Senior Privacy Compliance Analyst
Previous Job
Senior Privacy Compliance Analyst
Ref No.: 18-06613
Location: San Francisco, California
Job Title: Senior Privacy Compliance Analyst
Job Location: San Francisco, CA
Job Duration: 6 + Months Contract

JD (Juris Doctor) degree REQUIRED

Job Description:

The Senior Privacy Compliance Analyst has four major scopes of responsibility:
1). Review, negotiate, approve contractual documents including but not limited to escalated Business Associate Agreements, Appendix Data Security, EHR Donation Agreements, Community Connect Agreements, Affiliation Agreements, Data Sharing Agreements and becoming a Subject Matter Expert for all Privacy related contracts
2). Assist in the UCOP mandated Campus Privacy Program
Supervise the Interns for our new Privacy Intern Program to keep a continuous pipeline of future Privacy Investigators

4). Special projects including but not limited to tasks associated with our Audit Program. As Client Health continues to grow, the Privacy Office is gearing up to meet the needs of more Affiliation Agreements and the increasing volume of incoming work including the four major scopes of work described above. The complexity and the time involved on such activities have grown exponentially and the Privacy Office is creating a new position to handle the overflow of agreements for review and decrease risk. As part of the 2015 initiative by UC Office of the President, each UC campus will be tasked with implementing a comprehensive Privacy program geared towards higher education needs.
The Senior Privacy Compliance Analyst will assist the Campus Privacy Program Manager & Operations Manager with building a thorough Privacy program tailored for higher education and analyzing its effectiveness. The program will be a delicate balance of ensuring academic freedoms while protecting individual's Privacy needs. The new Privacy Intern Program was born from the need to train a continuous pipeline of students with interest in Privacy Investigations. Privacy Investigations are a niche skillset and very difficult to recruit for. The new Client Privacy Intern Program meets this need for the Client Privacy Office and any other privacy organizations outside of Client. The Senior Privacy Compliance Analyst will assist in setting up the program, tapping into our connections at USF Law and UC Hastings Law initially. The Senior Privacy Compliance Analyst will also oversee the interns, serve as a resource for them, and partner with the Operations Manager/Campus Privacy Program to complete evaluations.
The scope of responsibility for the Client Privacy Office and subsequently the Campus Privacy Program fall under the direction of the Chief Privacy Officer and includes all Client Campus Departments, the Client Health System, Langley Porter Psychiatric Institute, Client Fresno, Office of Research, Academic Affairs, Advancement & Planning, Administration & Finance, Benioff Children's Hospital Oakland, UBCP (Client Benioff Children's Physicians) and Client Members at Affiliate Organizations.

REPORTING RELATIONSHIPS This position reports directly to the Operations Manager/Campus Privacy Program Manager.
The Senior Privacy Compliance Analyst will oversee Interns in the new Client Privacy Interns Program.

The Senior Privacy Compliance Analyst will provide the Privacy Office perspective with contracts by completing the following:
Review, negotiate, approve, provide alternate language for edits to contractual documents including but not limited to escalated Business Associate Agreements, Appendix Data Security, EHR Donation Agreements, Community Connect Agreements, Affiliation Agreements, Data Sharing Agreements, · Will become the Subject Matter Expert for all contracts with a Privacy perspective. · Will assist Operations Manager/Campus Privacy Program Manager with annual HIPAA BAA training for BCHO, Client Campus, and Client Medical Center Contract Officers.

PERSONNEL SUPERVISION / PRIVACY INTERN PROGRAM Oversees the new Privacy Intern program which will entail:
Assist Operations Manager/Campus Privacy Program Manager in contacting USF Law School and UC Hastings to set up the new program
Oversee the work being produced by the Interns
Serve as a resource to the Interns
In conjunction with the Operations Manager/Campus Privacy Program Manager, conduct performance evaluations with each Intern CAMPUS PRIVACY PROGRAM Assist the Operations Manager/Campus Privacy Program Manager with the UCOP mandated Campus Privacy Program.
Assist with building a new and comprehensive Campus Privacy program tailored for higher education, including developing goals, deliverables, timelines.

Assist with creating and implementing a Campus Privacy Assessment to identify gaps, weaknesses and risks.
Identify Campus data stewards and oversee the identification of the Campus data systems.
Assist with developing Privacy policies and practices for Restricted Information.
Coordinates with the Education/Policy Manager for an education program to include Restricted Information for individuals including staff, students and faculty.
Measures effectiveness of the new program.
Provides continuous improvement and ongoing efforts.
Assist with the Campus Privacy Program Subcommittee meetings and activities.

Serves as liaison between Client and the Privacy Office to independently respond to and resolve investigations, grievances, and consults, including complex fraud, ethical, research, and legal issues related to privacy, in a multidisciplinary and collaborative manner, and to document per Privacy Office procedures.
Responds to Office of Civil Rights and other legal entities in any compliance reviews or investigations related to Privacy Office activities including Root Cause Analyses (RCAs) or Whistleblower or I Group review as appropriate.
Independently coordinates correction action plans with relevant compliance/audit and administrative units and assures appropriate follow up and/or service recovery for mitigation and remediation strategies which are compliant with the regulatory agencies and regulations.
Independently works with appropriate departments, clinicians, and leadership to identify trends in non-compliance, to collaborate on methodologies for prevention and recurrence of the future privacy incidents; Collaborates or leads as assigned on the revision of policies, guidelines, and consent and authorization forms and other documents for Client enterprise.
Responsible for documentation related to internal audits and complaint resolution.

