Healthcare Privacy and Compliance Officer
Resume:
O’Dell Covington, M.S.A., CPCO, CHPSE, CCAP
**** ********** **** *****, ***** Mountain, GA 30087
adso3m@r.postjobfree.com
PROFILE
Demonstrated leadership and 20+ years of experience in healthcare privacy, security, cybersecurity, information technology, healthcare revenue cycle, and regulatory compliance.
Experience in the development, implementation, and expansion of effective comprehensive Privacy, Security, compliance, ethics, and risk programs and with a keen understanding of applicable laws, regulations, industry standards, and related compliance issues within a large, complex organization.
Confirmed leadership working in partnership with Information Security and Privacy Officers and team members to assure compliance with federal and state privacy regulations, security regulations, cybersecurity best practices, HIPAA / Privacy including data breaches, data breach reporting, anti-kickback status, conflict of interest, the Federal data breach notification, and related International, Federal and State privacy laws and regulations, etc.
Specializing in: risk modeling and risk management structures for compliance around HIPAA Privacy, HIPAA Security, GLBA, CCPA, GDPR, PCI, NIST, IS0 27000, FERPA, HITRUST, HITECH,, FDA, CMS, HHS, OIG, OCR, PCI, SOC2 and other GA state laws for the protection of ePHI and privacy rights, auditing of appropriate access, appropriate provision of Privacy Rights of individuals, employer training programs, regulatory compliance including STARK, Anti-Kickback, FWA, fraud, abuse, internal threats, data breaches, and breach notification, and False Claims Act.
Critical Skills
Strong analytical and critical thinking skills and the ability to analyze, summarize and effectively present data.
Strong interpersonal skills and the ability to effectively work with a wide range of individuals and constituencies in a diverse community and able to work independently.
Strong verbal and written communication skills and the ability to present information effectively to groups. Organized, responsive, and a through problem solver.
Skill in examining and re-engineering operations and procedures, formulating policy, and developing and implementing new strategies and procedures.
Knowledge of computerized information systems used in compliance applications.
Possess the ability to develop and maintain strong working relationships with internal and external partners and the ability to quickly grasp complex regulatory schemes and policy issues and communicate them effectively.
Ability to plan, prioritize, and manage own workload while balancing competing priorities, with excellent attention to detail. Significant experience in project management, policy analysis, and issue development. Ability to work on own initiative. Ability to produce a large quantity of work at high quality.
Project management skills. Ability to follow through and complete tasks on time with minimal supervision.
Adeptness in management and building effective relationships, conflict resolution, and problem-solving.
Develop and communicate security/audit strategies, solutions, and plans to the client’s executive team, staff, and stakeholders.
Proven experience planning, executing, and managing a variety of regulatory, investigative, and educational-based projects as an integral member of the privacy and information security program. Demonstrated experience preparing training materials and conducting education or training sessions throughout the organization.
Proven ability to function independently.
Sound decision and sturdy commitment to ethical conduct and integrity.
First-rate interpersonal skills, able to work across different functions.
EDUCATION COMPLETED
Master of Science, Healthcare / Administration, Central Michigan University, Mt Pleasant, MI
Bachelors of Science, Lander College, Greenwood, SC
Associate of Science, Piedmont Technical College, Greenwood, SC
ACTIVE PROFESSIONAL CERTIFICATIONS
CERTIFIED PROFESSIONAL COMPLIANCE OFFICER (CPCO)
AAPC
Salt Lake City, UT 84120
CERTIFIED HIPAA PRIVACY SECURITY EXPERT (CHPSE)
SUPREMUS GROUP, LLC
WAUKEE, IA 50263
CERTIFIED CYBERSECURITY AWARENESS PROFESSIONAL (CCAP)
SUPREMUS GROUP, LLC
WAUKEE, IA 50263
PROFESSIONAL EXPERIENCE
2/2022 to present
Director of Privacy/ Privacy Officer / Asst. Compliance Officer
Atrium Health Navicent, Macon, GA
Leading the identification, implementation and maintenance of privacy and incident management policies and procedures in coordination with the Security Officer and Privacy and Security Committees for multiple health systems.
Responsible for identifying, analyzing, disseminating, and overseeing implementation of new laws and contractual requirements related to privacy and incident management.
Leading processes for researching and responding to stakeholder inquiries concerning privacy and incident management requirements.
Responsible for developing the privacy risk assessment and workplan.
Collaborating with the Security and Risk Officers to oversee the Privacy and Incident Management Program.
Initiating, facilitating, and promoting activities to foster privacy and incident management awareness and compliance within the health systems.
Co-chairing the Privacy and Security Committee and providing Board of Director reporting.
Overseeing privacy and incident program reporting and ensuring KPIs are met.
