Position Classification Description

Position Class Code / Title: A7072 / Privacy Officer/HSC
Recruitment Tier: Tier 1
FLSA: Exempt
Grade: 17

This is a description of a Staff Position Classification. It is not an announcement of a position opening. To view descriptions of current openings, please go to UNMJobs and Search Postings to view positions that are currently accepting applications.

The following statements are intended to describe, in broad terms, the general functions and responsibility levels characteristic of positions assigned to this classification. They should not be viewed as an exhaustive list of the specific duties and prerequisites applicable to individual positions that have been so classified.


Oversees all activities associated with the development, implementation, and administration of Health Science Center policies and procedures covering the privacy of, and access to, patient health information. Monitors and ensures organizational compliance with Federal and State laws, regulations and standards.

Duties and Responsibilities

  1. Oversees the establishment, implementation, maintenance of, and adherence to privacy policies and procedures for the HSC; continually ensures that policies and procedures are in current compliance with Federal and State laws and regulations and are consistent with overall HSC and University policies.
  2. Coordinates with other HSC departments and constituencies regarding the review of practices that may impact on HSC compliance with the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA).
  3. Modifies and updates all HSC privacy policies and statutory communications as required, in consultation with the Office of the University Counsel and the HIPAA Oversight Committee.
  4. Performs periodic privacy risk analyses, internal audits, and assessment of HSC policies and procedures, staff activities, and training programs; determines remediation priorities and resources necessary to address existing or potential privacy issues and problems.
  5. Works with legal counsel, senior management, and other key HSC representatives to ensure that appropriate privacy documentation and other informational materials pertaining to HSC privacy policies and legal requirements, are distributed and maintained throughout all HSC components.
  6. Serves as principal point of contact with respect to receipt and disposition of privacy complaints and the provision of information regarding HSC privacy practices.
  7. Participates in the establishment and application of appropriate sanctions for HSC and associated faculty/staff and business associates for failure to comply with privacy policies and procedures.
  8. Establishes mechanisms to track access to patient health information, as required by law; works with internal and external agencies in the oversight of patient rights to inspect, amend, and restrict access to health records.
  9. Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints and issues pertaining to HSC privacy policies and procedures.
  10. Documents all corrective action undertaken to mitigate the effects of inappropriate use or disclosure of patient health information.
  11. Participates in the development, implementation, and monitoring of all business associate agreements to ensure that all privacy concerns, requirements, and responsibilities are addressed.
  12. Directs and ensures delivery of orientation training on privacy policies and procedures to all appropriate faculty and staff, contractors, business associates, and other applicable constituencies; coordinates and provides leadership in the development, implementation, and promotion of privacy awareness programs and initiatives.
  13. Prepares and presents periodic and ad hoc reports on the current status and future requirements of the privacy compliance program on behalf of all HSC departments and components.
  14. Maintains and ensures currency of all records pertaining to HIPAA policies and procedures, Notices of Privacy Practices, and all related educational materials developed and implemented.
  15. Reviews all electronic information system security plans throughout the HSC, and works with HSC IT representatives to ensure that data security practices are consistent with privacy requirements.
  16. Cooperates with the Office for Civil Rights, other legal entities, and internal officials to facilitate compliance reviews or investigations, as necessary.
  17. Serves as Chair of the HIPAA Oversight Committee; serves as member of or liaison to the HSC IRB.
  18. Performs miscellaneous job-related duties as assigned.

Minimum Job Requirements

  • Bachelor's degree; at least 7 years of experience directly related to the duties and responsibilities specified.
  • Completed degree(s) from an accredited institution that are above the minimum education requirement may be substituted for experience on a year for year basis.

Knowledge, Skills and Abilities Required

  • Ability to develop and maintain recordkeeping systems and procedures.
  • Strong verbal and written communication skills and the ability to present information effectively to groups.
  • Skill in examining and re-engineering operations and procedures, formulating policy, and developing and implementing new strategies and procedures.
  • Knowledge and understanding of HIPAA and related Federal and State privacy laws and regulations.
  • Knowledge of computerized information systems used in compliance applications.
  • Strong analytical and critical thinking skills and the ability to analyze, summarize, and effectively present data.
  • Strong interpersonal skills and the ability to effectively work with a wide range of individuals and constituencies in a diverse community.

Working Conditions and Physical Effort

  • No or very limited physical effort required.
  • No or very limited exposure to physical risk.
  • Work is normally performed in a typical interior/office work environment.

The University of New Mexico provides all training required by OSHA to ensure employee safety.

Revised Date: