONERS

Job 1 of 1. Apply to job Send to friend Save to cart View similar jobs

How To Be A Security Officer

Job Description. Housing Manager

CLERK & COMPTROLLER, PALM BEACH COUNTY CLASS DESCRIPTION CLASSIFICATION TITLE: MANAGER FINANCE SERVICES GENERAL DESCRIPTION OF DUTIES

CREDIT CARD PROCESSING & SECURITY POLICY

CLASS FAMILY: Business Operations and Administrative Management

Oversight of Private Career Schools. State Education Department

Training and Human Resources Manager

CLASSIFICATION SYSTEM

Council for Interior Design Accreditation

Contact: Henry Torres, (870)

CLASSIFICATION SPECIFICATION FORM

Job Description. Senior Administrative Officer. Senior Administrative Officer. 5/30/2005 Page 1

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

Utica College. Information Security Plan

STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION

Become a founding member of the VA Digital Service

Position Description. First Nation Administrator

JOB DESCRIPTION POSITION DETAILS REPORTING RELATIONSHIPS SUPERVISOR 1 FUNCTIONS OF THE POSITION 2 ORGANISATIONAL CONTEXT. Chief Financial Officer

RIO HONDO COMMUNITY COLLEGE DISTRICT DEAN, COUNSELING AND STUDENT SUCCESS

University Students Council of the University of Western Ontario Position Description SEXUAL HEALTH & CONSENT EDUCATION COORDINATOR

FIRST COAST HEALTH ALLIANCE, LLC CHARTER AUDIT, FINANCE, AND NETWORK CONTRACTS COMMITTEE

Transcription:

SUMMARY OF POSITION ROLE/RESPONSIBILITIES: Reporting to the Senior Vice President for Administration, this position is responsible for ensuring that the University of Florida, in its entirety, is compliant with international, federal and state privacy laws, as well as industry privacy standards. WORKING TITLE: Chief Privacy Officer **** DO NOT ERASE THIS LINE **** POSITION NUMBER: 00003013 ALL POSITIONS: ESSENTIAL FUNCTIONS OF THE JOB AND THE PERCENTAGE OF TIME SPENT ON EACH FUNCTION [NOTE: IN COMPLIANCE WITH THE AMERICANS WITH DISABILITIES ACT (ADA), IDENTIFY ESSENTIAL FUNCTIONS OF A JOB REQUIRED TO BE PERFORMED WITH OR WITHOUT REASONABLE ACCOMMODATIONS. REQUESTS FOR REASONABLE ACCOMMODATIONS TO FACILITATE THE PERFORMANCE OF ESSENTIAL FUNCTIONS WILL BE GIVEN CAREFUL CONSIDERATION.] 55% - In accordance with the University of Florida missions, the Chief Privacy Officer, develops and implements, manages and coordinates all privacy- related activities for the university and its affiliates. Serves as primary information privacy consultant to the University and its entities. Campus- wide responsibilities include, but are not limited to, protection of all restricted data such as student records, healthcare information, and financial records. Assures university adherence and compliance with privacy regulations (i.e., federal statutes: HIPAA, FERPA, GLBA, Red Flags and similar state laws) and organizational policies and procedures. Investigates, manages, and mitigates privacy incidents, complaints, or breaches, and recommends disciplinary sanctions to university administration. Acts as final authority for Social Security Number exemption use. Initiates, facilitates, and promotes activities to foster information privacy awareness.