Leading the investigation and resolution of privacy complaints and internal audit and monitoring related to privacy and incident management.
Communicating effectively with stakeholders to manage expectations and ensure deadlines are met.
Develops and manages compliance education, including required Annual Training, New Employee and Provider Training, New Manager training, and specialized training and education on various compliance topics throughout the year.
Oversees and monitors the implementation of the Compliance Program including development, initiation, and maintenance of policies and procedures for the general operation of the Compliance Program and its related activities to prevent illegal, unethical, or improper conduct.
Research clients’ requirements to develop potential technical solutions by interacting with any internal and/or external solution providers and subject matter experts. Designated privacy subject matter expert.
10/2017 to 2/2022
National Healthcare Compliance Manager
Konica Minolta Business Solutions -USA/ Healthcare / All Covered, Atlanta, GA
Oversees all ongoing activities related to the development, implementation, maintenance of, and adherence to the organizations' policies and procedures covering the privacy of, and access to, individual and personally identifiable health information in compliance with federal and state laws and the healthcare organizations information privacy practices.
Serving as the viral Compliance and Privacy Officer for such agencies as, financial agencies, pension fund administrators, clinical laboratories, critical access and rural hospitals, pharmacies, commercial insurance companies, acute care, post-acute care, dental, ambulatory care, home health, hospice, retirement communities, and physician practices.
Managing Security, privacy, and compliance policies and procedures for RFP, sales team / client meetings.
Develop strategic plans to ensure that long-term goals, vision, objectives, and overall direction of the Privacy Office support corporate long-term goals and objectives and determining resource requirements (i.e.; staffing, funding, equipment) based on business objectives or operational needs in conjunction.
Develop and oversee the creation, implementation, and maintenance of privacy and information security policies and procedures at the business unit, consistent with the client corporation’s compliance standards and aligned with the corporate strategy. Development and maintenance of appropriate procedures, forms, and sampling methodologies to appropriately evaluate the areas standing on the criteria and determine compliance findings.
Oversee development and maintenance of the business unit’s incident response program, and function as an incident coordinator in situations in which the program must be implemented
Lead and coordinate government activity and requests for the Privacy / Security and compliance departments. Operate as primary subject matter expert on all privacy and information security issues, including RFP, due diligence fulfillment processes, contract negotiations, regulatory matters, and mergers and acquisitions activities.
Assisting with defining the information security strategic roadmap by interfacing with core business functions and technology teams to identify required future state security capabilities, working with internal information security teams to secure the threat landscape, and considering strategic risk areas of the organization.
Contribute to the collective information security strategy to ensure that future security investments are aligned appropriately when considering key priorities such as business requirements, industry threat landscape, and risk appetite.
Experience in conducting HIPAA Security risk assessment on healthcare agencies and IT operations. Responsible for identifying, managing, controlling, monitoring, and escalating the specific regulatory risks such departments HR, Legal, Risk, and Compliance. Serving as the point of contact for businesses-aligned controls and compliance teams.
Lead the development of an annual Compliance Work Plan outlining the Compliance department’s work activities for the upcoming year. Developing and maintaining a centralized repository for regulatory and compliance efforts related to issue management, corrective action, testing, audit, exams, and regulatory risk reviews for the business-level dashboard and ad-hoc reporting.
Manage a team of HIPAA Compliance Consultants and Information Security Consultants assigned to various KMBS's locations or specialty areas and provide oversight and support to Compliance operations nationwide.
Providing gap analysis between security policies/standards/regulations and practices, processes, and solutions recommend actions. Support and maintain security, HIPAA, and privacy policies. Completing security risk assessments as needed.
Chairs the Corporate Compliance Committee and provides reports regularly, and as directed or requested, to keep the Compliance Committee of the Board and senior management informed of the operation and progress of compliance efforts.
Ensures proper reporting of violations or potential violations to duly authorized enforcement agencies as appropriate and/or required. Designing and implementing processes to identify significant regulatory changes and communicate emerging regulatory risks to business units. Designing and delivering regulatory reporting and assessments across all types of financial, government, health care agencies, and other business, and care systems.
Implements and operates retaliation-free reporting channels and provides direction and management of an anonymous compliance hotline for all employees, affiliates, and vendors.
Responsible for driving and managing a third-party risk management program, including screening and diligence, vendor code of conduct, ongoing auditing, and monitoring.
Monitors the performance of the Compliance Program and related activities continuingly, taking appropriate steps to improve and ensure its effectiveness at preventing and/or detecting violations of law, regulations, policies, procedures, and the Company’s Standards of Conduct.
Provides employee development and feedback through annual performance reviews, audits of work, investigating all complaints concerning the area of responsibility and staff, and taking corrective or disciplinary action if necessary.
