Job Description :

The Privacy Associate II is responsible for performing a variety of privacy compliance activities to ensure proper use, collection, and storage of data throughout the organization, including the application of privacy by design principles to mitigate privacy risk and maintain the organization’s compliance with relevant laws, regulations, industry standards, and company policies.

This position will also manage the investigation of reports of potential non-compliance, lead risk assessments, and conduct other activities to support Client’s Privacy Center of Excellence.

This position interacts with manager and director-level personnel.

Responsibilities :

Evaluate enterprise initiatives to ensure information handling conforms to applicable legal, regulatory, and policy requirements.

Coordinate the process and serve as the contact person.

Identify potential privacy risks of collecting, maintaining, and disseminating information and evaluate alternatives to mitigate them.

Provide privacy regulation expertise to functional or operational areas of the business.

• Interpret federal / state regulations, develop applicable privacy policies and procedures, and advise business units on the implementation of requirements.
• Promote effective relationships with business areas; Partner with business areas on the creation of development of appropriate Corrective Action Plans (CAPs).
• Independently investigate, or manage the investigation of, privacy-related issues, as well as, perform assessments of the organization’s privacy compliance including determining root causes, and developing corrective action plans with other business units, as needed.
• Perform detailed data analysis to identify trends in privacy risks and appropriate mitigations.
• Lead the development and delivery of relevant privacy compliance training to both internal and external audiences (from individual contributors up to managers, directors, and higher).
• Ensure Clients privacy standards & policies are understood by the workforce, vendors, and other business-related third- parties.
• Identify and develop value-added metrics; analyze root causes, trends, and systemic issues and prepare reports for senior management and the Board of Directors.
• Interact with OCR or other regulatory agencies for matters relating to the privacy and security of Protected Health Information, including investigating issues identified by regulatory agencies and preparing reports.
• Serve as a seasoned resource and subject matter expert to other members of the privacy team. Mentor and support junior staff;

perform quality reviews of junior staff work product.

Independently manage special projects and ad-hoc tasks from management.

The information above is intended to describe the general nature of the work being performed by each incumbent assigned to this position.

This job description is not designed to be an exhaustive list of all responsibilities, duties, and skills required of each incumbent.

Education / Experience :

• Requires a Bachelor's degree from an accredited college or university. Advanced degree preferred.
• Requires a minimum of five years of compliance experience in a healthcare environment or the health insurance industry.
• Requires a minimum of three years of experience in a privacy compliance role.

Knowledge :

• Requires in-depth knowledge of the Federal and State regulatory environment in the health insurance industry, with emphasis on HIPAA privacy and security rules, as well as other state and federal privacy laws.
• Knowledge of Privacy by Design principles.
• Requires proficiency in the use of personal computer and supporting software including Microsoft Office ( Word, Excel, Outlook, and P

PowerPoint).

Experience with conducting privacy risk assessments preferred.

Skills and Abilities :

• Requires strong communication and presentation skills.
• Can convey clear and concise ideas and facts orally and written.
• Requires the ability to research and resolve problems through interaction with companywide personnel.
• Excellent organization and an ability to manage multiple priorities and shifting priorities.
• Able to interpret regulations and effectively apply them to business processes.
• Data analysis.
• Attention to detail.
• Ethics and integrity.
• Requires the ability to work independently.
Less than 1 hour ago