Senior Privacy Analyst

POSITION SUMMARY:

The Senior Privacy Analyst role provides support for operations and initiatives critical to Boston Medical Center Health Systems (BMCHS) information privacy practices. It is expected that this individual will support the implementation of our information privacy strategy and goals, which includes various projects and programs central to the privacy function throughout the organization.

Reporting functionally to the Director of Compliance and Privacy, the Senior Privacy Analyst is responsible for the implementation of all aspects of privacy and security breach case intake, investigations, internal reporting, monitoring and improvement efforts. The Senior Privacy Analyst assists with projects, external incident and breach reporting, and development of employee training and engagement material. The Senior Privacy Analyst monitors policies and procedures to align with and reflect current and future state and federal regulations (including HIPAA and HITECH).

Position: Senior Privacy Analyst

Department: Compliance

Schedule: Full Time

ESSENTIAL RESPONSIBILITIES / DUTIES:

The Senior Privacy Analyst will champion good information stewardship and privacy practices across BMCHS.

Prepares and completes all steps necessary to resolve privacy and security incidents. This includes:

• Manage and maintain all channels of incident reporting.
• Prepares intake documentation, contacts involved parties, conducts interviews, and researches data of privacy incidents to complete cases.
• Uses risk assessment standards to determine breach and reporting requirements.
• Prepares documentation of incident review and retains in the department's incident tracking system.
• Works with all levels of staff and clinicians including department heads, information security / information technology, office of general counsel, clinical research and institutional review board, patient advocacy, quality and safety, and human resources.
• Maintains integrity of privacy breach files with all supporting documentation.
• Responsible for ensuring mailings to patients are accurate, timely and recorded for regulatory requirements and reporting.
• Utilizes hospital's clinical systems to investigate reports of inappropriate access or breach or protected health information.
• Conducts audits of clinical records in response to patient request or at the direction of the Director, Compliance and Privacy.
• Conducts proactive audits to ensure the integrity of the medical record.
• Assists in facility walkthroughs for physical audits.
• Manages process as necessary to complete deadlines.
• Suggests continuous improvement and solutions for Privacy Office. Identifies root causes of issues, assesses trends, recommends changes, and reports these to the Director, Compliance and Privacy.
• Monitor the Privacy Office phone line and email address as needed.

Project Management:

• Develop project plans for consultation requests that require in-depth review by compliance and other stakeholders.
• Set deadlines, determine necessary stakeholders, coordinate meetings and follow projects through to completion.

• Human Resources and Compliance Line:

• Take the lead in developing bi-weekly agendas for review and collaboration with Human Resources Labor Relations team.
• Prepare weekly Compliance Line complaints, track to completion all complaints in the incident management system.
• Lead investigatory reviews of any issues that require meeting with employees, document all steps and present on meetings at the Human Resources Labor Relations meeting.

Research Privacy and Security Reviews:

• Establish a workflow for reviewing any researcher initiated requests to the department.
• Develop agenda for the Research Privacy and Security meetings and see each issue through to completion.
• Proactively recommend topics to bring to the bi-weekly Research Compliance meeting with support from the Director, Compliance and Privacy.

Policy Management:

• Ensure all Compliance and Privacy policies are renewed at the required intervals to stay current.
• Proactively review policies in both Compliance and Privacy manuals to recommend substantive updates when regulation or operational changes warrant review.
• Identify on a monthly basis any policies that the Director should take to the hospital's interdisciplinary Policy Committee.

Responsible for all minute taking at Privacy Office meetings or at the request of the Director. Proactively prepares draft agendas for meetings with other departments for approval by Director.

Works cooperatively with staff in Release of Information and other units in HIM to facilitate patient requests for records, amendments, and to restrict access to protected health information, when appropriate.

Assists with policy drafting and updates by tracking developments in state and federal regulations and laws.

Develops knowledge of applicable federal and state privacy laws and monitors advancements in information privacy technologies to assist with organizational adaptation and compliance.

Tracks and brings to completion all consultation requests from workforce members.

Provides metrics on incidents and consults from the incident tracking system on a quarterly basis and as needed.

Drafts Workplan for Privacy / General Compliance and reviews with team prior to submission on an annual basis

Performs other duties as needed or assigned.

(The above statements in this job description are intended to depict the general nature and level of work assigned to the employee(s) in this job. The above is not intended to represent an exhaustive list of accountable duties and responsibilities required).

JOB REQUIREMENTS

REQUIRED EDUCATION AND EXPERIENCE:

• Bachelor's Degree (B.A. or B.S.) and 3-5 years of privacy and/or compliance experience or equivalent combination of education and experience.

PREFERRED EDUCATION AND EXPERIENCE:

• Paralegal, Juris Doctor or relevant Master's Degree and 2-4 years of privacy and/or compliance experience.

CERTIFICATES, LICENSES, REGISTRATIONS REQUIRED:

• N/A

CERTIFICATES, LICENSES, REGISTRATIONS PREFERRED:

• Certified Information Privacy Professional (CIPP), Certified in Healthcare Privacy Compliance (CHPC), Healthcare Certified Information Security and Privacy Professional (HCISPP) or Certified Mediator preferred.

KNOWLEDGE, SKILLS & ABILITIES (KSAs):

• Outstanding organizational and analytical skills.

• Detailed-oriented with excellent follow-through skills to drive projects to closure.
• Ability to translate regulatory requirements into practical and actionable elements.
• Excellent interpersonal skills with solid understanding of the importance of relationship-building and how to effectively influence behavior.
• Experience communicating with health care staff and patients in a professional manner.
• Skilled investigator in complex issues; ability to see nuances of situation and hone in on the underlying issues.
• Skilled "lateral thinker". Be able to challenge assumptions and suspend judgment until appropriate.
• Strategic thinker able to map out work-flows and processes that converge with the facts then presented

Equal Opportunity Employer/Disabled/Veterans

According to the FTC, there has been a rise in employment offer scams. Our current job openings are listed on our website and applications are received only through our website. We do not ask or require downloads of any applications, or "apps" job offers are not extended over text messages or social media platforms. We do not ask individuals to purchase equipment for or prior to employment.