About the position
The Privacy Manager is part of the privacy compliance team and supports general administration and management of the systemwide activities related to safeguarding patient and non-patient data sources. The Manager will be responsible for managing organizational initiatives, programs, and services that collect, access, use, disclose, and exchange information where data must be protected and in compliance with the various laws and regulations governing data privacy. The daily function of the Manager is identifying, reviewing, analyzing, tracking, managing, monitoring, and auditing various data privacy-related programs and activities systemwide to support regional and corporate efforts utilizing a risk-based and regulatory approach. The Manager will support the compliance department in standardizing the organization's data exchange, access control, and business associate programs to create pathways for centralized models and solutions.
Responsibilities
- Serves as the escalation point role for privacy audits and investigations.
- Provide support in reviewing and managing system-wide policies and procedures related to privacy program activities.
- Provide support in developing and managing standard internal workflow processes and standard operating procedures (SOP) relating to privacy program activities.
- Serve as a resource for other teams to provide guidance for programs that receive, store, or exchange data in compliance with relevant federal and state data privacy protection laws.
- Responsible for overseeing, managing and maintaining applicable databases and repositories for business associates and related agreements.
- Responsible for assisting with the development, evaluation, implementation and response to systemwide privacy auditing and monitoring activities.
- Manage, document, and respond to data privacy and security risk assessments.
- Perform privacy investigations in coordination with business partners and other stakeholders.
- Conduct data analysis, interviews, and mitigation to inform the investigative process.
- Perform a detailed analysis of investigative findings, breach risk assessment and document findings of all privacy investigations.
- Coordinate with other departments in providing regulatory guidance in support of data privacy protection activities.
- Monitor key regulatory changes and activities impacting health care to inform compliance activities specific to data privacy protections.
- Perform, manage, and execute other duties as assigned.
Requirements
- Bachelor's degree.
- 3 years of health care privacy experience.
- Strong project management skills.
- Strong working knowledge of computers.
- Strong oral and written communication skills.
- Strong knowledge of healthcare privacy laws and regulations (e.g., HIPAA, HITECH).
- Ability to manage third party privacy and data security risk assessment relationships.
- Strong analytical and problem-solving skills.
- Ability to assess, analyze, interpret, and report data, metrics, and trends.
- Ability to conduct and supervise audits and investigations and document findings.
- Ability to evaluate audit and investigation findings to determine compliance with policy and regulations.
- Ability to effectively handle patient concerns.
- Proficient in Microsoft Office (Excel, Word, PowerPoint, OneDrive, etc.).
- Strong database management and administration skills.
- Organizational and planning skills with the ability to handle multiple tasks simultaneously.
- Ability to operate successfully in a constantly changing, fast-paced environment.
- Ability to work independently and maintain a high level of confidentiality.
- Certification in Health Care Privacy or certification within 1 Year.
Nice-to-haves
- Master's or higher-level degree in related field.
Benefits
- Benefits from Day One
- Career Development
- Whole Person Wellbeing Resources
- Mental Health Resources and Support
