Privacy Analyst

Company :Highmark HealthJob Description : 

JOB SUMMARY

*This is a hybrid role in Pittsburgh or Wilkes Barre PA

This job provides analytical support to various aspects of the enterprise-wide Privacy Program. Responsible for the development of policies and procedures, privacy incident investigation, and response maintenance of privacy incident databases and workforce training. Provides guidance to business and operational areas and recommends changes to processes to support privacy program compliance. Additional responsibilities may include receiving, reviewing, and responding to patient and member requests for Health Insurance Portability and Accountability Act of 1996 (HIPAA) individual rights as well as monitoring, auditing, and oversight activities.

ESSENTIAL RESPONSIBILITIES

• Enterprise-wide Privacy Program facilitation and implementation.

• Collaborate with business owners, and other stakeholders to identify and develop, implement and enhance privacy policies, procedures and programs to meet or exceed the privacy compliance requirements of laws and regulations including but not limited to: The Health Insurance Portability and Accountability Act of 1996 (HIPAA), The Health Information Technology for Economic and Clinical Health Act (HITECH), and other international, federal, and state laws, rules, and regulations.

• Analyze privacy incidents, new initiatives and process changes for compliance with international, federal, and state privacy and security laws, rules, and regulations.

• Provide analytical support to risk identification and stratification, which includes monitoring and preparing reports in a proactive fashion.

• Lead investigations of privacy and security incidents to determine facts, identify root cause, and thoroughly analyze scope of impact to provide comprehensive analysis with recommendations for resolution and risk mitigation.

• Ensure privacy investigations are accurately documented and tasks are completed within required compliance timeframes and departmental standards. 

• Assist with required HIPAA risk analysis and execution of any required notice to accounts and individuals.

• Monitor current privacy compliance environment, including corporate policies and procedures and other rules and regulations for privacy compliance through trend analysis and risk assessment, taking appropriate steps to improve the program’s effectiveness.  

• Perform privacy risk assessments and support implementation of new or amended requirements.

• Privacy refresher training development, implementation, and delivery as the result of identified corrective actions as part of privacy investigations. 

• Business owner collaboration and communication. Establish and maintain relationships with business owners in a variety of departments and subsidiaries within Highmark Health. Work closely with business owners throughout the enterprise to collaborate on key privacy and information management initiatives such as training, communication, and risk management.

• Participate in audits and cross-functional projects of various sizes and levels of complexity; serves as privacy subject matter expert throughout such projects.

• Provide technical, administrative, and analytical privacy assistance as required.

• Demonstrate and apply a thorough understanding of Highmark Health’s complex business processes and environment.

• Demonstrate and apply strong project management skills, inspire teamwork and responsibility with team members, and use current technology and tools to enhance the effectiveness of deliverables.

• Other duties as assigned or requested.

EDUCATION
 

Minimum

• Associate's Degree

Substitution

• Relevant experience and/or education as determined by the company in lieu of an Associate's Degree

Preferred

• Bachelor's Degree or J.D.

LICENSES/CERTIFICATIONS

Required

• CIPP (Certified Information Privacy Professional) certification within 1 year of appointment

Preferred

• None

EXPERIENCE

Required

• 3 years of relevant, progressive experience in the area of specialization. Exempted experience requirements effective August 2016

Preferred

• None

SKILLS

• In depth knowledge of privacy laws and regulations including HIPAA, privacy and security breach notification rules and reporting requirements under federal and state privacy laws.

• Strong understanding of information management and privacy subject matter, as well as business and operational knowledge of Highmark Health and/or Insurance/healthcare industry and integrated hospital networks.

• Independent thinking capabilities, including analytical skills to review and articulate privacy compliance objectives and applicable guidance and regulations. 

• Proficiency in investigative techniques including data analysis, risk analysis, risk mitigation, and causation inquiries.

• Ability to identify and evaluate risks in process workflows and human factors and prioritize and assess likelihood of risks.

• Strong communication skills including the ability to accurately describe complex workflows, fact patterns, and remediation plans clearly and succinctly for leadership. Ability to prepare written privacy notices concisely and accurately.

• Strong interpersonal skills; must be able to effectively resolve privacy issues and concerns.   Working teams. This role interacts routinely with personnel within and outside of Highmark Health and must possess a positive, professional, and credible demeanor.  The utmost integrity in the discreet and confidential handling of confidential materials is expected.

• Strong analytical and problem-solving skills, sound professional judgment, business knowledge, and business acumen. Possess the ability to assess operational functions and related reports to ensure compliance with applicable operational guidance and regulations. 

• Strong organizational and project management skills. Ability to manage multiple timelines and proactively manage stakeholder expectations with effective communication. Must be accountable for management of multiple projects with stringent and often overlapping deadlines involving several cross-functional areas. Must be flexible and able to manage aggressive deadlines along with evolving priorities.

• Ability to work independently and effectively manage workload, while demonstrating sound judgment in determining when to escalate issues or matters to the supervisor for guidance or resolution. Time management capabilities, to enable timely recordkeeping and analysis are essential.

• Ability to collaborate across teams and departments to coordinate logistics, proactively conduct thorough investigations, and effectively communicate information during incident management.

• Implementation and project deadline coordination must be routinely monitored for potential internal and external risks and reported to management. A constant balance between strict project deadlines, corporate initiatives and daily priorities must be maintained with critical attention to ensure success in compliance with all applicable requirements. 

SCOPE OF RESPONSIBILITY
Does this role supervise/manage other employees?    
No  

 
WORK ENVIRONMENT
Is Travel Required?
Yes  
 

Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job.
Compliance Requirement: This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.
As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times.  In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy. 
Furthermore, it is every employee’s responsibility to comply with the company’s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law.

We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below.

For accommodation requests, please contact HR Services Online at [email protected]

California Consumer Privacy Act Employees, Contractors, and Applicants Notice