Full Job Description
**Company :**
Highmark Health
**Job Description :**
**JOB
SUMMARY**
***This is a hybrid role in Pittsburgh or Wilkes Barre
PA**
This job provides analytical support to various aspects of the
enterprise-wide Privacy Program. Responsible for the development of
policies and procedures, privacy incident investigation, and response
maintenance of privacy incident databases and workforce training.
Provides guidance to business and operational areas and recommends
changes to processes to support privacy program compliance. Additional
responsibilities may include receiving, reviewing, and responding to
patient and member requests for Health Insurance Portability and
Accountability Act of 1996 (HIPAA) individual rights as well as
monitoring, auditing, and oversight activities.
**ESSENTIAL
RESPONSIBILITIES**
+ Enterprise-wide Privacy Program facilitation
and implementation.
+ Collaborate with business owners, and other
stakeholders to identify and develop, implement and enhance privacy
policies, procedures and programs to meet or exceed the privacy
compliance requirements of laws and regulations including but not
limited to: The Health Insurance Portability and Accountability Act of
1996 (HIPAA), The Health Information Technology for Economic and
Clinical Health Act (HITECH), and other international, federal, and
state laws, rules, and regulations.
+ Analyze privacy incidents,
new initiatives and process changes for compliance with international,
federal, and state privacy and security laws, rules, and
regulations.
+ Provide analytical support to risk identification
and stratification, which includes monitoring and preparing reports in
a proactive fashion.
+ Lead investigations of privacy and security
incidents to determine facts, identify root cause, and thoroughly
analyze scope of impact to provide comprehensive analysis with
recommendations for resolution and risk mitigation.
+ Ensure
privacy investigations are accurately documented and tasks are
completed within required compliance timeframes and departmental
standards.
+ Assist with required HIPAA risk analysis and execution
of any required notice to accounts and individuals.
+ Monitor
current privacy compliance environment, including corporate policies
and procedures and other rules and regulations for privacy compliance
through trend analysis and risk assessment, taking appropriate steps
to improve the program's effectiveness.
+ Perform privacy risk
assessments and support implementation of new or amended
requirements.
+ Privacy refresher training development,
implementation, and delivery as the result of identified corrective
actions as part of privacy investigations.
+ Business owner
collaboration and communication. Establish and maintain relationships
with business owners in a variety of departments and subsidiaries
within Highmark Health. Work closely with business owners throughout
the enterprise to collaborate on key privacy and information
management initiatives such as training, communication, and risk
management.
+ Participate in audits and cross-functional projects
of various sizes and levels of complexity; serves as privacy subject
matter expert throughout such projects.
+ Provide technical,
administrative, and analytical privacy assistance as required.
+
Demonstrate and apply a thorough understanding of Highmark Health's
complex business processes and environment.
+ Demonstrate and apply
strong project management skills, inspire teamwork and responsibility
with team members, and use current technology and tools to enhance the
effectiveness of deliverables.
+ Other duties as assigned or
requested.
**EDUCATION**
**Minimum**
+ Associate's
Degree
**Substitution**
+ _Relevant experience and/or education
as determined by the company in lieu of an Associate's
Degree_
**Preferred**
+ Bachelor's Degree or
J.D.
**LICENSES/CERTIFICATIONS**
**Required**
+ CIPP
(Certified Information Privacy Professional) certification within 1
year of appointment
**Preferred**
+
None
**EXPERIENCE**
**Required**
+ 3 years of relevant,
progressive experience in the area of specialization. Exempted
experience requirements effective August 2016
**Preferred**
+
None
**SKILLS**
+ In depth knowledge of privacy laws and
regulations including HIPAA, privacy and security breach notification
rules and reporting requirements under federal and state privacy
laws.
+ Strong understanding of information management and privacy
subject matter, as well as business and operational knowledge of
Highmark Health and/or Insurance/healthcare industry and integrated
hospital networks.
+ Independent thinking capabilities, including
analytical skills to review and articulate privacy compliance
objectives and applicable guidance and regulations.
+ Proficiency
in investigative techniques including data analysis, risk analysis,
risk mitigation, and causation inquiries.
+ Ability to identify and
evaluate risks in process workflows and human factors and prioritize
and assess likelihood of risks.
+ Strong communication skills
including the ability to accurately describe complex workflows, fact
patterns, and remediation plans clearly and succinctly for leadership.
Ability to prepare written privacy notices concisely and
accurately.
+ Strong interpersonal skills; must be able to
effectively resolve privacy issues and concerns. Working teams. This
role interacts routinely with personnel within and outside of Highmark
Health and must possess a positive, professional, and credible
demeanor. The utmost integrity in the discreet and confidential
handling of confidential materials is expected.
+ Strong analytical
and problem-solving skills, sound professional judgment, business
knowledge, and business acumen. Possess the ability to assess
operational functions and related reports to ensure compliance with
applicable operational guidance and regulations.
+ Strong
organizational and project management skills. Ability to manage
multiple timelines and proactively manage stakeholder expectations
with effective communication. Must be accountable for management of
multiple projects with stringent and often overlapping deadlines
involving several cross-functional areas. Must be flexible and able to
manage aggressive deadlines along with evolving priorities.
+
Ability to work independently and effectively manage workload, while
demonstrating sound judgment in determining when to escalate issues or
matters to the supervisor for guidance or resolution. Time management
capabilities, to enable timely recordkeeping and analysis are
essential.
+ Ability to collaborate across teams and departments to
coordinate logistics, proactively conduct thorough investigations, and
effectively communicate information during incident management.
+
Implementation and project deadline coordination must be routinely
monitored for potential internal and external risks and reported to
management. A constant balance between strict project deadlines,
corporate initiatives and daily priorities must be maintained with
critical attention to ensure success in compliance with all applicable
requirements.
**SCOPE OF RESPONSIBILITY**
Does this role
supervise/manage other employees?
No
**WORK ENVIRONMENT**
Is
Travel Required?
Yes
**_Disclaimer:_** _The job description
has been designed to indicate the general nature and essential duties
and responsibilities of work performed by employees within this job
title. It may not contain a comprehensive inventory of all duties,
responsibilities, and qualifications required of employees to do this
job._
**_Compliance Requirement_** _: This job adheres to the
ethical and legal standards and behavioral expectations as set forth
in the code of business conduct and company policies._
_As a
component of job responsibilities, employees may have access to
covered information, cardholder data, or other confidential customer
information that must be protected at all times. In connection with
this, all employees must comply with both the Health Insurance
Portability Accountability Act of 1996 (HIPAA) as described in the
Notice of Privacy Practices and Privacy Policies and Procedures as
well as all data security guidelines established within the Company's
Handbook of Privacy Policies and Practices and Information Security
Policy._
_Furthermore, it is every employee's responsibility to
comply with the company's Code of Business Conduct. This includes but
is not limited to adherence to applicable federal and state laws,
rules, and regulations as well as company policies and training
requirements._
Highmark Health and its affiliates prohibit
discrimination against qualified individuals based on their status as
protected veterans or individuals with disabilities and prohibit
discrimination against all individuals based on any category protected
by applicable federal, state, or local law.
We endeavor to make
this site accessible to any and all users. If you would like to
contact us regarding the accessibility of our website or need
assistance completing the application process, please contact the
email below.
For accommodation requests, please contact HR Services
Online at
California Consumer Privacy Act Employees,
Contractors, and Applicants Notice
Req ID: J261653