The University of Maryland Medical System
SENIOR PRIVACY ANALYST
The University of Maryland Medical System, Baltimore, Maryland, United States,
The University of Maryland Medical System (UMMS) is an academic private health system, focused on delivering compassionate, high quality care and putting discovery and innovation into practice at the bedside. Partnering with the University of Maryland School of Medicine, University of Maryland School of Nursing and University of Maryland, Baltimore who educate the state's future health care professionals, UMMS is an integrated network of care, delivering 25 percent of all hospital care in urban, suburban and rural communities across the state of Maryland. UMMS puts academic medicine within reach through primary and specialty care delivered at 11 hospitals, including the flagship University of Maryland Medical Center, the System's anchor institution in downtown Baltimore, as well as through a network of University of Maryland Urgent Care centers and more than 150 other locations in 13 counties. For more information, visit www.umms.org.Job Description
The Corporate Compliance and Business Ethics Group’s (CCBEG’s) Privacy Program provides privacy oversight, subject matter expertise, support and guidance to all administrative and clinical functions with University of Maryland Medical System (UMMS) and is based on the seven elements of an effective compliance program adhering to industry regulations, system policies, the Centers for Medicare & Medicaid Services Conditions of Participation, Conditions of Payment, and state specific requirements.Under the supervision of the Director of Compliance, will work closely with the Information Technology (IT) Security team and other key stakeholders to implement elements of the Privacy Program, manage risk assessments and complex privacy incidents, coordinate data policy and procedure development and monitoring, manage privacy related contractual agreements and oversee auditing programs of business associates to ensure compliance with existing and new federal and state privacy laws and regulations affecting UMMS. Additionally, will work collectively with UMMS Member Organizations (e.g. hospitals) management and other personnel to ensure that Corporate Privacy Program initiatives are implemented across UMMS.Principal Responsibilities and TasksThe following elements are intended to provide a comprehensive overview and level of work performed by the individual assigned to this job description. The elements are not an exhaustive list of all the job duties the assigned individual may be requested to perform.Serves as the data privacy resource to UMMS Corporate and Member Organizations, building strong cross-functional relationships with Shared Service and Member Organization leadership advising on data privacy-related issues.Lead role for managing and resolving complex data privacy and IT related investigations, overseeing incident response team and process, collaborating with internal and external key stakeholders and Member Organizations to determine resolution and manage breach determination and notification process under Health Insurance Portability and Accountability Act (HIPAA) and applicable state privacy rules and regulations. Collaborates with IT Security and other internal and external key stakeholders conducting root-cause analysis, facilitate remediation action plan with operational management, and oversee implementation.Reviews the investigation and breach risk assessment works of Member Organizations and Compliance Analysts.Mentor and guides Compliance Analysts.Prepares and manages HIPAA, privacy, and data enterprise-wide risk assessments. Conducts risk assessment analysis identifying areas of high, medium, and low risks. Assist Director of Privacy and Research Compliance in compiling reports for Executive Leadership of aggregate risk assessment findings and recommendations. Communicates risks to both technical and non-technical stakeholders.Serves as the System Administrator for privacy related databases and applications, including but not limited to electronic medical record (EMR) monitoring systems and privacy contracting applications. The System Administrator will grant user access and privileges, ensure initial training on applications/databases, and analyze system designs and data flows to identify potential privacy vulnerabilities and improve efficiencies.Lead Privacy Monitoring Program and ensure ongoing monitoring of inappropriate/unauthorized access and disclosures through use of EMR monitoring applications and features (e.g. Protenus, Break-the-Glass, etc.) and data loss prevention applications in accordance with the Health Information Technology for Economic and Clinical Health Act and HIPAA Privacy Rule. Perform trend analyses. Assist Director of Privacy and Research Compliance in preparing summary reports for Executive Leadership on privacy monitoring activities.Proposes and implements improvements to risk assessment tools, audit, and monitoring software.Oversees