Privacy Analyst - University of Maryland Medical System

Renowned as the academic flagship of the University of Maryland Medical System, our Magnet®-designated facility is a nationally recognized, academic medical center with opportunities across the continuum of care.  Come join UMMC and discover the atmosphere where talents and ideas come together to enhance patient care and advance the science of nursing.  Located in downtown Baltimore near the Inner Harbor and Camden Yards, you won’t find a more vibrant place to work! 

General Summary

Investigate privacy incidents, develop, implement, and monitor privacy policies, procedures and processes. Assist with managing and monitoring privacy work and auditing plans to ensure compliance with applicable federal and state laws, rules and regulations. Work collaboratively with UMMS member organizations (e.g., hospitals) management and other staff to ensure Privacy Program initiatives are implemented across UMMS. Work is performed under limited supervision. Direct report to the Manager, Privacy & Data Protection.

Principal Responsibilities and Tasks

The following elements are intended to provide a comprehensive overview and level of work performed by the individual assigned to this job description. The elements are not an exhaustive list of all job duties the assigned individual may be requested to perform.

• Serve as a resource to UMMS Corporate, member organizations, and Regional Compliance teams for privacy-related issues.
• Serve as an information and support resource to the organization regarding privacy related issues.
• May serve in a lead capacity for investigating and resolving privacy matters in collaboration with internal and external key stakeholders and member organizations and manage breach determinations and notification processes under the Health Insurance Portability and Accountability Act (HIPAA) and applicable state privacy laws.
• May be asked to conduct root cause analysis, facilitate management action plan completion and assist with implementation.
• Facilitate prompt responses to complaints, privacy inquiries and investigation requests received from regulatory agencies (e.g., Department of Health and Human Services Office for Civil Rights and Health and Human Services (HHS), and Office of Attorney General).
• May be assigned to prepare draft responses to regulatory inquiries, including gather supporting documentation, collaborating with key stakeholders to gather facts and/or investigate complaints, and facilitate development of related management action plans.
• Prepare and submit federal and state privacy breach reports as assigned by the Manager or Director, Privacy & Data Protection.
• Stay abreast of applicable federal and state laws, rules and regulations that govern privacy.
• Assist with tracking of current, revised, and new federal and state privacy laws. Provide status reports to Compliance leadership pertaining to regulations and their potential impact on UMMS.
• Develop and manage project plans designed to comply with regulatory changes and collaborate with key stakeholders and member organizations on regulatory change implementation, socialization and education.
• Conduct audits/reviews and perform analysis to ensure compliance with applicable federal and state laws, rules, regulations and UMMS policies and procedures.
• Support creation and completion of the annual Privacy Audit and Monitoring Plan.
• Develop auditing tools and toolkits.
• Collaborate with member organizations to implement audit and monitor activities.
• Perform quality assurance reviews and provide recommendations.
• Develop, prepare, and present audit and monitoring outcome reports with recommendations for improvement and remediation to CCBEG leadership.
• Review the investigation and breach risk assessment work of member organizations and Compliance Analysts.
• Mentor and guide Compliance Analysts on Privacy Program related issues.
• Assist with developing, updating, and implementing privacy policies and procedures.
• Monitor privacy data and trends to detect systemic issues, deficiencies and/or areas for further investigation and provide recommendations for operational changes and corrective action.
• Develop HIPAA hints and privacy awareness communication and education materials in collaboration with the Director, Privacy & Data Protection, Manager, Privacy & Data Protection, and the Program Manager, Compliance Training & Education.
• Prepare reports for the Vice President of Compliance Operations in collaboration with the Director, Privacy & Data Protection, Manager, Privacy & Data Protection, UMMS Executive Management, and the Audit and Compliance Committee of the Board of Directors.
• Perform other duties as assigned.

Education and Experience

• Bachelor’s degree in Business Administration, Healthcare Administration, or related field, or the equivalent combination of education, training, and experience required.
• Minimum 1 year of experience in healthcare privacy, case investigations, and auditing and monitoring, or related field
• Minimum 2 years’ experience in health care compliance or closely related field required.
• Certified in Healthcare Privacy Compliance (CHCP) and/or Healthcare Compliance (CHC), or ability to obtain certification within 12 months from start date.

Knowledge, Skills and Abilities

• Working knowledge of auditing and monitoring techniques related to privacy risks.
• Familiarity with applicable federal and state laws, rules and regulations that govern privacy (e.g., HIPPA).
• Ability to manage time and productivity effectively and maintain confidentiality of all issues, investigations and inquiries.
• Effective skill using innovative thinking to solve problems and facilitate the decision-making process.
• Effective skill to influence, negotiate and persuade to reach agreeable exchange and positive outcomes.
• Effective skill developing and maintaining collaborative working relationships with all levels of leadership, staff and vendors.
• Effective analytical, quantitative, planning, organizational, and problem-solving skills.
• Effective skill presenting findings, conclusions, alternatives and information clearly and concisely at all levels within the organization.
• Effective skill managing multiple staff initiatives and meeting changing requirements and priorities to accomplish objectives.
• Ability to analyze, compare, contrast, and validate work with keen attention to detail.
• Ability to evaluate the scope of each day’s work and use time management and organizational skills to accomplish assignments in a timely manner.
• Strong sense of personal responsibility and accountability for delivering high quality work.
• Effective skill in the use of Microsoft Office Suite (e.g., Access, Word, Excel, PowerPoint).
• Effective verbal, written and interpersonal communication skills.

All your information will be kept confidential according to EEO guidelines.