Compliance, Privacy & Information Systems Auditor, 08/2014 to 10/2017
Piedmont Healthcare, Inc., Atlanta, GA
Compliance duties and responsibilities:
Manages a small team of specialists to develop and conduct periodic compliance effectiveness assessments (audits) and works with auditee to develop and implement post-audit and/or monitoring recommendations.
Collaborates with auditee to develop and articulate clear short-and long-range corrective action plans.
Partners with senior and regional leadership to identify, manage, and mitigate compliance risks in existing and emerging healthcare areas. Leads the annual and ongoing compliance risk assessment process.
Manages a small team of specialists to track and monitor enterprise-wide external surveys; develops key performance indicators and trends to be able to leverage insights and identify compliance risks.
Develops, prepares and presents clear reports for regional leadership, compliance committees, and business units.
Develops and mentors a small team of audit specialists through on-boarding, open communication, training/development opportunities, and performance management processes; and fosters a diverse and inclusive workplace.
Key responsibilities included the design, guiding, and assisting in the execution of the Compliance program. Work collaboratively with and lead senior compliance department leadership and program team in the development and improvement of the compliance and ethics program.
Develop goals and plans for the department, including work prioritization and performance goals; routine meetings to discuss work activities and goals, establishing career progression standards and developing training programs
•Advised senior management and operational leadership on issues concerning compliance and ethics matters including recommending controls designed to ensure compliance.
Created & supported compliance monitoring and audit efforts including field monitoring, reviewing data, drafting reports, compliance investigations, incident investigations, and collaborating with team members to identify instances of noncompliance or misconduct and to implement corrective actions, and verify the effectiveness of corrective actions post-implementation. Conducted investigations to the extent requested, including conducting reviews of documentation, conducting interviews, and drafting reports.
Was responsible for the day-to-day Privacy operations and program management of the Compliance program. Support the Chief Compliance Officer in the evaluation and management of the effectiveness of the compliance program. Assist compliance teammates, regulatory attorneys, and business clients in identifying and resolving compliance matters. Interpretation and application of the Anti-Kickback Statute.
Developed and monitored the effectiveness of the compliance program across all entities and departments. Facilitating ongoing compliance education and training across the company and serving as a resource partner.
Conducted compliance education and training, either in-person, by video, or online, on a variety of compliance topics during New Hire Orientation, Annual employee training, presales and sale meetings, and any other supplemental training according to business need and customer request.
Assisting the Chief Executive Officer in investigating and acting on reports of allegations concerning possible unethical or improper business practices and monitoring subsequent corrective action and/or compliance. Assure compliance with federal and state privacy regulations, including DOJ, OCR, OIG, GDPR, PCI, GLBA, HIPAA – privacy and security, HITECH, NIST, SOC, other state healthcare-related laws, and the organization’s privacy and security policies and procedures. Auditing and monitoring the effectiveness of the exclusion screening process.
Assist with the Threat & Vulnerability Management process and tools.
Prepare automated and ad hoc reports and/or interpret data from various security tools and sources.
Assist with application data inventory, mapping, and development of data flow process documentation.
Identifying, documenting, and implementing security technology, remediation measures, and risk reduction opportunities.
Monitoring and or administering appropriate access, policies, procedures, and corrective action plans for security systems and applicable encryption methods.
Conducted HIPAA privacy assessments, OCR audit readiness reviews and mock audits, healthcare compliance program assessments, research program assessments, and respond to related department manager and staff inquiries from healthcare clients
Conducted in-person, detailed interviews with client representatives, including privacy officers, general counsel, health information management, and other compliance officers and directors.
Presented clients with assessment results, recommendations, and priority initiatives at on-site or remote workshops/meetings.
Assisted the Department Director with table top exercise design, implementation and testing.
Supported the Vice President of Compliance and Sr. Director of Compliance and Privacy to develop and successfully implement compliance initiatives and activities for special programs operated by the Compliance Department.
Develops plans, establishes, and monitors progress on projects within a variety of IT department activities toward tactical objectives and goals. Initiates projects by participating in planning and implementation activities such as work/organization breakdown structure development and responsibility assignment matrix development to meet internal or external requirements. Gathers and develops estimates.
Developed, initiated, maintained, and revised policies and procedures for the general operation of the compliance program and its related activities. Responded to alleged violations of rules, regulations, policies, procedures, and standards of care by evaluating or recommending the initiation of investigative procedures to CPO and Executive Director of Compliance and Privacy.
Financial Ops Specialist (Program Manager), 1/2010 to 12/2013
Department of Community Health, Atlanta, Georgia
Identified and appropriately communicated audit issues to management, offering recommended solutions that address risks and are relevant to the business. Drafted the audit report and recommendations assuring sufficient clarity and conciseness, grammatical, and spelling accuracy.
