Job Information
Commonwealth Care Alliance Remote - Healthcare Privacy Specialist in Boston, Massachusetts
Why This Role is Important to Us:
The Privacy Analyst will play a key role in building, operationalizing and sustaining an effective and robust Privacy Program. Reporting to the Manager, the role will ensure that the organization complies with relevant and applicable privacy laws, regulations, contractual requirements, and standards. The role will be responsible for developing and maintaining privacy-related policies and procedures, training, communications and awareness, monitoring and tracking, investigation, remediation, and corrective action planning documents, processes and protocols for the organization and all of its subsidiaries, affiliates and entities. The role will also ensure that all potential and reported privacy violations are fully investigated, including but not limited to the organizational security breach incident response protocol, partnering closely with Information Security, Legal and others. The role will additionally compile and develop relevant, timely and high-quality privacy reporting (including all relevant metrics) for both internal and external stakeholders, including but not limited to senior leadership, the Board and Audit Committee, and regulatory entities, among others. As part of the broader CCA Risk & Compliance Department and set of integrated GRC programs, the role will also foster and facilitate an organizational culture of openness, trust and transparency in ensuring integrity-based dealings with all internal and external stakeholders.
What You'll Be Doing:
ORGANIZATIONAL DEVELOPMENT OF PRIVACY PROGRAM
Develops and maintains all Privacy policies and procedures, ensuring timely, relevant and high-quality work product
Develops and maintains Privacy training, communications, education and awareness campaigns, plans and materials, ensuring timely, relevant, engaging and high-quality work product
Develops and maintains Privacy monitoring, tracking, reporting, metrics, dashboarding, and auditing programs and protocols, ensuring timely, relevant and high-quality work product, reviews and reports
Develops and maintains Privacy investigation and security/privacy data breach incident response protocols, reports and deliverables, partnering with all relevant cross-organizational areas, including those related to vendors, service providers, third parties and downstream entities (i.e., both internal and external incidents)
Develops and maintains Privacy and Security-related control remediation and corrective action planning (CAP) protocols and reports, including relevant CAP issuance, guidance and closure
Develops and maintains all Privacy-related vendor, service provider, third-party, downstream entity, and similar oversight controls and protocols, including but not limited to Business Associate Agreements and other contractual reviews, mechanisms and activities
Develops and maintains highly effective and high-quality protocols for all internal and external Privacy reporting, including relevant and timely metrics, for senior leadership, the Board and Audit Committee, and regulatory entities, among others
Develops and maintains highly effective and high-quality protocols for timely and promptly evaluating new Privacy laws, regulations, contractual requirements and standards, and for effectively and proactively guiding and advising all relevant business, operational and clinical areas to adequately operationalize such new requirements, activities and change management protocols
Coordinates privacy activities overseeing the establishment, implementation, and adherence to corporate policies on individual privacy, confidentiality, and release of confidential information
Develops and manages HIPAA project teams, including Privacy Liaisons; serves as a privacy resource for CCA departments and entities
Responsible for documenting and communicating the progress of the implementation of the HIPAA privacy and security compliance program at CCA including affiliates and related entities
Works with legal counsel, management, operational departments, and committees to ensure CCA has and maintains appropriate confidentiality consent, authorization forms and information notices
Works with the Legal Department to review new or revised healthcare laws and regulations (federal and state) pertaining to individual privacy, and determine whether modifications or revisions of policies and procedures are needed
Works closely with IT Security, members of the electronic medical record implementation/informatics team, and other information technology personnel to ensure that the organization’s privacy and security protections keep pace with technological advances
Coordinates with management, IT security, and others to assure physical safeguards to guard data integrity, confidentiality, and availability
Coordinates with senior management, operational managers, the Chief Information Security Officer, IT managers, and business support services to provide for a business continuity plan and disaster recovery service. Ensure CCA’s disaster recovery plan addresses relevant information privacy and security issues.
Reviews all system-related information privacy and security plans throughout CCA’s network to ensure alignment between security and privacy practices
Provides concise and timely summaries to senior management of complex and detailed regulatory publications and prepares operational impact statements
Assist in the development of the Compliance and Privacy Workplans through effective identification of privacy-related compliance risks
Executes prompt, relevant, timely and high-quality responses to regulatory inquiries, audits and requests for information, either liaising directly with regulators, as warranted and appropriate, or partnering with other CCA areas (e.g., CCA Compliance, CCA Legal, CCA Regulatory Audit Management, etc.)