15% - Regularly collaborates with key university stakeholders about privacy- related issues, i.e. Deans, Risk Management Self- insurance Program, UF General Counsel, Information Security Officer; and occasionally reports issues to the UF Board of Trustees Audit Committee. Also interacts with Board of Governors Compliance Officer, and other external partners like Shands Privacy Officer, Veterans Administration Medical Center Privacy Officer. Maintains broad understanding of international, federal, and state privacy laws. Monitors advancements in information privacy technologies to ensure organizational adaptation and compliance. 10% - Responsible for university medical record management, including policies and procedures, and compliance with federal initiatives (i.e. implementation of electronic health records) as well as federal and state medical records legislation. Establishes and manages medical record control procedures to optimize the efficient and effective handling of medical records and related documents, i.e. patients rights requests and subpoenas. Ensures all delegated medical record custodians correctly and consistently protect and archive patient information; maintains medical record disclosure tracking. Provides consultative services in medical record- keeping practices to more than 100 UF clinics located throughout Florida. 10% - Oversees required Business Associate Agreement (BAA) activity for privacy and security business associates and trading partners, with legal assistance may negotiate BAA terms and conditions. Partners with Purchasing and the Information Security Officer to evaluate new software programs or applications that affect the University s restricted data networks. 5% - Develops and maintains FTC mandated Identity Theft Prevention Program for university and affiliates. Tracks and reports related activities to Audit Committee, UF Board of Trustees. 5% - Oversees the Privacy Board compliance with HIPAA- related research directives; the Privacy Board serves the University Health Science Center and the Georgia- North Florida Veterans Hospitals as well as UF affiliated entities. Interacts with four Independent Review Boards to ensure compliance with research confidentiality regulations. MARGINAL FUNCTIONS OF THE JOB AND THE PERCENTAGE OF TIME SPENT ON EACH FUNCTION [NOTE: FOR PURPOSES OF ADA, THESE FUNCTIONS ARE MARGINAL ONLY TO INDIVIDUALS COVERED UNDER THE ADA WHO ARE UNABLE TO PERFORM THESE FUNCTIONS WITH OR WITHOUT REASONABLE ACCOMMODATION BECAUSE OF A COVERED DISABILITY.] All functions of this position are essential and are dictated by federal and state of Florida laws.

SUPERVISION RECEIVED. EXPLAIN THE TYPE AND EXTENT OF INSTRUCTIONS OR DIRECTIONS NORMALLY GIVEN TO THIS POSITION BY THE IMMEDIATE SUPERVISOR. General instructions and supervision provided by the Senior Vice President for Administration and Business Ventures; however, the incumbent in this position is expected to work independently and exercise prudent judgment. SUPERVISION EXERCISED. LIST THE CLASS TITLES AND POSITION NUMBERS OF POSITIONS UNDER THE DIRECT SUPERVISION OF THIS POSITION. Position # 00011199 - Administrative Assistant Position # 00003233 Privacy Manager Position # 00021827 Privacy Analyst Position # 00003496 Privacy Compliance Auditor Position # 00025630 Privacy Manager, Jacksonville campus Indirectly supervises HIPAA Research Coordinator (IRB- 01). NORMAL WORK SCHEDULE. (ENTER DAYS/HOURS HERE): EXPLAIN ANY VARIATIONS FROM THIS SCHEDULE (EX: ON CALL, SHIFT ROTATIONS, SEASONAL EXTENDED HOURS, TRAVEL, ETC.: 8: 00 a.m. to 5:00 p.m., Monday through Friday. Additional work hours are required as deadlines and/or job responsibilities dictate. EDUCATION, TRAINING, AND EXPERIENCE. IN ORDER OF IMPORTANCE, STATE ANY SPECIFIC EDUCATION, TRAINING, EXPERIENCE, KNOWLEDGE, SKILLS, AND ABILITIES REQUIRED FOR THIS POSITION. IN ADDITION, IDENTIFY THE MINIMUM QUALIFICATIONS AS LISTED IN THE CLASS SPECIFICATION FOR THIS

