Privacy Analyst - Corporate Data Investigations

Profile

Privacy Analyst - Corporate Data, Investigations

Duties: Provide targeted legal support to the Enterprise Privacy Office and support a multitude of projects and activities within the EPO, coordinating internally within the legal department and with key business stakeholders. Conduct documentation review and research, as assigned. Understanding of federal and state privacy laws, particularly HIPAA and state healthcare privacy related laws and regulations (e.g. CCPA), and have a working knowledge of GDPR, as well as incident response and privacy laws in other foreign jurisdictions. Must be able to communicate effectively with clients and BU customers concerning the importance of protecting Personal Health Information (PHI) and Personal Data. Working through a diverse scope of issues where analysis of the information may require identification and evaluation of many relevant potential factors. Anticipating privacy issues and initiate appropriate actions to ensure privacy issues and incidents are analyzed thoroughly and efficiently and in accordance with company policies and guidelines. Managing, with the Business Unit compliance resources and others in Legal & Compliance, all required breach determination and notification processes under HIPAA and applicable state breach rules and requirements. Proficiently drafting various EPO communications, including but not limited to notification letters, risk assessments, incident response reports and regulatory responses with minimal attorney oversight. Identifying, analyzing, researching and resolving legal and business process issues and make appropriate recommendations Under the direction of Privacy Counsel, work with external counsel as needed. In collaboration with Privacy Counsel, support the execution of the Privacy Office Framework, including supporting privacy incident response and privacy requests management, DSR requests, and other privacy processes as needed. Performing required breach risk assessment, documentation, and mitigation. Exercising reasonable judgment within generally defined practices and policies in selecting methods and techniques for obtaining solutions. Interfacing with various internal business groups (legal, compliance, regulatory, operations etc.) to ensure investigation reports, risk assessments, notification letters, and other relevant documentation are accurately reflected. Conducting research and investigations in a timely manner to ensure we meet our contractual notice obligations and other obligations under relevant laws (e.g. GDPR, HIPAA and other federal and state incident notification laws). Working with business unit and information technology teams to implement compliance (Privacy by Design) across all consumer and worker touchpoints and back-end systems. Support monitoring of various Privacy mailboxes and coordination of responses required. Assisting with privacy awareness activities (including contributing to content posted to internal intranet and team sites), as well as communications and privacy training. Awareness, monitoring, and updating of existing Privacy Policies and Notices. Participating on special project teams for the creation of tools, documents, and processes to enable improvements as needed. Managing identification and rollout of scalable innovative technologies to support global privacy compliance, including developing usage policies and guidelines, audit and control processes. Collaborating with the Enterprise Privacy Office and Chief Privacy Officer to design and establish ongoing compliance and quality assurance programs. Building and maintaining effective working relationships with internal and external stakeholder groups. Other duties as assigned.

Company info

Change Healthcare
13010 Morris Road Bldg 2
Alpharetta
Georgia
United States 30004
Website : http://www.changehealthcare.com