Acelity Careers

HIPAA Payor Compliance Manager

San Antonio, United States of America
Legal & Regulatory

Job Description

Payor Compliance & HIPAA Privacy Manager Job Description


The Payor Compliance & HIPAA Privacy Manager job position reports to the Director of Payor Compliance. This position has the responsibility for the development, implementation, and daily operation of the Payor Compliance Privacy program in accordance with KCI HIPAA policies and procedures, ensuring regulatory compliance with applicable HIPAA/HITECH laws, state privacy regulations, CMS DMEPOS Supplier Standards, and CMS DMEPOS Quality and Accreditation Standards.


  • Policies:         Assist in the development, implementation and maintenance of policies and procedures related to KCI’s Payor Compliance, HIPAA & HITECH programs
    • Assist operational units in properly integrating HIPAA/HITECH controls into daily workflow according to KCI policies.
    • Periodically review of workflows to validate controls including those in an offshore shared services environment (Budapest SSC).
    • Ensure that KCI has implemented the necessary components of the HIPAA Privacy and Security Rules as they relate to our patients, employees and business associates including oversight of Notice of Privacy Practice and Authorization to Release information forms.
    • Execute, collect, and store Business Associate Agreements for all necessary KCI relationships. 
    • Apply and maintain a strong working knowledge of applicable federal and state payor regulations and privacy laws.
  • Investigation:  Investigate, document and mitigate non-routine disclosures of protected health information made by KCI personnel or its Business Associates.
    • Managing privacy incidents, including gathering relevant data from the reporter, ensuring a root cause analysis is performed, ensuring remediation requirements are identified, escalating within the department as necessary, and assisting to develop and monitor corrective action plans associated with incidents, including sanctions by working with HR.
    • Assist with the investigation and response to any compliance reviews or investigations conducted by the U.S. Department of Health and Human Service’s Office of Civil Rights or other regulatory bodies, Business Associates and Covered Entities
  • Training:  Oversee organizational educational efforts to meet both CMS and HIPAA requirements. 
    • Ensure that annual and new hire training modules are developed, implemented and provided appropriately.
  • Audit & Monitoring:  Respond to Offshore Certifications from Payors and requests for additional information on KCI software/applications, or HIPAA policies & procedures.
    • Complete all Payor and Client audit and attestation requests, which includes assembling evidence of compliance policies, training records and similar matters, responding to questions and attending live facility customer meetings when requested.
    • Monitor Order-to-Cash and Service Ops workflows for HIPAA controls.
  • Risk Assessment:  Serve as project manager for assigned Payor Compliance & Privacy initiatives, including Privacy risk assessment, mitigation efforts and corrective action plan oversight.
    • Evaluate Business Associate’s ability to comply with the HIPAA Security standards by identifying Business Associate relationships, performing due diligence to assess KCI Business Associate’s HIPAA readiness and controls in place to protect PHI.
  • Communications:  Build and maintain positive relationships with key process personnel across KCI’s US Acute & Post-Acute business.
    • Communicate changes to regulations to business owners.
    • Work with offshore Shared Services Center (Budapest SSC) business process owners to ensure KCI controls are maintained according to HIPAA & HITECH requirements.
    • Serve as primary sponsor for KCI’s privacy and security committee and provide routine updates on compliance efforts to Senior Leadership and Privacy Officer



  • Bachelor degree preferred (in a related field e.g. Healthcare Administration, Records Management, Data Privacy, etc.). Associate degree accepted with equivalent 4 years work experience in healthcare data privacy or records management related field.
  • At least 3 years’ managing Compliance or Data Privacy efforts in a healthcare covered entity, with preferred minimum of 2 years managing a HIPAA/HITECH program.


  • Prior responsibility as a Privacy Officer for a healthcare organization
  • Healthcare Privacy Certification (CHCP) or equivalent


  • Ability to lead professionals through influence and collaboration, conveying a positive, service- oriented attitude while working with stakeholders
  • Ability to work both independently and in a team environment.
  • Ability to completely maintain confidentiality and discretion in business relationships and exercise sound judgment.
  • Ability to work in a fast-paced environment while demonstrating flexibility, commitment to teamwork and a willingness to change assignments to meet departmental needs as required.
  • Experience interacting with an offshore shared services or healthcare BPO service provider, a plus
  • Proficient in team building, conflict resolution, group interaction,
  • Excellent skills in complex analytic problem solving, ability to drive total quality improvement initiatives, identify weaknesses in controls and process, plan remediations and execute plan to successful mitigation
  • Proficiency with MS Office applications including Word, Excel, PowerPoint and Access
  • Demonstrated organization, facilitation, communication and presentation skills
  • Travel possible 20% to monitor Privacy controls in billing Center, SSC locations and Business Associate locations

The information listed above is not a comprehensive list of all duties/responsibilities performed.

This job description is not an employment agreement or contract.  Management has the exclusive right to alter this job description at any time without notice. 

The information listed above is not a comprehensive list of all duties/responsibilities performed. This job description is not an employment agreement or contract. Management has the exclusive right to alter this job description at any time without notice. Any physical and mental requirements described in this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. EOE AA M/F/Vet/Disability: Acelity L.P. Inc. and its subsidiaries are an equal opportunity and affirmative action employer and give consideration for employment to qualified applicants without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, pregnancy, national origin, age, disability, veteran status, or genetic information or any other legally protected characteristic. If you'd like more information about your EEO rights as an applicant under the law, please click here: VEVRAA Federal Contractor