Privacy Investigator
Previous Job
Privacy Investigator
Ref No.: 18-06618
Location: San Francisco, California
Job Title: Privacy Investigator
Location: San Francisco, CA
Duration: 6+ Months (Possible Extension)

Job Function Summary:
Involves the development, implementation and monitoring of policies and processes to ensure compliance with applicable laws and regulations in privacy and security of patient and protected health information. Develops privacy policies and systems from a strategic perspective; keeps abreast of privacy compliance issues, plans for changes and / or integration as new healthcare affiliations are assumed. Works with legal counsel, external agencies and management to manage breach incidents. Provides education and consultation to hospital and medical staff regarding the requirements, coordinates integration of standards and regulations with medical center or health system operations. (For broader healthcare regulatory compliance, see "Regulatory and Compliance HC” job standards.) Generic Scope (not customizable, will not be used in the job posting/advertisement): Experienced professional who knows how to apply theory and put it into practice with in-depth understanding of the professional field; independently performs the full range of responsibilities within the function; possesses broad job knowledge; analyzes problems / issues of diverse scope and determines solutions.

Custom Scope 
The Privacy Investigator investigates issues and implements solutions and manages multiple complex privacy/compliance HIPAA projects. This position will analyze data and produce mandatory compliance reports. Ensures written correspondence to and from the Privacy Office is accurate and in compliance with policies and procedures; tracks active priorities; assists with development of strategies to address issues; manages information storage and retrieval. Provides analytical support to the Privacy Officer and acts as liaison to reporting departments, Medical Center and Campus faculty and staff, UCOP executives, other UC campus officials, and outside agencies. Assists in a database administrator role to track and manage compliance projects, issues and resolutions to issues and breaches. Responsible for special projects as assigned by the Manager of Investigations and Regulatory or the Chief Privacy Officer. Applies knowledge of internal and external privacy and compliance regulations to execute preventative, investigative, and analytical compliance activities of all levels of complexity. Ability to read, analyze, and convey requirements outlined in relevant laws, regulations, and government advisories. Department Overview (please write a brief description of your department/unit that you would like to be included in the job posting/advertisement) The Client Privacy Office coordinates and oversee the Health and Campus Privacy Compliance Program for the Client Health Hospitals (including Clinics and Physicians), Client Benioff Children's Hospital in San Francisco and Oakland, Client Benioff Children's Physicians Group, Langley Porter Psychiatric Hospitals and Clinics, Client School of Medicine Faculty Practice, Client Schools (Medicine, Nursing, Dentistry, Pharmacy), Client Student Health Services, Client Fresno, Client Campus Departments, Client Human Subjects Research. This position reports directly to the Manager of Privacy Investigations & Regulatory who reports to the Chief Privacy Officer. The Chief Privacy Officer reports to the CEO for the Medical Center and the Chancellor for the Campus. Note: If this is a reclassification request or a replacement with significant changes, please briefly describe (no more than 2 paragraphs) the significant changes that have taken place since the position was last reviewed. Additionally, please provide a copy of the former job description for the position. Key Responsibilities List key functions and the estimated percentage of time spent performing each of the responsibilities. Indicate which responsibilities are considered "Essential " to the successful performance of the job as defined by the EEOC: "Essential functions are the basic job duties that an employee must be able to perform. You should carefully examine each job to determine which functions or tasks are essential to performance.” Example: 25% Essential Performs basic design, development, modification and debugging of software. Evaluates basic software for functional areas. Analyzes existing software or works to formulate logic for basic systems, prepares basic specifications and performs coding. % of time Essential Function (Yes/No) Key Responsibilities (To be completed by Supervisor) 25 Conducts moderate to complex investigations of suspected and reported violations of laws and policies. Independently conducts investigations. Presents findings to include assessment of potential liability and medical center impact. Acts as liaison in joint investigations with other location resources. Investigates HIPAA issues/breaches and process/develop resolutions in collaboration with appropriate departments for campus and Medical Center. 15 Conducts initial risk assessments for privacy issues and complaints through research, interviewing and analyzing. Implements courses of action according to established policies and procedures. 15 Participates in developing and implementing and monitoring action plans to maintain compliance with regulatory bodies. Reports on processes and practices compliance with external regulatory agencies, identifies potential issues. Responsible for data gathering, analysis and presentation for privacy office data for Client campus and Medical Center as well as department goals. Drafts correspondence related to inquiries, consultations, investigations.
10 Analyzes privacy and compliance and identifies patterns or trends. Provides regular reports and proposals to address issues to management. 5 Oversees the maintenance of databases, verifying systems, processes, and procedures are followed. Responsible for data entry, monitoring and tracking of HIPAA consultations, investigations and issues received in person, on the phone and through the mail/email.Track and manage data for report production. Assist in design and maintains interdepartmental databases, systems, processes, and procedures to facilitate workflow as assigned by the Privacy Managers. Assist in maintaining database integrity, including evaluating and as directed, implements changes/updates to the databases. Independently monitors and investigates database errors and operational issues. Prepare database queries and reports as required by the Privacy Officers. 10 Uses audit tools to assess compliance of privacy and security of patient and health related information at all levels of complexity. 5 Develops and delivers privacy training and communications to address a variety of privacy issues and programs. 5 Responds to caller hotline, provides investigations to uncover and resolve issues. Participates or leads privacy committee meetings and task forces. 5 Represents the privacy division at meetings, advocating for outcomes that will ensure the program maintains compliance. Collaborates with cross-functional teams and department staff and management, physicians, and external agencies. 5 Assist and coordinate efforts with the new Campus Privacy Program and the Research Privacy Program. Coordinates and manages special projects including literature research, as assigned by the Privacy Officers. 0% (To update total %, enter the amount of time in whole numbers (without the % symbol - e.g., 15, 20) then highlight the total sum (e.g., 1%) at the bottom of the column and press F9. The total sum should add up to 100%.)