Nature of Work
Under general direction, performs advanced level complex administrative and regulatory work directing the Executive Branch Health Insurance Portability and Accountability Act (HIPAA) privacy activities. Has overall HIPAA privacy program responsibilities including: monitoring and interpreting HIPAA; HIPAA privacy regulations and State privacy laws; implementing Executive Branch policies and procedures; conducting educational programs; auditing; compliance; and administering reviews. Responsible for maintaining the privacy infrastructure throughout the Executive Branch.

Examples of Work
Leads the Executive Branch's HIPAA Privacy Program; reports periodically on the status of the program to the Executive Branch agencies.
Maintains a privacy infrastructure throughout the Executive Branch, consisting of a Privacy Officer within each department who reports directly to the Secretary of the department; each department level Privacy Officer reports to the Chief Privacy Officer regarding the status of the privacy program.
Identifies, implements, and maintains Executive Branch HIPAA privacy policies and procedures through the department Privacy Officers.
Ensures through the department Privacy Officers that all HIPAA privacy requirements are implemented, including: the use and disclosure of protected health information (PHI); the minimum necessary rule such that only the minimum amount of PHI necessary for the intended purpose is used or disclosed; workforce policies including sanctions; patients' rights; legal and organizational requirements including the privacy notice and authorization; and state law preemption analysis.
Conducts through the department Privacy Officers educational and training programs on HIPAA privacy for all members of the workforce, including material changes in law.
Provides counsel to Privacy Officers regarding the Business Associate Agreements.
Monitors the department Privacy Officers' complaint process and directs changes as needed.
Analyzes complaints in the aggregate across the Executive Branch and initiates Executive Branch-wide implementation of any necessary changes.
Directs an internal HIPAA privacy audit program.
Directs the Executive Branch HIPAA privacy compliance program.
Directs the department Privacy Officers' implementation of corrective and improvement programs where appropriate.
Directs the department Privacy Officers' implementation of corrective and improvement programs where appropriate.
Serves as a liaison with the federal Office of Civil Rights and other regulatory and legal entities in any HIPAA privacy compliance reviews or investigations.
Monitors and interprets federal and state privacy laws, regulations and court decisions to ensure Executive Branch privacy compliance; directs changes to policies and procedures based upon changes in law.
Updates the published State preemption analysis reflecting changes in state law and provides analysis of the interaction with HIPAA.
Coordinates through the department Privacy Officers with the HIPAA Chief Security Officer, department Security Officers, and other health information management and information technology professionals to ensure alignment between security and privacy practices; requires the Chief Security Officer and department Security Officers to certify as to appropriate security of PHI, to ensure that HIPAA privacy requirements are fulfilled; mediates differences between these professionals and in the event of a conflict, resolves all matters impacting HIPAA privacy.
Works with the Office of the Governor, Executive Branch administration, legal counsel, and other parties to represent the Executive Branch's information privacy interests with the Legislature or others who undertake to adopt or amend privacy legislation, regulations, or standards.
Provides strategic guidance to department Privacy Officers, Cabinet Secretaries, and the Governor's Office regarding HIPAA privacy requirements.
Provides leadership in the planning, design, and evaluation of privacy projects.

Knowledge, Skills and Abilities
Knowledge of the Constitution, relevant statutes, court decisions, state and federal laws, regulations, and policies.
Knowledge of legal methods and processes including the administrative regulation promulgation process, and legislative drafting and process.
Knowledge of information privacy laws, access and release of information, and HIPAA.
Knowledge of information technology issues.
Knowledge in and ability to apply the principles of project management and change management.
Skilled in organizing, facilitating, communicating, and presenting.
Skilled in mediation and conflict resolution.
Ability to analyze facts and legal documents.
Ability to interpret laws, regulations, and policies.
Ability to communicate effectively, both orally and in writing.
Ability to establish and maintain effective working relationships with employees, other government official, and the public.
Ability to supervise others.
Ability to plan, direct, and coordinate the privacy program across the Executive Branch through department Privacy Officers.

Minimum Qualifications      [Top]
Training:
Admission to practice law in the State of West Virginia.
Experience:
Seven years of full-time or equivalent part-time paid experience in the practice of law including experience in health care regulatory analysis, three years of which must have been in an administrative or supervisory capacity.
Substitution:
One year of full-time or equivalent part-time paid experience as an attorney serving as a department Privacy Officer may substitute for two years of the experience requirement.

Established: 03/20/03
Effective:     04/01/03