Compliance Analyst

About The Position

Requirements

• Bachelor's Degree
• 3 Years Experience in privacy regulations such as HIPAA, Texas state privacy laws, and/or other federal information privacy laws.
• Prior experience in auditing/monitoring access to information in clinical applications.
• CHPC - Certified in Healthcare Privacy Compliance 12 Months Req Or CHC - Certified in Healthcare Compliance 12 Months Req Or Other CHPS - Certified in Healthcare Privacy & Security 12 Months Req
• Knowledge of HIPAA Privacy and Breach Notification Rules, including breach risk assessment methodologies.
• Ability to interpret and apply federal and state privacy regulations to operational workflows and compliance strategies.
• Strong analytical skills for proactive access monitoring, incident investigation, and risk identification.
• Ability to manage multiple privacy-related projects and contribute to program development and continuous improvement efforts.
• Proficiency in preparing reports, summaries, and metrics for leadership and regulatory bodies.
• Demonstrated professionalism in handling sensitive information and providing consumer service to internal and external parties.
• Strong interpersonal, problem solving, decision making, multi-tasking, written, verbal and presentation skills; analyzing and understanding technical material; technical computer software proficiency.

Nice To Haves

• Master's Degree Healthcare or other related field

Responsibilities

• Conduct access audits related to electronic medical records (EMRs) and other ancillary PHI systems.
• Identify questionable EMR access patterns through analysis of proactive auditing reports.
• Investigate and document privacy-related matters, escalating complex or high-risk matters to the Privacy Manager for joint oversight, ensuring thorough analysis, documentation, and resolution in accordance with regulatory and organizational standards.
• Conduct intake and initial assessment of privacy incidents, evaluate breach potential through structured risk assessments, and support breach response activities, including documentation, mitigation, and patient and regulatory notification when required.
• Conduct on-site walkthroughs and audits at various entities to assess compliance with HIPAA privacy standards and organizational policies.
• Collect, analyze, and synthesize privacy-related data and metrics to develop reports for department use, leadership, and committees.
• Assist in the identification of additional reports needed from the EHR system (CareConnect) to detect breaches and support the development of focused audits.
• Respond to questions from employees, patients, and consumers related to HIPAA, privacy policies, breach reporting, restrictions, confidential data transfers of PHI and PII, amendment requests, etc.
• Develop privacy related communications and create, deliver, and track privacy training programs.
• Develop, review and update privacy policies, procedures, guidance documents, and standard operating procedures to ensure alignment with HIPAA and other applicable privacy regulations.
• Assist with implementation of procedures to ensure compliance with Privacy-related policies.
• Work collaboratively with IT Security, Legal, Human Resources, and other internal stakeholders to address privacy-related concerns, inquiries, and investigations.
• Participate in privacy-related projects and work plans items.
• Support and assist the Privacy Program Manager and System Privacy Officer, as needed, in developing and implementing privacy program initiatives and responding to potential privacy incidents.
• Remain current with federal and state privacy laws and regulations; support compliance monitoring efforts and recommend program enhancements based on regulatory changes.
• Perform other duties as assigned.