Senior Privacy Analyst - Corporate Responsibility - System Wide

Job Description

Primary Function/General Purpose of Position

The Senior Analyst, Privacy investigates potential privacy breaches and noncompliance with BSMH Privacy/HIPAA-related policies. The Senior Analyst is responsible for implementing and administering BSMH’s Privacy policies and procedures at the entry level, and helping to ensure compliance with HIPAA, HITECH and state mandated privacy and confidentiality requirements. The Senior Analyst participates in other privacy-related duties as necessary or as assigned. Under the direct supervision of the Director, Privacy, this position contributes to the Bon Secours Mercy Health mission and vision by supporting privacy compliance activities within their assigned functional area as part of the overarching BSMH compliance program.

Essential Job Functions

• Works collaboratively with the Director on ensuring that the privacy program is in compliance with HIPAA and other relevant laws and regulations. 

• Develops privacy, compliance monitors and audit protocols specific to privacy functional risk areas highlighted by the DHHS Office for Civil Rights and/or other enforcement agencies, in response to the annual BSMH compliance work plan, and as requested by management.

• Researches, investigates, documents, and reports on issues related to privacy and confidentiality of Protected Health Information (PHI) under HIPAA (Health Insurance Portability and Accountability Act of 1996). Reports breaches to the DHHS Office for Civil Rights (OCR) in compliance with governing federal laws.

• Utilizes data analytics techniques and databases developed internally, or in conjunction with other third-party vendors to detect and trend potential privacy compliance issues.

• Makes recommendations for corrective action, remediation and mitigation following a privacy incident. 

• Maintains awareness of regulations and current industry changes that may impact healthcare services domestic and international through personal initiative, continuing education, and peer-to-peer networking.

• Assists with privacy policy development and socialization.  Participates in multi-disciplinary BSMH committees to address privacy-related system and regulatory issues. Coordinates market issues with appropriate functional Director, and may present privacy and/or policy materials at market-based meeting venues.

• Develops educational content and trending of non-compliant activities to enhance proficiency and competency, understanding of standards and the consequences of non-compliance.  Prepares multi-faceted oral, written, and electronic communications and presentations to facilitate discussion, networking, decision-making and proactive responses to meet current and emerging challenges among affected parties and entities.

• Provides training, coaching, and mentoring to staff at the direction of the Director. Attends various staff meetings to provide role-based education, assess departmental level HIPAA risks and answer questions from internal departments.

• Attends various staff meetings of the Privacy Program and the Compliance Department.

• Travel, if required by the Privacy Director, and approved by the Chief Privacy Officer, to complete on-site education and investigations.

This document is not an exhaustive list of all responsibilities, skills, duties, requirements, or working conditions associated with the job. Employees may be required to perform other job-related duties as required by their supervisor, subject to reasonable accommodation.

Licensing/Certification

Certified in Healthcare Compliance (CHC), Certified in Healthcare Privacy Compliance (CHPC), Certified Information Privacy Manager (CIPM), or other compliance or privacy certification (preferred)

Education

Bachelor’s degree in Legal studies, Healthcare administration, Business, health information management, or another related field (required)

Work Experience

Five to seven years of in-depth experience within healthcare operations or compliance related activities (required)

Working Conditions

Periods of high stress and fluctuating workloads may occur.

Long-distance or air travel as needed- not to exceed 10% travel.

General office environment.

Required to car travel to off-site locations, occasionally in adverse weather conditions.

Other: Willingness to travel extensively between Bon Secours Mercy Health corporate office (Ohio), local and remote locations. Willingness to travel up to 10% of time throughout the organization, as needed, to complete duties.