A Privacy Officer – Up Close & Personal
July 24, 2018

Interview with Regional General Hospital’s Chief Privacy Officer Heather Thompson

Privacy Officer, one of the most challenging and critical but important roles in the healthcare industry. It is a role that warrants someone to have great multi-tasking skills as he or she wears several hats.

As a Privacy Officer, one reports directly to the CEO or head of the hospital or facility.

So what makes you qualified to become a Privacy Officer?

  • Knowledge of the HIPAA, privacy laws, the release of information, and the flow of the protected health information (PHI) within the facility.
  • Ability to demonstrate organizational, facilitation, communication, and presentation skills
  • Ability to read, comprehend, and apply guidelines and laws to the current entity and to day to day situations

We had the privilege to come close and personal to Regional General Hospital’s (Williston, Florida) Chief Privacy Officer, Heather Thompson. RGH is a Rural, Critical Access facility in North Central Florida. Below is the Question and Answer script from that Interview.

Question: What drove you to this career? And what was your previous role prior to taking the CPO role?

Heather: I have been in the healthcare profession for most of my working career. I have worked in a variety of healthcare settings such as hospitals, retirement homes, and home health facilities. So, taking on the Privacy Officer role was a challenging opportunity in my professional development.

Question: What do you think would be the most suitable qualifications to become a privacy officer?

Heather: As a Privacy Officer, I think you should have strong communication and listening skills.  You must have a strong understanding of the healthcare industry and work with patient information. You must have a strong understanding of HIPAA  and finally have an analytical approach.

Question: What do you think should be the educational requirements to become a privacy officer?

Heather: Experience in the Health Care Industry / Knowledge of Risk Management / Knowledge of Health Information/ Professional HIPAA Privacy Training and Certification

Question: Who are the main or key persons you work with within your organization who help you the most in your role as a privacy officer?

Heather: That would be the Chief Executive Officer (CEO), I.T., Risk Management, and Human Resources

Question: From the time you have assumed this responsibility till this day, what do you think are the major aspects of your role that has evolved a lot over time?

Heather: There is an expanding variety of knowledge and skills, and as regulatory guidelines and technological safeguards have advanced, our roles as Privacy Officers have grown in importance within our organizations.

Question: What do you think is the most difficult part of your role? How are you able to overcome this difficulty and be successful in performing it?

Heather: Adapting to the changing of laws and of course the ever-changing advance in technology. I adapt by continuing to educate myself and having the willingness to adapt to all the changes that may come. Also, by accepting and learning from all the challenges that come my way.

Question: For the future Privacy officers out there or those who wish to traverse this career path, what is your advice for them to succeed in this role?

Heather: To have good organization skills, judgment, problem-solving skills, communication skills, listening skills, and compassion for others. Also, to have a desire to continue to educate yourself and have the willingness to learn.

Question: Can you give us your top 3 reasons if you were asked why should a company or organization particularly in the Healthcare industry, have a privacy officer?

Heather: First and most importantly, to protect and ensure patients’ rights and information. Second, to help maintain administrative and compliance requirements. Third, to keep your organizations employees educated on patient privacy and education of the advancement of security and other safeguards.

Question: Can a healthcare organization afford not to have a privacy officer like in the case of rural hospitals? Can they opt not to have one for their organization? Then why or not?

Heather: I believe an organization can’t afford to not have a Privacy Officer. Privacy is about respecting people, and people having trust. If a person does not trust someone, you may lose their relationship. In turn, a business such a small Rural Hospital will lose patients due to lack of trust and respect. It can then lead to a bad reputation and morale of the organization.

Question: How do you help create a culture of compliance for privacy and security of PHI and ePHI within your organization?

Heather: I think a good way to create a good culture, is to give employees all the tools and resources for keeping up with knowledge and education. If we continue to create a positive and creative way to educate employees… they will have a good understanding and feel comfortable with compliance. It becomes a natural habit of their work day, and not something they feel is a stressful challenge.

We would like to thank Heather for giving us these informative insights about her role as Chief Privacy Officer.  HIPAA Guard initiatives are and will always be focused on supporting the core team like Heather’s team in attaining full HIPAA and HITECH compliance. We will continuously strive to ensure everyone involved in operating your hospital and health system be fully committed to compliance. Our job becomes much easier if we have people like Heather who are dedicated to working with us as we work towards the same goals.

Share Us on: