skip to main content

Important Notice

It appears you are using an older version of your browser. While some functions will be available, works best with a modern browser such as the ones provided by:

Please download and install the latest version of the browser of your choice. We apologize for any inconvenience.


Click the Facebook, Google+ or LinkedIn icons to share this job with your friends or contacts. Click the Twitter icon to tweet this job to your followers. Click the link button to view the URL of the job, which then can be copied and pasted into an e-mail or other document.

Job Details
Job Order Number
Company Name
Mercy Health Corporation (Mercyhealth)
Physical Address
2400 North Rockton Avenue
Rockford, IL 61103
Job Description

This position is working out of the Rockford Rockton Campus


Establishes and maintains a detailed working knowledge of privacy and security regulations applicable to MHS operations. These include Wisconsin, Illinois and federal medical privacy regulations. Actively applies regulatory knowledge to daily operations. Performs and documents privacy risk analyses applying criteria of breach presumption and exclusion criteria. Develops recommendations for risk mitigation actions following substantiated breaches of unsecured PHI. Performs other duties, as assigned.


  • Establishes and maintains a detailed working knowledge of privacy and security regulations applicable to MHS operations, including Wisconsin, Illinois, and federal medical privacy regulations.
    Actively applies regulatory knowledge to daily operations.
    Performs and documents privacy risk analyses applying federal breach presumption and exclusion criteria.
    Develops recommendations for risk mitigation actions following substantiated breaches of unsecured PHI. Develops breach notification letters to patients.
    Coordinates implementation of risk mitigation actions.
    Maintains familiarity with MHS protected health information (PHI) containing information systems in order to correlate date from multiple systems for privacy audits.
    Develops and applies audit criteria, replying on privacy industry best practices. Produces audits of various system activity and places results within context.
    Demonstrates application of logic and sequential ordering to privacy investigations.
    Performs ongoing audit monitoring of high profile cases.
    Correlates multiple variables to determine patterns of access, use and disclosure and identify potential areas of risk.
    Develops privacy interview questions and follow-up questions.
    Leads privacy interviews with Human Resources representatives and runs audits based on questions and responses within the interview. Gathers information from multiple systems and interviews, analyzes responses, and draws working conclusions. Tests conclusions through further investigation.
    Documents all aspects of privacy investigations.
    Works with appropriate partners to identify HIPAA privacy concerns; investigates and mitigates risk.
    Administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints received from various sources. Analyzes and presents reports and recommendations to the appropriate department for improved workflows of partner’s in terms of electronic medical record access.
    Interviews patients and families with privacy inquiries. Provides teaching to these constituencies about Mercy and other privacy regulation expectations.
    Maintains the Mercy Notice of Privacy Practice and other required privacy documentation. Distributes to locations appropriately.
    Refers summaries of privacy variances with recommended actions to the Privacy and Security Officers.
    Applies regulatory language to determine whether agencies meet business associate criteria.
    Initiates contact with external parties to initiate and maintain current business associate log and agreements.
    Compares external BA agreements to the Mercy standard to determine differences and recommend mutually agreeable provisions.
    Maintains detail-oriented attention to regulation response timeframes for privacy inquiries, requests for amendment, requests for restrictions and requests for alternatives communications.
    Participates in the development and teaching of privacy educational materials.
    Serves as a key resource to the Mercy workforce for privacy questions. Provides expertise and records advice given for future reference. Schedules, prepares agendas, materials and minutes for the CAPS meetings.
    Assembles privacy complaint responses, bringing forth multiple sources of information for an accurate and prompt response.
    Identifies trends in privacy issues by reviewing inquiries and makes recommendations based on findings. Accurately records patient event data, analyzes and trends the data to plan and develop educational tools and training. Works collaboratively with facility and system leadership.
    Assists in compilation and organization of privacy and security policies and procedures.
    Reviews federal notices of proposed rulemaking to determine potential impact on provider privacy practices.
    Reviews and makes recommendations regarding Epic Break the Glass functionality.
    Reviews, analyzes and makes recommendations regarding Epic Quick Disclosure functionality.
    Reviews, analyzes and makes recommendations regarding Epic CareEverwhere functionality.
    Reviews and analyzes UW Health CareLink reports and alerts UW Privacy department with concerns.
    Works closely with Legal, Corporate Compliance, Human Resources, and Customer Relations related to privacy inquiries and investigations.


To perform the job successfully, an individual should demonstrate the following competencies:

Quality – Follows policies and procedures; Adapts to changes in the environment; Demonstrates accuracy and thoroughness; Looks for ways to improve and promote quality; Applies feedback to improve performance.

Service – Responds promptly to requests for service and assistance; Meets commitments; Abides by MHS confidentiality and security agreement; Shows respect and sensitivity for cultural differences. Demonstrates excellent customer service skills.

Partnering – Supports organization’s goal and values; Exhibits objectivity and openness to other’s views; Gives and welcomes feedback; Contributes to building a positive team spirit; Generates suggestions for improving work.

Cost – Conserves organization resources. Looks for ways to improve processes and lower cost.


Bachelor degree in healthcare or business related program required.
Completion of AHIMA approved Privacy training required.
Familiarity with HIM principles, terminology, and workflow.
Proficiency in Word and Excel, with specific experience in data sorting.
Three years’ experience working within an acute care HIM department.


HIM or other related certifications preferred.


Passing the Driver’s License Check and/or Credit Check (for those positions requiring).

Passing the WI Caregiver Background Check and/or IL Health Care Workers Background Check.

Must be able to follow written/oral instructions.

,Other skills and abilities

Knowledge of HIPAA, American Recovery and Reinvestment Act (ARRA), HITECH (Health Info Technology for Economic and Clinical Health), and Omnibus Rules/Acts. Strong analytical skills to effectively perform confidential privacy investigations, including preparing data and enforcing follow-up with other departments. Must possess excellent oral and written communication skills.


The noise level in the work environment is usually moderate. Occupational Exposure is Category C. No employees in the specified job classifications have occupational exposure.


Partner may access partner and patient care information needed to perform their job duties.

Department supervisor, vendors, physicians, and other hospital clinic personnel.


The Special Physical Demands are considered Essential Job Function of the position with or without accommodations.
While performing the duties of this job, the employee is regularly required to sit and use hands to finger, handle, or feel, hear and talk. The employee may occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision. Occasional standing, walking, and reaching with hands and arms.

Some independent judgment is required, but alternatives are limited by standard practices or procedures.

This job has no supervisory responsibilities.

EOE&AA/M/F/Vet/Disabled. Mercy is an equal employment opportunity employer functioning under Affirmative Action Plans.

To view full details and how to apply, please login or create a Job Seeker account.