Privacy Specialist ll

About The Position

Requirements

• Bachelor's Degree in a related field of study required
• 2+ years of healthcare privacy compliance experience required
• In-depth knowledge of privacy laws, regulations, and standards, including HIPAA, HITECH, and state privacy laws, as well as their application in healthcare settings.
• Excellent communication and interpersonal skills to interact with hospital staff, patients, and regulatory authorities regarding privacy matters.
• Strong analytical and problem-solving skills to conduct privacy risk assessments and respond to privacy incidents effectively.
• Ability to manage multiple priorities and tasks, ensuring timely completion of privacy-related initiatives.

Nice To Haves

• Master's Degree Related Field of Study or Juris Doctor in related field of study preferred
• Demonstrated experience interpreting and applying HIPAA, HITECH, and other federal, state, international privacy regulations preferred
• CHPC, CIPP/US, CIPP/E, CIPM, or comparable privacy certifications preferred

Responsibilities

• Develop, update, maintain and advise on the hospital's privacy policies and procedures in alignment with federal, state, and local privacy regulations, including the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, 42 CFR Part 2, U.S. state privacy laws, U.S. Department of Justice Data Transfer rules, GDPR, and international privacy regulations.
• Conduct regular privacy training sessions for hospital staff and employees to ensure understanding and compliance with privacy policies and safeguarding PHI.
• Perform periodic privacy audits and assessments to evaluate the effectiveness of privacy controls and identify areas for improvement.
• Respond to privacy incidents and breaches, conduct investigations, and implement corrective actions to prevent future incidents.
• Conduct privacy risk assessments to identify potential vulnerabilities and develop strategies to mitigate privacy risks.
• Develop, prepare, and present privacy metrics, audit results, and data-driven insights to leadership
• Respond to patients and their families related to privacy rights and inquiries.
• Prepare and submit reports on privacy compliance to hospital leadership and regulatory authorities, as required.
• Ensure compliance with HIPAA Privacy and Security Rules, HITECH, 42 CFR Part 2, U.S. state privacy laws, GDPR, and international privacy regulations.
• Plan for and guide implementation of emerging state privacy legislation, including the anticipated Massachusetts comprehensive privacy law expected in 2026.
• Monitor and advise on data transfer requirements and safeguards, including developments related to DOJ-rule.
• Monitor and implement safeguards for website privacy, geolocation data, and patient portal security.
• Continuously track regulatory changes and translate requirements into updated policies, procedures, and controls.
• Conduct HIPAA/HITECH privacy risk assessments and formal Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs), documenting findings and mitigation plans.
• Perform vendor/business associate privacy assessments and contract reviews to ensure third-party compliance with regulatory and contractual obligations.
• Advise on AI privacy risk assessments—evaluate data use, algorithmic transparency, model governance, and regulatory/ethical compliance in clinical and operational AI solutions.
• Manage GDPR reporting obligations to controllers and, where applicable, supervisory authorities/Data Protection Authorities (DPAs).
• Conduct proactive EHR audits (e.g., inappropriate access, snooping, break-the-glass events) and trend monitoring to detect and prevent privacy violations.
• Design and implement privacy safeguards and terms of use for digital health services.
• Conduct all aspects of privacy incident investigations—including root cause analysis, containment, and remediation planning, risk assessment, documentation and ensure timely notifications to affected patients, research participants, employees, and to state/federal agencies and regulators as required.
• Develop, maintain, and operationalize privacy policies and standards tailored to healthcare provider operations
• Embed privacy-by-design into clinical, administrative, and digital workflows; Lead process improvement initiatives to strengthen privacy compliance and operational efficiency.
• Coordinate corrective actions and remediation plans for identified compliance gaps, findings, and audit issues.
• Partner with IT Security, Legal, Compliance, Research, HR, Health Plan Operations, and clinical leadership to align privacy practices and controls.
• Develop privacy metrics and dashboards.
• Prepare and present privacy metrics, audit results, and data-driven insights to leadership and regulatory bodies as needed; support committee reporting.
• Act on behalf of the Privacy Program Manager when requested to represent the privacy function in meetings and initiatives.
• Lead privacy training presentations tailored to clinical staff, administrative teams, researchers, students, interns and business associates.
• Assist the Privacy Program Manager in designing, scheduling, and maintaining the privacy compliance training program; Develop content for privacy awareness (e.g., website, newsletters, targeted communications) and foster a culture of privacy across the organization.
• Performs other duties as assigned
• Complies with all policies and standards