HIPAA Privacy & Security Analyst

Company: Central City Concern
Location: Hillsboro
Posted on: June 25, 2022

Job Description:

About Central City Concern:

Central City Concern is an innovative nonprofit agency providing comprehensive services to single adults and families in the Portland metro area who are impacted by homelessness, poverty and addictions. We hire people who are skilled and passionate to meet our mission through outcome-based strategies which support personal and community transformation.

CCC is hiring a HIPAA Privacy & Security Analyst to join our team!

This position has the primary function of assisting the Office of Compliance in working to protect the privacy of our patients and clients. The Analyst assists with the development, implementation, maintenance and oversight of the organization's policies, procedures, guidelines, and trainings pertaining to OCITPA, HIPAA, and 42 CFR Part 2 privacy protections, as well as monitoring compliance with all federal and state privacy rules and regulations and applicable CCC policies. This position will report to the Director of Compliance who reports to the General Counsel. The analyst will work closely with the other staff members in the Compliance Department, will provide the main link between the Compliance and IT Departments on information privacy and security issues, and will act as a resource on information privacy and security to shared services and program staff of Central City Concern.

Essential Duties & Responsibilities:

• Conduct compliance assessments, operational risk assessments, and internal audits. Analyze results and provide formal and informal reports of findings, including recommendations for improvement.
• Organize and facilitate regularly scheduled trainings regarding key areas of compliance, such as HIPAA; 42 CFR Part 2; OCITPA; Medicare/Medicaid Fraud, Waste, and Abuse; and records release.
• Respond to program queries about HIPAA, 42 CFR part 2, and other privacy, security, and compliance issues.
• Assist with identifying and tracking the agency's regulatory and contractual obligations, and monitor CCC's compliance with these obligations.
• Maintain familiarity with HHS-OCR and its evolving Enforcement Approach and provide regular updates to internal leadership regarding trends and risk assessment.
• Support the investigation, communication, and response to all alleged data security incidents including breaches of protected health information, collaborate with internal parties on remediation efforts, notify affected parties, and lead and support corrective actions. Draft and send Breach Notification letters to patients and report information breach events to governing agencies and/or contractual partners, as appropriate.
• Support development, maintenance, and revisions of policies and forms.
• Keep current with laws and regulations of federal, state, local, and licensing bodies.
• Draft, negotiate, and manage records related to maintain Business Associate Agreements.
• Provide support to Medical Records department in tracking and maintaining the accounting of disclosures of PHI.
• Support administrative departments in a variety of compliance related tasks as needed.
• Adhere to all state and federal privacy regulations, including HIPAA and 42 CFR Part 2, and to CCC policies and agreements regarding confidentiality, privacy, and security. Support compliance with all privacy and security requirements pursuant to community partners' and outside providers' patient confidentiality agreements, including privacy and security requirements for EMR access. This includes immediately reporting any breach of protected health information or personal identification information of any person receiving CCC services by CCC or an outside provider to the CCC Compliance Department, as well as to your supervisor or their designee.
• Participate in professional development activities and required trainings. Attend all mandatory CCC trainings in a timely manner.
• Perform other duties as assigned.
  Skills & Abilities:
  
  • Ability to interpret HIPAA requirements (including OCR guidance) both from a business and technical perspective, and ability to determine and provide leadership on what documentation meets best practice and industry standards.
  • Demonstrated ability to organize documentation and information into a compliance program
  • Ability to consider the impacts and outcomes for underserved communities during decision-making process.
  • Ability to consider impacts of oppression, structural racism, and individual bias on client outcomes.
  • Sound decision-making skills and excellent professional judgment.
  • Ability to handle sensitive and confidential information on a daily and ongoing basis.
  • Ability to communicate clearly and concisely both orally and in writing, including technical writing, interpersonal skills, and speaking to groups of employees.
  • Ability to maintain accurate records and necessary paperwork.
  • Ability to plan, coordinate, organize, train, and implement.
  • Ability to manage time, work independently, and meet deadlines.
    Minimum Qualifications:
    
    • Bachelor's degree required. Bachelor's or advanced degree in a health-care related field, public administration or policy, information technology or security, or a related field preferred
    • 3-5 years relevant experience in the field of information privacy, health records management, law, compliance, or health care administration required.
    • Detailed knowledge of and experience with HIPAA Privacy and Security rules, regulations, and requirements required.
    • Prior experience with HIPPA Compliance within a hybrid organization preferred.
    • Familiarity with a variety of the compliance field's concepts, practices, and procedures, especially the elements of an effective compliance program.
    • Knowledge of health care systems required, particularly knowledge of primary care, mental health and substance abuse, and/or community health care.
    • High degree of computer literacy required, including ability to learn new software and systems.
      Central City Concern offers an incredible benefits package to our employees!
      
      • Generous paid time off plan beginning at 4 weeks per year. Accrual increases with longevity.
      • Amazing 403(b) Retirement Savings plan with an employer match.
      • 10 paid Holidays PLUS 2 Personal Holidays to be used at the employee's discretion.
      • Comprehensive Medical, Vision, and Dental insurance coverage.
      • Employer Paid Life, Short Term Disability, AND Long Term Disability Insurance!
      • Sabbatical Program offering extended time off at years 7, 14 and 21.
        This description is intended to provide a snapshot of the work performed and is not designed to contain a comprehensive inventory of all duties, responsibilities, and qualifications required of the position.
        
        CCC values and celebrates diversity in race, heritage, ethnicity, gender identity and expression, sexual orientation, religion, age, and disability. We are an Equal Opportunity Employer and we prioritize active inclusion of diverse staff.
        
        As an agency deeply rooted in recovery, part of our policy and commitment to a drug and alcohol-free workplace includes post-offer, pre-employment drug screens. Please note we follow Federal Guidelines regarding prohibited substances, even for those legal at the state level.
        
        Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
        
        The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c) Associated topics: attorney, attorney corporate, business, company, compliance, corporate attorney, court, legal, legal affairs, market

Keywords: Central City Concern, Hillsboro , HIPAA Privacy & Security Analyst, Professions , Hillsboro, Oregon