Privacy Analyst

Summary

The Privacy Analyst performs necessary audits and risk assessments to potential privacy issues and responds to actual and possible privacy breaches. The Privacy Analyst also helps increase privacy awareness within the organization through education and development.

These duties and responsibilities described below represent the general tasks performed and other tasks as assigned.

• Regularly reviewing policies and procedures to ensure data compliance.
• Staying abreast of changes to government privacy regulations/laws.
• Perform Privacy Risk Assessments throughout the organization, reporting to Privacy Officer and other stakeholders about current risk levels.
• Protecting data by ensuring the data is accurate, secure, and private.
• Establishing governance by creating policies and standards to ensure data privacy and security.
• Managing access by establishing access controls and ensuring users have access to the data they need.
• Cultivating a culture of ownership by encouraging employees to take responsibility for the data they interact with daily.
• Measuring and communicating success by tracking key metrics and communicating them to stakeholders.
• Acting as a point of contact for any potential issues and escalating matters as appropriate.
• Increasing privacy awareness by helping to increase privacy awareness within the organization.
• Adhering to the service standards and expectations at Chesapeake Regional Medical Center by training employees on preserving data security.
• Exhibiting excellent customer relations to patients, visitors, physicians, and co-workers.
• Exhibiting courteous communication skills and an ability to work with others, exercising good judgment in performance of job duties.
• Demonstrates courtesy, compassion, and respect for others in adherence of the hospital s philosophy and policy for promoting positive work and customer environments.

• Work as a team to continuously improve work quality.
• Demonstrate a commitment to flexible work schedules when it is necessary to ensure patient care.
• Other projects, duties and responsibilities assigned by the Privacy Officer and/or Chief Compliance Officer.

Bachelor’s degree in healthcare or related field required.

5 years’ directly relevant experience in Healthcare Compliance, Privacy, and/or Health Information Management.

Professional

Certifications:

Certified Information Privacy Professions (CIPP), Certified Information Privacy Manager (CIPM), and/or Certified Information Privacy Technologist (CIPT) preferred.

Qualified candidates will have extensive working knowledge of medical terminology and medical record content, release of information knowledge and the Health Insurance Portability and Accountability Act (HIPAA) privacy standards.

• Reports to:
  
  Chief Corporate Compliance Officer
• Supervises:
  None
• Responsibilities: N/A

• Providing training and guidance to employees on data privacy best practices and their responsibilities.
• Creating Awareness Materials
• Developing and distributing educational materials and communications related to privacy and data protection.

• Interdepartmental
  
  Collaboration:
  
  Working with various departments, including IT, Legal, and HR, to address data security concerns and ensure privacy compliance.
• Responding to Inquiries.
• Responding to data subject access requests and other privacy-related inquiries.

• Communicating privacy information to stakeholders, including employees, clients, and regulators.

• Risk Assessments:
  Conducting risk assessments to identify and evaluate potential privacy risks within the organization.
• Mitigation Strategies:
  Developing and implementing strategies to mitigate privacy risks.