Privacy Associate (Privacy Compliance Specialist, Sr) - Oregon Health & Science University

Department Overview:

The mission of the Information Technology Group (ITG) is to develop, implement and maintain technology-based services and solutions enabling OHSU to effectively manage information to accomplish its missions. The Privacy Compliance Specialist Sr. supports the Office of the Chief Privacy Officer and is responsible for working with the OHSU community to facilitate institutional compliance and integrity with the policies, procedures, regulations, and guidelines pertaining to information privacy and security. The OHSU Information Privacy & Security program (IPSO) assists OHSU in the security, confidentiality, and integrity of OHSU confidential information, including protected health information (PHI).

Function/Duties of Position:

The Privacy Compliance Specialist Sr. supports the Office of the Chief Privacy Officer and is responsible for working with the OHSU community to facilitate institutional compliance and integrity with the policies, procedures, regulations, and guidelines pertaining to information privacy and security. The OHSU Information Privacy & Security program (IPSO) assists OHSU in the security, confidentiality, and integrity of OHSU confidential information, including protected health information (PHI). The position will serve as a subject matter expert in the Privacy Office, performing tasks including privacy projects implementation, privacy impact and risk assessments, facility reviews, responding to privacy related inquiries and assisting leadership in developing privacy strategies in support of the OHSU mission.

 

This position supports IPSO by providing associated services as follows: Serve as a subject matter expert resource for information privacy and security policies and regulations; Provide program support for all matters related to information privacy and security policy guidance; risk identification, risk assessment and risk management; Tracks and monitors privacy program risks, developing and implementing strategies for mitigating identified risks; Supports Privacy program goals and projects as assigned by leadership; Provides accurate and effective training, education and performs outreach activities as assigned and in line with the Privacy program’s training plan; Assist leadership with improving policies and processes including providing best practice and workflow guidance; Observe due care, objectivity and respect for confidentiality of information; and Serve as a management representative on assignments for both internal and external constituencies. Successful attributes for this position include: A resourceful professional who stays current with information, technology, trends, and developments in the field and implements applicable and reasonable process changes in response to industry trends. A professional who has operational experience in supporting privacy priorities in information technology infrastructure and programs. A collaborator and consensus builder capable of maintaining and cultivating successful working relationships with internal and external stakeholders. A person who proactively establishes/ develops strong partnerships with key stakeholders across the organization. A well-organized professional with the ability to manage a variety of complex projects while charting a course of action that effectively and efficiently assists the organization and department in fulfilling goals and objectives.

Required Qualifications:

Education:

• Bachelor’s degree

Experience:

• Five years of combined experience in healthcare privacy or compliance with at least 2 years in information privacy and security.

Job Related Knowledge, Skills, and Abilities:

• Experience working with highly sensitive and confidential information and projects.
• Excellent organizational skills and ability to operate and communicate effectively while meeting multiple deadlines and completing projects simultaneously.
• Ability to analyze information and construct an action plan tailored to resolve issues effectively and cooperatively.
• Experience reviewing, interpreting, and providing guidance on regulatory rules and standards.
• Ability to read and comprehend complex terminology and procedures in order to provide thorough and accurate guidance and assessments.
• Knowledge of compliance, federal and state laws, regulations, and guidance related to information privacy and security and HIPAA compliance.
• Ability to analyze and communicate complicated regulations and requirements to individuals at all levels of the organization.
• Ability to chart a course of action that effectively and efficiently assists the organization and department in fulfilling goals and objectives.
• Proven knowledge of formal information security and privacy standards, techniques and methodologies.
• Experience with Epic and/or other clinical applications.
• Ability to collaborate effectively and work both independently and in a team environment.
• Exceptional verbal and written communication skills.
• Exceptional people skills. Ability to interact in a positive, productive manner with others (demonstrating sensitivity, tact and professionalism).
• Ability to deal effectively with difficult situations.
• Highly motivated, team oriented, professional and trustworthy with strong skills is personal diplomacy.

Registrations, Certifications, and/or Licenses:

• Certification in compliance-related field or obtain certification with 12 months.

All are welcome:Oregon Health & Science University values a diverse and culturally competent workforce. We are proud of our commitment to being an equal opportunity, affirmative action organization that does not discriminate against applicants on the basis of any protected class status, including disability status and protected veteran status. Individuals with diverse backgrounds and those who promote diversity and a culture of inclusion are encouraged to apply. To request reasonable accommodation contact the Affirmative Action and Equal Opportunity Department at 503-494-5148 or aaeo@ohsu.edu.