The Regulatory Privacy and Information Security Analyst collaborates with the Information Security and Privacy Officers and other privacy and information security team members to assure compliance with federal and state privacy regulations, including HIPAA, HITECH, CMIA, other state privacy and security laws, and the organization's privacy and security policies and procedures. The Analyst is responsible for planning, executing, and managing a variety of regulatory, investigative, and educational-based projects as an integral member of Sutter Health's privacy and information security program. The Analyst develops and delivers privacy and information security awareness and compliance education and training for the enterprise and supports investigations with oversight from the Chief Privacy and Information Security Officer on regulatory matters and concerns. In addition, the Analyst is responsible for drafting and responding to regulatory inquiries with oversight from the Chief Privacy and Information Security Officer and affiliate Privacy and Information Security Officers.
The Analyst will ensure that the privacy and information security awareness program meets industry regulations, standards, and compliance requirements; communicates the privacy and information security policies to appropriate workforce members, and identifies top privacy and information security risks and behaviors to effectively reduce risks to the organization. Additionally, the Analyst assists in root cause analysis, corrective action plans, and investigative reports for privacy and information security incidents at the direction of the Chief Privacy and Information Security Officer or designee. The Analyst also assists with oversight and performs privacy and information security operation functions within Sutter Health's privacy and information security program, including activities related to the confidentiality, access, use, and disclosure of protected health information (PHI) and other confidential information. The Analyst assures adherence to applicable federal and state regulations, investigates and maintains documentation of privacy and information security incidents, ensures timely reporting to patients and government entities as required by law, monitors key elements of the privacy and information program, including ensuring implementation of training programs for members of the workforce and physicians. The Analyst must be able to think strategically, execute tactically, and build relationships across the organization to encourage a collaborative work environment.
Bachelor's degree in Computer Science, Information Technology, or related field required or equivalent education/experience.
Licensures and Certifications
HCISSP Certification or ability to obtain within 1 year of hire is desired.
Previous experience in privacy, security, compliance, education or healthcare field, as typically acquired during 2-5 years in a similar position is required.
Proven experience working in healthcare company and maintaining current on emerging federal and state requirements related to privacy and security of health information is preferred
Significant experience as a project and database manager is strongly preferred
Previous experience collaborating with Information Security and Privacy Officers and team members in order to assure compliance with federal and state privacy regulations, including HIPAA, HITECH, CMIA, other state privacy and security laws is required.
Proven experience planning, executing, and managing a variety of regulatory, investigative, and educational-based projects as an integral member of Sutter Health's privacy and information security program is required.
Demonstrated experience preparing training materials and conducting education or training sessions throughout the organization is required.
Previous experience working directly with state and federal regulatory agencies is preferred.
Skills and Knowledge
Thorough knowledge federal and state privacy regulations, including HIPAA, HITECH, CMIA
Demonstrated working knowledge and understanding of privacy and security laws and regulations
In depth knowledge of regulations pertinent to the privacy and security requirements in a healthcare environment
General knowledge of existing and emerging federal and state requirements related to privacy and security of health information
Demonstrated ability to set priorities and to respond to changing demands from multiple sources in a fast-paced environment
Demonstrated ability to maintain a high level of confidentiality
Proven ability to follow through, meet deadlines, anticipate requirements and build relationships
Strong problem-solving skills combined with excellent verbal and written communication skills
Proven ability to collaborate in a team environment with minimal supervision
Demonstrated comfort level with internal systems or demonstrated ability to learn new systems preferred
Excellent written and verbal communication skills, with the ability to energize, mobilize, and influence through effective working relationships with all levels of internal and external constituencies
Advanced level of computer and application competency including Excel, Power Point, Word, and relational database management systems