CLASSIFICATION (AVAILABLE AT www.hr.ufl.edu/departmental/ccestablishing.htm). LIST ANY ADDITIONAL OR PREFERRED QUALIFICATIONS SPECIFIC TO THIS POSITION. Minimum Qualifications: Master's degree in an appropriate area of specialization and six years of appropriate experience; or a bachelor's degree in an appropriate area of specialization and eight years of appropriate experience. Prefer healthcare operations experience, preferably three years focused on medical record compliance and HIPAA privacy experience. Prefer degree in Health Administration, Business or relevant field or a Law Degree. Must have thorough understanding of the federal and state privacy regulations, i.e. FERPA, GLBA, and HIPAA; specifically, HIPAA privacy, but also HIPAA- related transactions, security, employer identifier, national provider identifier. Must be able to interact with senior executives, faculty, staff, students, and vendors. Must be able to lead internal work teams created to address specific privacy issues. Ability to interact with other privacy professionals on national level. Experienced in information privacy management role. Extensive familiarity with relevant health care legislation and standards for the protection of health information and patient privacy required. Experience in an academic medical center preferred. Extensive knowledge of legal and regulatory issues as they relate to privacy issues in academia required. The ability to work effectively in a collegial, consensus- driven organization required. Demonstrated ability to perform project management and demonstrated organization, facilitation, communication and presentation skills to influence key stakeholders. Excellent verbal and written communication skills, as well as interpersonal skills are required. Must be able to problem solve, prioritize assignments and effectively manage projects. Certified International Privacy Professional (CIPP) credential preferred. REQUIRED LICENSES, CERTIFICATIONS, AND OTHER SPECIFIC REQUIREMENTS OF LAW. PLEASE REVIEW THE STATEMENTS BELOW AND PLACE A Y IN FRONT OF ALL THAT APPLY.

THIS POSITION REQUIRES A POST OFFER HEALTH ASSESSMENT. THIS POSITION IS RESPONSIBLE FOR MEETING THE REQUIREMENTS OF THE RULES OF UNIVERSITY OF FLORIDA, 6C1-3.022 FINANCE AND ADMINISTRATION; PAYMENT TO VENDORS; PAYMENT PROCESSING GUIDELINES, AS AMENDED, REGARDING THE APPROVAL AND/OR PROCESSING OF VENDORS INVOICES AND/OR DISTRIBUTION OF WARRANTS TO VENDORS. THIS POSITION REQUIRES LICENSURE, CERTIFICATION, OR OTHER SPECIAL REQUIREMENTS (PLEASE SPECIFY). THIS POSITION REQUIRES A CRIMINAL BACKGROUND CHECK. THIS POSITION PROVIDES CARE TO CHILDREN, THE DEVELOPMENTALLY DISABLED, DISABLED ADULTS, OR IS OTHERWISE DEFINED IN SECTION 110.1127 (3)(A) FLORIDA STATUTES AND THEREFORE REQUIRES A SPECIAL BACKGROUND CHECK AS DESCRIBED IN SECTION 435 FLORIDA STATUTES. Y - THIS POSITION IS SUBJECT TO FEDERAL AND STATE PRIVACY REGULATIONS. OTHER, PLEASE SPECIFY: OTHER CHARACTERISTICS OF THE POSITION. DESCRIBE OTHER CHARACTERISTICS OF THE POSITION SUCH AS PHYSICAL, MENTAL, AND ENVIRONMENTAL FACTORS ESSENTIAL TO THE SATISFACTORY PERFORMANCE OF THE FUNCTIONS OF THE POSITION, OR OTHER CHARACTERISTICS, WHICH HAVE NOT OTHERWISE BEEN DESCRIBED IN THE POSITION DESCRIPTION. NON EXEMPT (HOURLY) POSITIONS ONLY:

