Senior Privacy Associate - Healthcare Compliance

Seeking a full time Senior Privacy Associate to work in a Healthcare Compliance role in Southern CT.

The Senior Privacy Associate, under the supervision of the Director Compliance Privacy , is responsible
for educating, monitoring and evaluating compliance with HIPAA privacy regulations. Ensures patient
privacy is maintained in accordance with Federal, State and accrediting organizations’ regulations. Monitors
and maintains privacy reporting and auditing systems. Provides reports on HIPAA compliance to key
stakeholders and works collaboratively with leadership, physicians, counsel and staff on HIPAA privacy
issues.

EDUCATION REQUIREMENTS (INCLUDE LICENSE, REGISTRATION, CERTIFICATION):
Bachelor’s degree required; Master’s Degree preferred
CHPC (Certified in Healthcare Privacy Compliance) certification, CIPP or CIPM preferred

COMPETENCIES AND WORK EXPERIENCE REQUIREMENTS:
Three years in a healthcare setting, with at least 3 to 5 of experience in a privacy related function,
preferably in a healthcare or regulatory setting
Strong analytical, critical thinking, and problem solving skills
Ability to manage and prioritize a high volume work load independently or with limited assistance.
High level of competency with computer skills, including Outlook, Teams, PowerPoint, Word and Excel
Ability to analyze data and trends to identify deficiencies and develop corrective action
Knowledge of HIPAA (Health Insurance Portability and Accountability Act of 1996) and patient
confidentiality required. Knowledge of other state and federal privacy laws preferred.
Knowledge of electronic medical records, including EPIC
Analytical ability for special projects requested by Privacy Officer and other key stakeholders and
committees.
Must possess a high level of integrity and confidentiality, and have excellent organizational and
interpersonal skills, the ability to work alone and function as part of a team.
Ability to exercise independent judgment in order to appropriately receive patient complaints, determine
the acuity of the complaints and collaborate with the Privacy leadership, Directors and/or other service
providers to achieve satisfactory resolution.
Excellent written, oral, presentation and communication skills are essential.
A combination of relevant work experience and educational background will be considered.

MAJOR ACCOUNTABILITIES/CRITICAL RESPONSIBILITIES
Conduct training activities, privacy audits, and monitors all electronic medical record activity for the
health system.
Serve as HIPAA privacy resource for organization, assists workforce with HIPAA compliance and privacy
policies and procedures.
Routinely monitor changes in the applicable HIPAA government regulations. Research and analyze
available sources of regulatory guidance in response to specific questions.
Reviews FairWarning reports routinely to identify potential policy violations and investigates all
questionable access.
Manage the progress of corrective action plans for conducted audits.
Maintain database of privacy investigations in accordance with Hospital policy and regulatory
requirement.
Develop and provide all education for new and existing Stamford Health employees on privacy risk issues,
the organization’s Privacy program; and develop training materials to address privacy compliance risks .
Conduct privacy audits and rounding. Visits floors, patient rooms as requested, SHMG offices to discuss
privacy policies/procedures, patient complaints, and ensure HIPAA compliance.
Conduct privacy investigations and in- person interviews with workforce members of all levels and
backgrounds in coordination with Human Resources and applicable department leaders. Gathers
necessary information pre/post interview and maintains complete discretion during investigatory process.
Manage challenging patient and employee encounters, both in person and via telephone. Exemplify
Stamford Health core values in these interactions to protect patients, the organization, and ensure
compliance with applicable laws and internal policies and procedures.
Prepare and/or develop written documentation such as policies, procedures, and other written
communication to support ongoing activities of the Privacy program.
Demonstrate excellent judgment in escalating high risk matters to the Privacy Officer, General Counsel,
Human Resources or other leaders as needed.
Develop and update annual work plan, conduct annual risk assessments in collaboration with Compliance,
identifies and addresses high risk areas.
Manage the HIPAA Privacy Oversight Committee meetings and meeting preparation; develop and present
various presentations to the Corporate Compliance Committee and Audit Committee.
Participate in Enterprise Risk Management Committee, SHMG IT Steering Committee, and IT
Governance Committee
Collaborate with CISO on protecting patient privacy, breach mitigation and organizational training

Manage and train temporary or junior privacy staff
Work with outside counsel to draft breach notifications to Office of Civil Rights and State Attorneys
General; compile and file annual privacy breach reports to Office of Civil Rights
Collaborate with Risk Management team on investigations and privacy issues, provide coverage to
Compliance team as needed
Research, analyze and develop reports and correspondence in response to privacy complaints and
incidents.
Develop and review HIPAA internal Intranet site
Present reports of HIPAA compliance activities to departments and various committees in the organization