Reporting to the Director of Privacy Compliance, this role requires excellent organization, communication, contract review, investigations, process improvement, analytics, and project management skills. This position requires a flexible team player to effectively prioritize multiple projects simultaneously under time-sensitive deadlines, and adapt quickly to changing priorities. In addition, successful candidate will assist in:

• The review, analysis and resolution of business associate agreements and other privacy-related contract inquiries by members of the organization, as necessary to ensure safeguarding of protected health information in compliance with applicable state and federal laws and regulations.
• The development and implementation of privacy controls. This includes but is not limited to collaborating with other business functions to understand relevant business processes and operations with privacy implications; performing periodic reviews and, as necessary, updating existing policies and procedures to ensure continuous improvement of privacy practices, processes, and controls;
• Tracking privacy legislation, conduct and summarize research when needed on relevant privacy law and regulations and assist in managing compliance with relevant privacy and data protection laws, including implementation of new requirements;
• The development of privacy trainings and awareness campaigns to further promote privacy awareness, conducts privacy training and communicates best practices throughout the organization;
• Investigating and assessing privacy incidents, responding to patient concerns/ caller hotline concerns, document findings of suspected and reported violations of laws and policies, assist with the remediation of privacy issues and necessary notifications, track, validate and document mitigation actions. Acts as liaison in joint investigations with other location resources. Identifies, escalates, and follows up on privacy issues that require investigation, resolution, and/or legal action.
• The development and implementation of monitoring and audit action plans to maintain compliance with regulatory bodies, policies and procedures;

The successful incumbent will use audit tools to assess compliance of privacy and security of patient and health related information at all levels of complexity. Reports on processes and practices compliance with external regulatory agencies. Analyzes privacy and compliance data and metrics to identifies patterns or trends. Prepares recommendations for business process changes to drive privacy compliance. Works with stakeholders, legal counsel and Information Security to identify and summarize privacy risks and remediation plans.

Participates or leads privacy committee meetings and task forces. Represents the privacy division at meetings, advocating for outcomes that will ensure the program maintains compliance. Collaborates with Cross-functional teams and department staff and management, physicians, and external agencies. Build/maintain strong relationships throughout the organization for ongoing dialogue with partners to ensure that organization informed of regulatory or policy changes.

This challenging position provides frequent opportunity to interface with employees and managers at various levels across the organization. The successful candidate must possess high standards of legal and business ethics and a demonstrated ability to understand technology, independently problem solve, analyze large quantities of data, and clearly summarize and communicate facts. Supports privacy related projects and duties as assigned.

• Seven (7) years of related experience, education/training, OR a Bachelor's degree in related area plus three (3) years of related experience/training. Related Experience Includes: Administration of data privacy and record information management policies, creating or maintaining data inventories, records release, contracts review, risk mitigation, data loss risk prevention.

• Experience and proven success in federal and state laws pertaining to privacy and information security (including HIPAA, the Information Practices Act, and Confidentiality of Medical Information Act) and medical center policies.

• Adept at working on multiple items at once, tracking each so none are dropped.

• Extremely detail-oriented

• Experience in healthcare privacy compliance.

• Certified in Healthcare Privacy Compliance (CHPC) or other compliance/ethics certification such as: Certified in Healthcare Compliance (CHC), Certified Information Privacy Professional (CIPP), Certified in Healthcare Privacy and Security (CHPS).

• Candidate must obtain one compliance/ethics certification, such as CHPC within one year of employment.

• Must be able to work various hours and locations based on business needs.

• Employment is subject to a criminal background check and pre-employment physical.