Director of Privacy & Vendor Oversight

Job Description

Job Description

Director of Privacy and Vendor Oversight

Location: Birmingham, AL

Why VIVA HEALTH?

VIVA HEALTH, part of the renowned University of Alabama at Birmingham (UAB) Health System, is a health maintenance organization providing quality, accessible health care. Our employees are a part of the communities they serve and proudly partner with members on their healthcare journeys.

VIVA HEALTH has been recognized by Centers for Medicare & Medicaid Services (CMS) as a high-performing health plan and has been repeatedly ranked as one of the nation's Best Places to Work by Modern Healthcare.

Benefits

• Comprehensive Health, Vision, and Dental Coverage
• 401(k) Savings Plan with company match and immediate vesting
• Paid Time Off (PTO)
• 9 Paid Holidays annually plus a Floating Holiday to use as you choose
• Tuition Assistance
• Flexible Spending Accounts
• Healthcare Reimbursement Account
• Paid Parental Leave
• Community Service Time Off
• Life Insurance and Disability Coverage
• Employee Wellness Program
• Training and Development Programs to develop new skills and reach career goals
• Employee Assistance Program

See more about the benefits of working at Viva Health -

Job Description

The Director of Privacy and Vendor Oversight assists the Executive Director in supervising the Privacy & Vendor Oversight Department. This position provides ownership of the organization’s contract management system, ensuring contracts are centrally maintained, accessible, and reliably tracked to support business operations and internal controls. The role is responsible for maintaining Health Insurance Portability and Accountability Act (HIPAA) privacy policies, procedures and practices that govern the privacy of, and access to, protected health information (PHI) in accordance with the HIPAA.

This position conducts regulatory and business reviews of Business Associate Agreements (BAAs) and coordinates with Legal Counsel, who performs legal review and provides legal approval. This position ensures assigned Business Owners perform proper oversight of vendors classified as First Tier, Downstream, and Related Entities (FDRs) and leads in the development of request for proposals (RFPs) for the periodic evaluation of vendors assigned to the Vendor Oversight department.

Key Responsibilities

• Oversee the conversion and migration of existing contracts into a centralized contract management database/system, ensuring accuracy, completeness, and proper indexing. Supervise employee(s) involved in the migration to and maintenance of a centralized contract management system. Review contract data for consistency, compliance, and quality control during and after conversion. Ensure the ongoing integrity, organization, and usability of the contract management system.
• Ensure contract records, including amendments, renewals, expirations, and related documentation are maintained and updated. Monitor contract status, key dates, and obligations to ensure timely renegotiations, renewals, terminations, and compliance.
• Establish, document, and enforce contract management policies and procedures and documentation standards. Ensure a Business Owner is assigned to each contract and trained on related responsibilities. Support continuous improvement of contract management processes and system functionality.
• Maintain knowledge of HIPPA privacy regulations, policies, and industry best practices. Ensure the department follows established processes for receiving, documenting, tracking, investigating, and acting on privacy incidents and complaints. In conjunction with the Privacy Officer, ensure timely regulatory reporting and breach notification of HIPAA incidents rising to the level of a HIPAA breach. Take appropriate steps to document and mitigate privacy breaches. Cooperate with the Office for Civil Rights, other oversight agencies, UABHS legal counsel, and management in any privacy compliance reviews or investigations.
• Develop, direct, and oversee privacy training and awareness to all employees, contractors, business associates, and other third parties. Support departments in embedding appropriate privacy protections into processes involving PHI. Ensure compliance with HIPAA requirements related to the organization’s Notice of Health
  Information Practices, business associate agreements, and all other applicable privacy obligations.
• Ensure the organization’s BAAs comply with current regulatory requirements and that the organization maintains fully executed and compliant BAAs with all business associates.
• Supervise Departmental employee(s) whose primary function is vendor oversight. Maintain current knowledge of applicable federal and state regulatory requirements impacting services provided by FDRs.
• Serve as the Business Owner for certain key supplemental benefit vendors. Monitor the performance of these vendors and formally reassess periodically. Lead the RFP process to evaluate transitioning to a competing vendor when deemed necessary to ensure the best value, service, and contract terms.

REQUIRED:

• Bachelor’s Degree
• 10 or more years working in health care related businesses
• 5 years in a managerial or supervisory role
• At least 5 years working in vendor selection, contract negotiation, or oversight
• 5 years with HIPAA privacy requirements
• Critical thinking skills, problem solving skills, and strong attention to detail
• Ability to work cooperatively with regulators, leaders, and Business Owners in other departments
• Ability to manage employees effectively
• Ability to research vendor offerings, review vendor proposals, and effectively manage vendor performance
• Excellent verbal and written communication skills including the ability to prepare reports, policies, training material, etc.
• Ability to research and interpret applicable laws and regulations and apply them to different processes and departments during internal and subcontractor audits
• Ability to analyze data and identify trends and/or anomalies
• Ability to interpret, summarize, and relay large amounts of detailed information to regulators, customers, and management
• Proficient in Microsoft Word, Excel, and PowerPoint

PREFERRED:

• Juris Doctor
• Experience in health care compliance
• Experience issuing Requests for Proposals
• Experience managing a contract database
• Served as a Privacy Officer