UCSD Layoff from Career Appointment: Apply by 06/18/24 for consideration with preference for rehire. All layoff applicants should contact their Employment Advisor.
Special Selection Applicants: Apply by 06/28/24. Eligible Special Selection clients should contact their Disability Counselor for assistance.
This position will work a hybrid schedule which includes a combination of working both onsite at Greenwich Drive and remote.
This position will remain open until filled.
DESCRIPTION
Reporting to the Director of Privacy Compliance, this role requires excellent organization, communication, contract review, investigations, process improvement, analytics, and project management skills. This position requires a flexible team player to effectively prioritize multiple projects simultaneously under time-sensitive deadlines, and adapt quickly to changing priorities. In addition, successful candidate will assist in:
- The review, analysis and resolution of business associate agreements and other privacy-related contract inquiries by members of the organization, as necessary to ensure safeguarding of protected health information in compliance with applicable state and federal laws and regulations.
- The development and implementation of privacy controls. This includes but is not limited to collaborating with other business functions to understand relevant business processes and operations with privacy implications; performing periodic reviews and, as necessary, updating existing policies and procedures to ensure continuous improvement of privacy practices, processes, and controls.
- Tracking privacy legislation, conducting and summarizing research when needed on relevant privacy law and regulations, and assisting in managing compliance with relevant privacy and data protection laws, including implementation of new requirements.
- The development of privacy trainings and awareness campaigns to further promote privacy awareness, conducting privacy training and communicating best practices throughout the organization.
- Investigating and assessing privacy incidents, responding to patient concerns/caller hotline concerns, documenting findings of suspected and reported violations of laws and policies, assisting with the remediation of privacy issues and necessary notifications, tracking, validating and documenting mitigation actions. Acting as liaison in joint investigations with other location resources. Identifying, escalating, and following up on privacy issues that require investigation, resolution, and/or legal action.
- The development and implementation of monitoring and audit action plans to maintain compliance with regulatory bodies, policies and procedures.
The successful incumbent will use audit tools to assess compliance of privacy and security of patient and health-related information at all levels of complexity. Reports on processes and practices compliance with external regulatory agencies. Analyzes privacy and compliance data and metrics to identify patterns or trends. Prepares recommendations for business process changes to drive privacy compliance. Works with stakeholders, legal counsel and Information Security to identify and summarize privacy risks and remediation plans.
Participates or leads privacy committee meetings and task forces. Represents the privacy division at meetings, advocating for outcomes that will ensure the program maintains compliance. Collaborates with cross-functional teams and department staff and management, physicians, and external agencies. Builds/maintains strong relationships throughout the organization for ongoing dialogue with partners to ensure that organization is informed of regulatory or policy changes.
This challenging position provides frequent opportunity to interface with employees and managers at various levels across the organization. The successful candidate must possess high standards of legal and business ethics and a demonstrated ability to understand technology, independently problem solve, analyze large quantities of data, and clearly summarize and communicate facts. Supports privacy-related projects and duties as assigned.
MINIMUM QUALIFICATIONS
- Seven (7) years of related experience, education/training, OR a Bachelor's degree in related area plus three (3) years of related experience/training. Related Experience Includes: Administration of data privacy and record information management policies, creating or maintaining data inventories, records release, contracts review, risk mitigation, data loss risk prevention.
- Experience and proven success in federal and state laws pertaining to privacy and information security (including HIPAA, the Information Practices Act, and Confidentiality of Medical Information Act) and medical center policies.
PREFERRED QUALIFICATIONS
- Adept at working on multiple items at once, tracking each so none are dropped.
- Extremely detail-oriented.
- Experience in healthcare privacy compliance.
- Certified in Healthcare Privacy Compliance (CHPC) or other compliance/ethics certification such as: Certified in Healthcare Compliance (CHC), Certified Information Privacy Professional (CIPP), Certified in Healthcare Privacy and Security (CHPS).
SPECIAL CONDITIONS
- Candidate must obtain one compliance/ethics certification, such as CHPC within one year of employment.
- Must be able to work various hours and locations based on business needs.
- Employment is subject to a criminal background check and pre-employment physical.
Pay Transparency Act
Annual Full Pay Range: $85,400 - $156,800 (will be prorated if the appointment percentage is less than 100%)
Hourly Equivalent: $40.90 - $75.10
Factors in determining the appropriate compensation for a role include experience, skills, knowledge, abilities, education, licensure and certifications, and other business and organizational needs. The Hiring Pay Scale referenced in the job posting is the budgeted salary or hourly range that the University reasonably expects to pay for this position. The Annual Full Pay Range may be broader than what the University anticipates to pay for this position, based on internal equity, budget, and collective bargaining agreements (when applicable).
#J-18808-Ljbffr