Privacy Consultant

Introduction

Do you want to join an organization that invests in you as a Privacy Consultant? At HCA, you come first. HCA Healthcare has committed up to $300 million in programs to support our incredible team members over the course of three years.

At HCA, we want to ensure your needs are met. We offer eligible colleagues an attractive benefit package that includes medical, wellbeing, dental and vision benefits along with some unique benefits including:

• Medical, Dental, Vision, Life Insurance and Flexible Spending
• Paid Time Off (PTO) and Personal Leave
• 401K (100% annual match - 3% to 9% of pay based on years of service)
• Academic Assistance and Reimbursements for Tuition and Student Loans
• Employee Discounts including Tickets, Retail, Mental Health Apps, Education Apps, Identity Theft Protection etc.
• Home, Auto, and Pet Insurance
• Employee Stock Purchase Program (ESPP)
• Short Term & Long Term Disability coverage
• Adoption Assistance
• Legal Benefits and lots more!
• Learn more about Employee Benefits ()

You contribute to our success. Every role has an impact on our patients’ lives and you have the opportunity to make a difference. We are looking for a dedicated Privacy Consultant like you to be a part of our team.

The Privacy Consultant plays a critical role with the development and support of HCA Healthcare’s enterprise-wide Privacy Program, as well as the Company’s compliance, governance, and strategy relative to information protection. The Consultant interacts extensively with leadership and business owners across the enterprise and provides consultative support on all privacy related matters.

• Assists in managing the strategic planning process including key enterprise initiatives to develop a clear vision of the department’s objectives and to address all regulatory requirements related to privacy.
• Assists in the development and executes the company privacy impact assessment (PIA) strategy to review business processes to evaluate and mitigate risks while identifying privacy controls necessary to protect sensitive information. Identify new process and products needing a PIA via TPA reviews, APM Governance reviews, Security reviews, DT&I Pods, and other ad-hoc requests.
• Identifies, minimizes and mitigates legal and regulatory privacy compliance risks.
• Assists in the review and analysis of proposed and final regulatory reform at the federal, state, and international levels (e.g., HIPAA, CCPA, CPRA, CPA, UK’s Data Use Act, DPDPA, Data Protection Laws, 21st Century Cures Act, Information Blocking).
• Directs third party vendor compliance reviews and due diligence efforts.
• Leads inquiries from external regulatory agencies (e.g., Office of Civil Rights) relative to compliance‑related investigations based on the government’s provision of technical assistance.
• Leads the pre‑and post‑ due diligence privacy review process for new acquisitions and divestitures by completing milestones timely and creating and executing detailed work plans.
• Leads enterprise‑wide policy and procedure development and support.
• Manages the Privacy SharePoint Sites.
• Responds to senior‑level/advanced enterprise‑wide inquiries submitted to centralized support mailboxes.
• Manages the FPO Onboarding Process by identifying new FPOs across the enterprise via the FPO change forms and PSG monthly report; update and publish the FPO listing; update and manage the FPO DLs; assign Health Stream New FPO Training and provide follow‑up; send Welcome Email and include new FPOs in monthly report; add FPOs to Webex space; and add new FPOs to Onboarding Training Call invite.
• Contributes to the selection of relevant topics and drafting monthly awareness and ad‑hoc communications.
• Assists with review and approval of privacy related training materials (e.g., Annual Code of Conduct, New Employee Orientation).
• Acts as a privacy subject matter expert relative to the application of the HIPAA Privacy Rule, HITECH Act, and privacy company policies and procedures.
• Develops strategic working relationships across all lines of business and project partners as necessary to identify, evaluate, and reduce privacy risks.