MACHINES AND EQUIPMENT USED REGULARLY. INDICATE PERCENTAGE (%) OF TIME IN THE OPERATION OF EACH. EXEMPT (BIWEEKLY/ANNUAL) POSITIONS ONLY: POLICY MAKING AND/OR INTERPRETATION. Responsible for establishing and promulgating policies and procedures regarding information privacy for the University of Florida and its affiliates. The incumbent must maintain a broad understanding of federal and state laws and legislative initiatives related to privacy information, especially protected health information, as well as policies and practices. The incumbent is responsible for interpreting and translating requirements for implementation of privacy information policies. Serves as a university- wide resource for matters of information privacy. PROGRAM DIRECTION AND DEVELOPMENT. Consults and advises the Senior Vice Presidents for Administration and Health Affairs and the Deans and Directors of the University and its affiliates regarding privacy issues and initiatives. Makes recommendations for short and long- range security planning in response to future system needs, new technology and new organizational challenges. Provides consultant services for information privacy on a university- wide basis. LEVEL OF PUBLIC CONTACT. STATEMENT OF INTERNAL AND EXTERNAL BUSINESS CONTACT, INCLUDING FREQUENCY AND SCOPE. Maintains contact with the Senior Vice Presidents for Administration and Health Affairs, Associate and Assistant Vice Presidents for Health Affairs, Deans, Directors and other administrative officers of the Health Science Center's Gainesville and Jacksonville campuses. Also interacts, as necessary, with the administration of the University of Florida, Shands HealthCare, and federal and state of Florida agencies. May serve on various University of Florida committees. Acts as an advocate for information privacy issues by providing meaningful input, preparing/delivering effective presentations and communicating information privacy objectives. MONETARY RESPONSIBILITY. AMOUNT AND CONSEQUENCE OF ERROR.

Responsible for assisting the Senior Vice President for Administration with developing, maintaining and administering the information privacy budget required to fulfill the University's privacy initiatives. Responsible for ensuring that privacy initiatives and recommendations are financially viable and prudent. Consequence of error may be financially adverse (i.e., penalties, fines, litigation) to the operation of the University of Florida; University may also experience reputational damage for privacy breaches. STATEMENT OF RESPONSIBILITY FOR CONFIDENTIAL DATA. (THE DISCLOSURE OF WHICH WOULD BE PREJUDICIAL TO THE SUCCESSFUL OPERATION OF THE UNIVERSITY OF FLORIDA.) The incumbent in this position is responsible for maintaining sensitive and confidential materials that are received and/or developed during the course of the incumbent s job duties. The incumbent must be able to exercise prudent judgment and initiative in performing assigned tasks and responsibilities. The incumbent must be articulate in explanation of problems, inventive as to potential solutions, and highly professional in his/her dealings with University of Florida, Health Science Center and Shands HealthCare constituencies as well as regulatory agencies and other external parties. INFO TECHNOLOGY POSITIONS ONLY: CREATIVITY, STRATEGY AND LEADERSHIP. CREATIVITY: STRATEGY: LEADERSHIP: BUDGETARY RESPONSIBILITY. Responsible for Privacy Office RCM activities.

COMMUNICATION. INTERNAL AND EXTERNAL, INCLUDING FREQUENCY AND SCOPE, NOTING CONFIDENTIAL COMMUNICATION. EMPLOYEE AND SUPERVISOR INFORMATION: EMPLOYEE NAME: Susan A. Blair IMMEDIATE SUPERVISOR S NAME, TITLE, AND POSITION NUMBER: Brian C. Beach, Senior Vice President, Administration and Business Ventures - Position # 00021133 REVIEWING AUTHORITY NAME AND TITLE: Brian C. Beach, Senior Vice President, Administration and Business Ventures - Position # 00021133 CLASSIFICATION CHANGE ACTION COMPLETE ONLY IF REQUESTING A CLASSIFICATION CHANGE. INDICATE SPECIFICALLY HOW THE DUTIES OF THIS POSITION HAVE CHANGED SINCE IT WAS INITIALLY OR LAST CLASSIFIED. Significant Changes to the Job Responsibilities: Expanded scope of responsibility from Health Science Center to University and its affiliates. Expanded scope of privacy laws affecting university activities, i.e. international privacy laws, especially those affecting research, as well as new federal and state privacy legislation. Position now reports to Senior Vice President of Administration and Business Ventures Expanded direct supervisory responsibilities for reclassified positions: Privacy Analyst, Privacy Compliance Auditor, Privacy Manager I and II (Jacksonville campus).

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information