Privacy Analyst

Rush University Medical Center•Chicago, IL

51d•Hybrid

About The Position

Provides project support to HIPAA Privacy and Security efforts of the Corporate Compliance Department supporting Rush. Provides data reporting and analysis of Privacy Office activities for internal and executive reporting. Serves as the lead auditor of access to ePHI throughout the enterprise, to include administration of an automated access auditing capability. Implements technology, including database design, for the tracking of HIPAA privacy and security activities and reports on metrics. Conducts analysis of risk through assessment activities for HIPAA Privacy and Security, including EOC rounds. Provides administrative support to the department and coordinates with other departments and activities, as needed. Exemplifies the Rush mission, vision and values and acts in accordance with Rush policies and procedures.

Requirements

Bachelor's degree in related area or an equivalent combination of education and experience.
Four years of experience in healthcare privacy or health information management related field.
Intermediate Microsoft Excel, Access, SharePoint, and Word skills.
Strong skills in communication, project/time management and prioritization/organization.
Must be able to work effectively with individuals at all levels in the organization.

Nice To Haves

Master's degree.

Responsibilities

Prepares data flow diagrams to support the analysis of privacy and security projects.
Conducts analysis of data and prepares charts to determine trends regarding privacy and security risks.
Creates reports to support metrics, projects and information analysis.
Designs and conducts audits of access to the electronic health record (EHR), analyzes results, and identifies possible instances of inappropriate access or use of the HER.
Administers an enterprise-wide application capable of auditing access to applications processing ePHI enterprise-wide.
Administers a rotating schedule of audits to ensure a complete cycle of for cause and not-for-cause audits are accomplished.
Designs and implements databases using Microsoft Access and other database tools. Develops the means to create automated reports that provide metrics of operational effectiveness.
Administers software and databases for the office, including those built on Access, Excel, and outsourced/portal-based, as assigned.
Coordinates the intake and reporting of Hotline reports under the supervision of the Privacy Director.
Maintains the Privacy Office intranet site, including posting of files and creating linked content through Sharepoint.
Maintains technical equipment for the office and interfaces with Information Services, when needed.
Supports the conduct of HIPAA risk assessments by collecting and reporting information using prepared checklists, as needed.
Conducts privacy and security assessments as part of Environment of Care rounds at RUMC.
Provides support to HIPAA privacy and security incident response and analysis as directed.
Prepare and send privacy forms to patients, as needed.
Performs administrative functions (filing, mailing, mail, etc.) of the Privacy Office.
Performs process improvement activities.
Interfaces with other support functions within the institution (e.g., Information Services or Medical Center Engineering) for equipment or service requests.
Other duties as assigned.