PRIVACY EXPERTISE & RESOURCES
Maintains current knowledge of applicable federal and state privacy and security laws, regulations, contractual requirements and standards, and monitors advancements in information privacy and security technologies to ensure organizational adaptation and compliance
Participates in outside healthcare organizations to keep updated on privacy developments and “best practices”
Maintains regulatory library (“register”) for Privacy & Security laws, regulations and requirements pertaining to the organization
Maintains documentation of Privacy Program
Communicates changes in regulatory issues to senior management and to the appropriate operational managers
COMPLAINTS SYSTEM
Establishes and administers, as appropriate, a corporate process for receiving, documenting, tracking, investigating, and acting on all complaints concerning CCA’s privacy compliance policies and procedures
Responds effectively to incidents and violations to reduce the risks to the organization
Accurately and effectively reports privacy compliance risks and trends to internal stakeholders and through compliance committee governance
TRAINING, EDUCATION, & COMMUNICATIONS
Oversees the development, delivery, and ongoing improvement of privacy and security compliance training and awareness to include CCA staff and other entities, as required
Develops and implements a system-wide privacy training program and, in conjunction with the security official or other individuals charged with security oversight, a cyber security awareness and training program that includes the following components:
Initial training of all employees related to the privacy program
Privacy training to all members of the workforce, including all employees, volunteers, trainees, and other persons under the direct control of the entity on an unpaid basis, who are not business partners but are likely to have contact with PHI and/or PII
Upon changes in corporate privacy policy or procedure, retraining of directly affected employees
Mandated privacy retraining for all employees at on-boarding and annually thereafter
PRIVACY & SECURITY DISCIPLINE
Works with senior management to develop and consistently apply appropriate discipline for employees who fail to comply with the organization’s privacy and security policies and procedures
In cooperation with Human Resources, the Privacy & Security Officials, administration, and legal counsel, as applicable, ensures consistent application of disciplinary action for failure to comply with privacy and security policies for all individuals in the organization’s workforce, extended workforce, and for all business associates
Coordinates with HR to ensure no intimidating, discriminatory, or other retaliatory actions occur against a person who files, testifies, assists, or participates in any investigation, compliance review, proceeding, or hearing related to a privacy violation, or opposes any unlawful act or practice
CERTIFICATIONS AND AUDITS
Establishes an internal privacy and security compliance audit program to ensure enterprise-wide compliance with CCA privacy and security policies
Works with departmental managers to assure that there is adequate auditing and monitoring of systems’ access and activity and processes in place identify potential privacy and security violations
Directs or conducts independent Privacy reviews and evaluations of all operations and activities to appraise:
Compliance with current regulations of federal, state, and other regulatory bodies
Possible errors and omissions that may violate current or future compliance
Compliance with internal policies, plans or standards which could impact compliance with external regulatory bodies
Cooperates with the Office of Civil Rights (OCR), other regulatory entities, and organization officials in any compliance reviews or investigations
Participates in the development, implementation, and ongoing compliance monitoring of all business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed
Aids Legal, operational managers and staff during enforcement activities, surveys, and external investigations. Assists in the preparations of required documentation required by external agencies, corrective action plans, and future monitoring or auditing to assure compliance
Maintains communications with external regulatory or review organizations and accrediting agencies to assure proper interpretations of regulations and impacts on operations. Coordinates work with others within the organization that have responsibility for process improvement, accreditation surveys or other regulatory activities
Assist with the development and preparation of corrective action plans, maintain compliance with benchmarks/deadlines and prepare written reports of audits
Prepare and coordinate regulatory filings, as required
What We're Looking For:
Required:
Bachelor's required
3-5+ years of health insurance Privacy, legal, and regulatory experience required
Desired:
Relevant graduate degree (e.g., Juris Doctor, MBA, Masters, etc.) in a relevant field
Privacy & Security certifications such as Certified in Healthcare Privacy Compliance (CHPC), Certified in Healthcare Privacy and Security (CHPS), Certified Information Privacy Professional (CIPP), and/or other Privacy-related credentials.
An individual with a combination of the following: medical records/health information management background, information systems/technology background; compliance, legal or performance improvement experience
Health Plan Experience
EEO is The Law
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
Please note employment with CCA is contingent upon acceptable professional references, a background check (including Mass CORI, employment, education, criminal check, and driving record, (if applicable)), an OIG Report and verification of a valid MA/RN license (if applicable). Commonwealth Care Alliance is an equal opportunity employer. Applicants are considered for positions without regard to veteran status, uniformed service member status, race, color, religion, sex, national origin, age, physical or mental disability, genetic information or any other category protected by applicable federal, state or local laws.
Commonwealth Care Alliance
- Commonwealth Care Alliance Jobs