1. Maintains current knowledge of applicable State and Federal laws related to Privacy, Confidentiality and Security of Protected Health Information (PHI), Personally Identifiable Information (PII) and other Restricted Information, Client enterprise policies and procedures, and compliance activities to ensure compliance with internal policies and state and federal regulations
2. Role models excellent interpersonal, communication, and problem solving skills. Presents professional demeanor and is a customer service role model in interactions with internal and external customers; patients, families, visitors, hospital/health system personnel, outside vendors, external organizations, and physicians
3. Works in a team environment; understands, supports, and performs other duties within the department's scope of service as appropriate and assigned
4. Leads and manages special projects as assigned by the Chief Privacy Officer or Privacy Compliance Manager. Research the issues as needed, assessing implications on university operations and administrative processes
5. Serves on Client committees and/or taskforces as assigned by the Chief Privacy Officer or Privacy Compliance Manager
6. Develops effective and productive working relationships with a variety of constituents and units, including but not limited to CMO, Chairs, faculty, senior leaders, key executive committees, designated managers, Legal Affairs, Risk Management, Corporate Compliance, Campus and Medical Center IT Security teams, Regulatory Affairs, and Internal Audit
7. Demonstrates and facilitates thorough and excellent communication skills in oral and written responses and communications, alerting the Chief Privacy Officer and/or Privacy Compliance Manager, in a timely manner, to significant issues
8. Serves as resource to the Privacy Office, faculty, staff, students, public and others to ensure compliance with policies and standards and timely responses
9. Strives for continuous professional development in maintaining and increasing knowledge and skills related to compliance, systems management, analysis methodology, training, and report writing skills for compliance, privacy, confidentiality and other related areas
10. Performs other duties as assigned


Demonstrates service excellence by following the Everyday PRIDE Guide with the Client Medical Center standards and expectations for communication and behavior. These standards and expectations convey specific behavior associated with the Medical Center's values: Professionalism, Respect, Integrity, Diversity and Excellence, and provide guidance on how we communicate with patients, visitors, faculty, staff, and students, virtually everyone, every day and with every encounter. These standards include, but are not limited to: personal appearance, acknowledging and greeting all patients and families, introductions using AIDET, managing up, service recovery, managing delays and expectations, phone standards, electronic communication, team work, cultural sensitivity and competency.
Uses effective communication skills with patients and staff; demonstrates proper telephone techniques and etiquette; acts as an escort to any patient or family member needing directions; shows sensitivity to differences of culture; demonstrates a positive and supportive manner in which patients / families/ colleagues perceive interactions as positive and supportive. Exhibits team work skills to positively acknowledge and recognize other colleagues, and uses personal experiences to model and teach Living PRIDE standards.
Exhibits tact and professionalism in difficult situations according to PRIDE Values and Practices Demonstrates an understanding of and adheres to privacy, confidentiality, and security policies and procedures related to Protected Health Information (PHI) or other sensitive and personal information. Demonstrates an understanding of and adheres to safety and infection control policies and procedures. Assumes accountability for improving quality metrics associated with department/unit and meeting organizational/departmental targets. Work Environment
Keeps working areas neat, orderly and clutter-free, including the hallways. Adheres to cleaning processes and puts things back where they belong. Removes and reports broken equipment and furniture.
Picks up and disposes of any litter found throughout entire facility.
Posts flyers and posters in designated areas only; does not post on walls, doors or windows.
Knows where the Environment of Care Manual is kept in department; corrects or reports unsafe conditions to the appropriate departments.
Protects the physical environment and equipment from damage and theft.

A minimum of 5+ years' experience working in a healthcare compliance, quality or analytical environment; or an equivalent combination of education and experience.
BA/BS degree in business, healthcare, finance, or a related field; or an equivalent combination of education and experience.
Project management experience including a solid working knowledge of contracts, policies and procedures.
Highly organized and thorough with an ability to facilitate communications and scheduling among departmental staff and with all levels of Medical Center and Campus Leadership, faculty, staff and students. U/jdesc/hrrep2
Knowledge of HIPAA Privacy and Security standards and other regulatory requirements.
Experience with HIPAA Compliance in a major Healthcare environment.
Knowledge of Word, Excel, PowerPoint and database software programs or equivalents.
Strong communication, writing and interpersonal skills (oral, electronic and written), with demonstrated confidentiality, discretion, tact and ability to manage and deal with sensitive issues.
Demonstrated ability to prioritize effectively according to Client enterprise and departmental needs and organize a large number of changing variables and deadlines.
Demonstrated ability to manage multiple, complex and competing priorities.
Must have a strong operations, compliance, and management background with extensive knowledge of medical terminology, IT expertise related to HIPAA Security Rule, as well as knowledge of JCAHO, Client, CMIA, CMS, Lanterman Petris Short Act and other external regulations to ensure compliance
Must demonstrate appropriate sensitivity and judgment in complex situations and collaborate effectively with the Chief Privacy Officer, faculty, Security Officers for the Medical Center and the Campus, department directors, managers, and staff.
Strong negotiation skills.
Ability to understand and negotiate complex agreements and legal terms.

Master's degree in Nursing, business, finance or other related field. Healthcare Compliance, Privacy and/or other similar professional certifications.

Prior University of California or Academic Medical Center experience.
Experience in staffing medical staff committees.
Experience negotiating HIPAA Business Associate Agreements.