The mission of the Privacy Office is to create, administer, and maintain a business transaction framework of best practices for privacy compliance throughout the spectrum of Springfield Clinic business operations. The Privacy Office reviews and translates into policy relevant ethical, legal, accreditation, and regulatory standards, to ensure that Springfield Clinic is able to provide the highest quality of healthcare privacy to the people of central Illinois.
The Information Privacy Officer is a person designated by an organization who routinely handles protected health information, to develop, implement, and oversee the organization's compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA) privacy rules. As the point of contact for all patient privacy issues, she is also called as the entity's Contact Person.
Information Privacy Officers ensure privacy of protected healthcare information among the beneficiary and their providers, and protect such private information from unauthorized access. They also oversee all activities related to the development, implementation, maintenance, and adherence to the covered entity’s policies and procedures. Information Privacy Officers allow access to patient health information only in compliance with federal and state laws and the healthcare organization’s information privacy practices.
The scope of work of the Privacy Office includes monitoring regulations, standards, and industry trends relative to healthcare privacy, with application of this knowledge base to Springfield Clinic operations, translation into policy, and privacy education of the workforce. She serves as the contact point for the Office of Civil Rights and Illinois Attorney General for privacy investigations, internally mitigates and reports privacy incidents, assists patients with their privacy rights and forms translation, and evaluates Business Associate contracts.
The Privacy Office is a functional component of the Enterprise Risk Management Program.
The Information Privacy Officer (IPO) reports directly to the Chief Human Resources Officer (CHRO). The IPO reports a summary of incidents to the Compliance Committee and to Springfield Clinic Administrators. Administration refers risk acceptance and other high-level reviews to the Board of Directors for direction or approval.
The Information Privacy Officer functions as a Department Director, managing the Privacy Operations Manager, Privacy Operations Analysts, and Support Specialist. The IPO functions as an internal privacy and medicolegal consultant to the entire workforce, as an advocate to the patient or his/her legal representative, and as a compliance professional to visitors, business associates, merger staff and OHCA partners.
The Information Privacy Officer is authorized to:
The Information Privacy Officer has the responsibility to:
Provide privacy compliance advice to the Springfield Clinic workforce when policy does not provide clear direction regarding issue resolution. Interpret patient directives for proper observance of legal authority. Assist with ePHI systems selection, and with planning recovery from any systems malfunction affecting legal health record documentation.
Assist OHCA associates with understanding and structure of the legal health record, and work flow processes for especially sensitive records. Review merger electronic record systems for integration planning, assist with data mapping and transfer procedures, and assure that the prior practice legal health record is retained for medicolegal and audit purposes.
The IPO should administratively remain independent of operations management to be fully functional in objectively applying standards to workflow and transactions across departmental lines without bias.
The IPO maintains active membership in the American Health Information Management Association (AHIMA) as well as the State (ILHIMA) and Regional branches (CIHIMA)of this Organization, incorporating professional ethics, continuing education, and best practice standards into all functions.
The Information Privacy Officer should annually re-assess whether the mission, authority, and responsibility, as defined in this charter, continue to be adequate to enable the Privacy Office to accomplish its objectives. The result of this periodic assessment should be communicated to the Chief Human Resources Officer.
Stay informed of health tip, trends, recipes & more.