Logo
The Children's Hospital of Philadelphia

Senior Privacy Specialist

The Children's Hospital of Philadelphia, Philadelphia, Pennsylvania, 19117


Reference : 1012144 SHIFT:Day (United States of America) Seeking Breakthrough Makers Children's Hospital of Philadelphia (CHOP) offers countless ways to change lives. Our diverse community of more than 20,000 Breakthrough Makers will inspire you to pursue passions, develop expertise, and drive innovation. At CHOP, your experience is valued; your voice is heard; and your contributions make a difference for patients and families. Join us as we build on our promise to advance pediatric care-and your career. CHOP's Commitment to Diversity, Equity, and Inclusion CHOP is committed to building an inclusive culture where employees feel a sense of belonging, connection, and community within their workplace. We are a team dedicated to fostering an environment that allows for all to be their authentic selves. We are focused on attracting, cultivating, and retaining diverse talent who can help us deliver on our mission to be a world leader in the advancement of healthcare for children. We strongly encourage all candidates of diverse backgrounds and lived experiences to apply. A Brief Overview The Senior Privacy Specialist will be responsible for supporting the enterprise-wide privacy program at Children's Hospital of Philadelphia that includes its hospitals, physician practices, primary and specialty care practices, the Research Institute and Foundation. Main areas of responsibility for this position include, assisting with privacy-related tasks such as incident investigations and data breach notification/reporting, policy development/updates, training, and various monitoring activities to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other privacy-related laws and regulations. This position reports to the Manager, Privacy Operations within the Office of Compliance and Privacy. What you will do Triage and respond to privacy inquiries from workforce members, patient families and regulators on various privacy related matters, concerns, and questions. Lead privacy incident investigations, including fact gathering, creating, and maintaining accurate documentation of required HIPAA breach assessment and notification to patient families and regulatory agencies and monitoring of corrective action plans as appropriate. Collaborate with other internal stakeholders to investigate, respond to questions and resolve privacy issues involving the collection, use, sharing, etc. of protected health information, personally identifiable information and/or other personal data. Such stakeholders generally include Health Information Management, Digital Technology Services, Information Security, Office of General Counsel, the Research Institute, Human Resources and other clinical and administrative business units/leaders. Lead the enterprise-wide proactive audit log monitoring program focused on detecting and investigating potential unauthorized access to electronic patient health information. This includes collaborating with and supporting business leaders and Human Resources through the investigation and sanctions process to ensure corrective/disciplinary action is applied in accordance with Hospital policy. Create and deliver privacy awareness and educational materials/communications to increase workforce member's understanding of CHOP's privacy policies/job aids and data handling best practices. Lead the creation and update of privacy content on the intranet and internet, CHOP policies/job aids, Notice of Privacy Practices and department standard operating procedures including recommending updates based on regulatory/operational changes as appropriate. Provide privacy subject matter expertise on operational committees and otherwise serve as an enterprise resource on privacy regulatory requirements. Generate reports on privacy program activities including, but not limited to privacy incidents, breaches, proactive monitoring program, and educational activities. Participate in an /or manage projects to support the annual privacy work plan, board reporting, and enterprise risk assessment process. Conduct ongoing routine audits to monitor compliance with privacy policies, job aids and regulatory requirements. Support the Manager and Director, Privacy Operations on other duties to support privacy program operations. From time to time, lead and/or support miscellaneous Office of Compliance & Privacy initiatives and/or projects. Licenses and Certifications Certified Information Security Professional/United States (CIPP/US) - International Association of Privacy Professionals (IAPP) - - Preferred Education Bachelor's Degree Health or Business Administration, Health Information Management, Information Security, law or related field. Required Experience At least five (5) years Professional work experience showing increasing levels of responsibility. Required At least two (2) years Healthcare, health information management, compliance, or law setting. Preferred At least two (2) years Experience with HIPAA, and other privacy-related laws/regulations/standards (including, but not limited to, state data privacy or international data privacy), data protection standards/controls, health information management, general compliance or healthcare operations preferred Experience with data technologies and tools preferred Experience within a Compliance, Legal or Risk Management role in a hospital setting preferred. Knowledge, Skills and Abilities Superior interpersonal skills, including individual and group interactions, and ability to communicate appropriately and effectively with a wide variety of individuals at all levels in the organization. (Required proficiency) Excellent analytical and problem-solving skills. (Required proficiency) Ability to communicate thoughts, ideas, and complex topics clearly in both verbal and written formats. (Required proficiency) Ability to manage, multi-task and prioritize high volume workload with competing priorities, while exercising appropriate professionalism and judgment. (Required proficiency) Strong attention to detail and organizational skills with the ability to meet deadlines. (Required proficiency) Ability to handle sensitive information and business affairs with discretion and confidentiality. (Required proficiency) Highly motivated and demonstrates initiative to learn new concepts and develop additional skills and expertise in a fast-paced complex organization. (Required proficiency) Proficiency with Microsoft (MS) Office (Word/Excel/Power Point/Teams). (Required proficiency) Demonstrated leadership and project management. (Required proficiency) Experience with MS Access and SharePoint. (Preferred proficiency) Ability to understand government regulations, federal, state and international privacy laws and requirements relating to data privacy and its application to healthcare operations, including, but not limited to the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and the Breach Notification Rule. (Preferred proficiency) A firm understanding of electronic health record applications such as Epic. (Preferred proficiency) A firm understanding of information security requirements including those that impact the healthcare industry. (Preferred proficiency) Experience with assessing privacy risk related to new technology. (Preferred proficiency) Proficiency with data collection, analytics, and reporting tools. (Preferred proficiency) Industry certification in privacy, health information management or information secur