internal and external monitoring and auditing procedures related to business associates, detecting potential non-compliance. If evidence of non-compliance, recommends solution and remediation plan to ensure effective and timely correction actions are implemented.Participates in policy review and development and related implementation plan.Develops privacy and/or security awareness messages and education materials in collaboration with the Director of Privacy and Research Compliance and Director of Compliance Education, Regulatory, and Monitoring.Prepares reports to meet the needs of the Chief Compliance Officer, Vice President of Compliance Operations, Director of Compliance, UMMS Executive Management, and the Audit and Compliance Committee of the Board of Directors.Perform other duties as assigned.Qualifications
Education and ExperienceBachelor’s degree in business administration or healthcare or a relevant field required;Five (5) years of relevant work experience in healthcare, compliance, or an equivalent combination of education, experience, and/or demonstrated performance with high level work quality and productivity. The Senior Data Privacy Analyst must have at least three (3) years of work experience in healthcare privacy or security, case investigations, and auditing and monitoring, and at least two (2) years of work experience in statistical data analysis or equivalent related fields is required;Certified in Healthcare Privacy Compliance (CHCP) and/or Healthcare Compliance (CHC) (or achieve certification no later than 12 months from hire date).Experience with health laws and regulations, including strong knowledge of federal and state laws pertaining to privacy, personal identifiable information, and medical system policies is required.Demonstrated strong cross-functional communication and leadership skills, with the ability to initiate and drive projects proactively, strong analytical, organization, facilitation, written and oral communication and presentation skills.Productive in high work volume, speed, quality, and consistency. Ability to set priorities and work well under pressure to meet deadlines.Knowledge, Skills, and AbilitiesMust be able to maintain confidentiality of all compliance and privacy related or other reported issues.Computer literate with intermediate proficiency in Microsoft Office Suite, Visio, Internet and data analysis tools and techniques.Proficiency in managing privacy monitoring tools (e.g. Protenus, Fair Warning, etc.).Effective verbal, written and interpersonal skills to communicate with patients, visitors, peers, and management to establish strong working relationships.Strong analytical, problem solving, and decision-making skills.Knowledge of risk assessments and monitoring activities related to compliance and privacy risks.Ability to work in a self-directed team by taking and giving direction and sharing in the responsibility of the team.Self-motivated. Able to evaluate the scope of each day’s work and use time management and organizational skills to accomplish assignments.
#J-18808-Ljbffr
The Corporate Compliance and Business Ethics Group’s (CCBEG’s) Privacy Program provides privacy oversight, subject matter expertise, support and guidance to all administrative and clinical functions with University of Maryland Medical System (UMMS) and is based on the seven elements of an effective compliance program adhering to industry regulations, system policies, the Centers for Medicare & Medicaid Services Conditions of Participation, Conditions of Payment, and state specific requirements.Under the supervision of the Director of Compliance, will work closely with the Information Technology (IT) Security team and other key stakeholders to implement elements of the Privacy Program, manage risk assessments and complex privacy incidents, coordinate data policy and procedure development and monitoring, manage privacy related contractual agreements and oversee auditing programs of business associates to ensure compliance with existing and new federal and state privacy laws and regulations affecting UMMS. Additionally, will work collectively with UMMS Member Organizations (e.g. hospitals) management and other personnel to ensure that Corporate Privacy Program initiatives are implemented across UMMS.Principal Responsibilities and TasksThe following elements are intended to provide a comprehensive overview and level of work performed by the individual assigned to this job description. The elements are not an exhaustive list of all the job duties the assigned individual may be requested to perform.Serves as the data privacy resource to UMMS Corporate and Member Organizations, building strong cross-functional relationships with Shared Service and Member Organization leadership advising on data privacy-related issues.Lead role for managing and resolving complex data privacy and IT related investigations, overseeing incident response team and process, collaborating with internal and external key stakeholders and Member Organizations to determine