Initiated and lead the planning process, coordinates information-gathering meetings, researches operational and financial data for the relevant project. Obtained an understanding of, and documents, business processes.
Developed the audit programs. Provided guidance to and oversees the work of assigned auditors, while ensuring each project is conducted efficiently and effectively. Managed project to quality outcomes; ensured audits and reports are structured and conform to established methodology and quality expectations. Reviewed audit evidence to draw appropriate conclusions regarding the state of the control environment, while maintaining a peripheral view of the organization.
Utilized data analytics to enhance risk identification and quantification, and to provide valuable business intelligence to management. Prepared materials for meetings of the Audit and Compliance Committee of the Board of Trustees.
Reviewed draft report, in conjunction with work papers, and made edits and updates as necessary to present a clear and effective report for executive- and Board-level audience; worked collaboratively with department management in reviewing and updating the final draft of the report before issuance.
Identified and appropriately communicated audit issues to management, offering recommended solutions that address risks and are relevant to the business.
Participates in the analysis of Privacy policies and procedures, including scoring systems, strategic priorities, external influences, current regulatory focuses, previous examination findings, and input from Audit and Legal, to develop a clear understanding of the Bank's privacy issues as and risks.
Assists with the development and execution of strategies for closing gaps in privacy.
Assess the adequacy of the business units'/affiliate's recommended corrective action to the issues or gaps identified.
Participates in meetings with peers to build and maintain knowledge of current and emerging issues and risks in the environment.
Participates in the vendor due diligence review process.
Responds to Privacy incidents providing oversight to the lines of the business ensuring Privacy compliance with state and federal laws.
Assists with the development, implementation, and maintenance of company policies, procedures, and job aids by researching and monitoring changes in regulatory requirements.
Meet daily, weekly, and monthly internally specified requirements surrounding successful productivity requirements without compromising work quality.
Review and validate third-party originator applications and documents required to complete verification and due diligence of the third party.
Effectively manage internal team expectations and timelines.
Ensuring potential or actual regulatory compliance or operational risks are addressed in terms of their criticality.
Review grant applications and grant account payables and receivables to ensure acceptable compliance standards are maintained and loans conform to established policies.
Accurately assess and reports the practices of the Bank’s lending areas (loan origination and loan servicing) to confirm adherence to the lending compliance policies and procedures as well as established quality control procedures and standards.
Responsible to study and understand all lending compliance regulatory changes and implementing timely changes in grant requirements and servicing practices or service policies and procedures.
Oversee self-testing measures and reports to the Compliance and Audit Committees on the effectiveness of lending compliance programs for grant origination/servicing and other grant-related functions.
Reviews the work of finance employees to ensure that prudent internal controls are maintained.
Responsible to monitor and assist various departments to control risk associated with other financial and grant management areas of compliance.
Evaluate the controls established to safeguard assets as well as test their existence on a random and periodic basis. Develop and implement auditing programs and procedures for the organization.
Ensure that financial policies and procedures are being properly carried out and provide management with objective information with which to assess its operating practices.
Review the impact of new compliance programs or proposed changes in accounting and data processing systems before their implementation and assist in change management practices of the organization.
Complete and/or ensure all audit and security policies and procedures are followed following state treasury banking policies and Federal Regulations. Responsible for identifying and properly reporting fraudulent and suspicious financial activity.
Perform pre-funding and post-closing quality control audits of grants. Generate and review reports related to quality control audits and provide actionable insight to management regarding findings of quality control audits.
Follow up on findings of quality control audits, including, but not limited to, staff training, updated processes, additional monitoring, and overall action plans.
Director, Quality Improvement
APS Healthcare, College Park, GA 2009-2010
Oversees, directs, delivers, or ensures delivery of initial and privacy training and orientation to all employees, volunteers, medical and professional staff, contractors, alliances, business associates, and other appropriate third parties. Participates in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
Director, Data Analysis and Reporting, 2007-2009
Department of Community Health, Atlanta, Georgia
Develops and maintains enterprise data risk and compliance policies. Assumes ownership for enterprise programs that promote risk management. Ensures operational compliance and guidance about governance, data security and privacy, ethical business practices, and the financial services industry.
Develop security strategic program frameworks by collecting and analyzing a broad set of internal and external references, perspectives, and priorities. Analyze market and industry trends and adjust security strategy accordingly.
Collaborate with multiple lines of business and internal IT groups in evaluating and gathering technical requirements for business clients’ information security initiatives.
Communicate and document potential solutions, impact analysis, benefits/risks, implementation requirements, and recommended approaches. Development of policy and standards as well as regulatory requirements regarding reporting and escalations, vulnerability management assessments.
Contact this candidate