resolution and manage breach determination and notification process under Health Insurance Portability and Accountability Act (HIPAA) and applicable state privacy rules and regulations. Collaborates with IT Security and other internal and external key stakeholders conducting root-cause analysis, facilitate remediation action plan with operational management, and oversee implementation.Reviews the investigation and breach risk assessment works of Member Organizations and Compliance Analysts.Mentor and guides Compliance Analysts.Prepares and manages HIPAA, privacy, and data enterprise-wide risk assessments. Conducts risk assessment analysis identifying areas of high, medium, and low risks. Assist Director of Privacy and Research Compliance in compiling reports for Executive Leadership of aggregate risk assessment findings and recommendations. Communicates risks to both technical and non-technical stakeholders.Serves as the System Administrator for privacy related databases and applications, including but not limited to electronic medical record (EMR) monitoring systems and privacy contracting applications. The System Administrator will grant user access and privileges, ensure initial training on applications/databases, and analyze system designs and data flows to identify potential privacy vulnerabilities and improve efficiencies.Lead Privacy Monitoring Program and ensure ongoing monitoring of inappropriate/unauthorized access and disclosures through use of EMR monitoring applications and features (e.g. Protenus, Break-the-Glass, etc.) and data loss prevention applications in accordance with the Health Information Technology for Economic and Clinical Health Act and HIPAA Privacy Rule. Perform trend analyses. Assist Director of Privacy and Research Compliance in preparing summary reports for Executive Leadership on privacy monitoring activities.Proposes and implements improvements to risk assessment tools, audit, and monitoring software.Oversees internal and external monitoring and auditing procedures related to business associates, detecting potential non-compliance. If evidence of non-compliance, recommends solution and remediation plan to ensure effective and timely correction actions are implemented.Participates in policy review and development and related implementation plan.Develops privacy and/or security awareness messages and education materials in collaboration with the Director of Privacy and Research Compliance and Director of Compliance Education, Regulatory, and Monitoring.Prepares reports to meet the needs of the Chief Compliance Officer, Vice President of Compliance Operations, Director of Compliance, UMMS Executive Management, and the Audit and Compliance Committee of the Board of Directors.Perform other duties as assigned.Qualifications
Education and ExperienceBachelor’s degree in business administration or healthcare or a relevant field required;Five (5) years of relevant work experience in healthcare, compliance, or an equivalent combination of education, experience, and/or demonstrated performance with high level work quality and productivity. The Senior Data Privacy Analyst must have at least three (3) years of work experience in healthcare privacy or security, case investigations, and auditing and monitoring, and at least two (2) years of work experience in statistical data analysis or equivalent related fields is required;Certified in Healthcare Privacy Compliance (CHCP) and/or Healthcare Compliance (CHC) (or achieve certification no later than 12 months from hire date).Experience with health laws and regulations, including strong knowledge of federal and state laws pertaining to privacy, personal identifiable information, and medical system policies is required.Demonstrated strong cross-functional communication and leadership skills, with the ability to initiate and drive projects proactively, strong analytical, organization, facilitation, written and oral communication and presentation skills.Productive in high work volume, speed, quality, and consistency. Ability to set priorities and work well under pressure to meet deadlines.Knowledge, Skills, and AbilitiesMust be able to maintain confidentiality of all compliance and privacy related or other reported issues.Computer literate with intermediate proficiency in Microsoft Office Suite, Visio, Internet and data analysis tools and techniques.Proficiency in managing privacy monitoring tools (e.g. Protenus, Fair Warning, etc.).Effective verbal, written and interpersonal skills to communicate with patients, visitors, peers, and management to establish strong working relationships.Strong analytical, problem solving, and decision-making skills.Knowledge of risk assessments and monitoring activities related to compliance and privacy risks.Ability to work in a self-directed team by taking and giving direction and sharing in the responsibility of the team.Self-motivated. Able to evaluate the scope of each day’s work and use time management and organizational skills to accomplish assignments.
#J-18808-Ljbffr