Senior Privacy Analyst (Incident Management Risk Mitigation) - Remote

Our work matters. We help people get the medicine they need to feel better and live well.  We do not lose sight of that. It fuels our passion and drives every decision we make.

Job Posting Title

Job Description

Purpose: The Senior Privacy Analyst is responsible for supporting Prime in complying with contractual requirements, as well as state and federal regulations regarding the protection of, and access to protected health information. This position is responsible for administration of privacy program activities to enable compliance and prevent, detect and correct privacy incidents across the organization. This position is also responsible for the development, implementation and maintenance of privacy policies and procedures and evaluation of the organization’s overall adherence to privacy practices.

Responsibilities:

• Collaborate with Privacy leadership, Clients and internal business partners to ensure Prime possesses the appropriate privacy materials; facilitate ongoing maintenance of these materials to ensure alignment to current practice, industry trends and regulatory changes
• Administer policies and procedures, participate in Privacy Champion program, committee and team meetings in support of business or Privacy requirements
• Serve as a subject matter expert for questions and business support, with a focus on State and Federal consumer data protection and privacy laws and regulations, including the HIPAA Privacy Rule, TCPA, CCPA/CPRA, COPPA
• Research and maintain up-to-date records of applicable federal and state privacy laws; monitor advancements in privacy laws and recommend updates to Prime’s privacy practices
• Monitor and manage the receipt, documentation, tracking, investigation and resolution for complaints concerning Prime’s privacy policies and procedures; collaborate with Compliance, Legal counsel and business areas to gather information, recommend solutions and ensure the appropriate action is taken to resolve and close the issue
• Manage the intake and resolution of complex privacy incidents and complaints involving potential inappropriate use or disclosure of PHI; collaborate with business partners to recommend and ensure implementation of corrective action to support efforts to prevent future incidents
• Collaborate with Legal, Privacy Leadership and others in the development, implementation, and maintenance of privacy policies, procedures and other privacy documentation; develop privacy guidance and tools; evaluate and fulfill the privacy training requirements across the organization
• Monitor Prime’s compliance with privacy practices and facilitate consistent application of sanctions for failure to comply with privacy policies; collaborate with the Privacy and Security teams, Human Resources, and Legal Counsel as applicable to ensure individual and organizational adherence to privacy obligations
• Serve as the risk mitigation & corrective action lead in the Incident Management vertical of the privacy team

• Prevent and detect privacy incidents by administering monitoring activities of key business areas and vendors utilizing privacy incident trend analysis
• Partner with key business areas to reduce privacy incidents through effective mitigation and corrective actions
• Develop and oversee corrective action plans in coordination with privacy leadership and key privacy team members, business areas, and vendors
• Champion longer-term remediation and corrective action efforts that reduce the potential loss of protected health information and confidential information from security and privacy incidents
• Develop and maintain positive Client relationships proactively addressing any potential areas of concern

Minimum Qualifications:

• Bachelor’s degree in Business, Healthcare, Political Science, Legal, or Juris Doctor or related area of study; or equivalent combination of education and/or relevant work experience; HS diploma or GED is required
• 5 years of experience working within a legal or compliance role, or in a project or program coordination role within a highly regulated industry
• 5 years of experience working with HIPAA and state or federal privacy laws
• Must be eligible to work in the United States without need for work visa or residency sponsorship

Additional Qualifications:

• Strong verbal and written communication skills
• Strong attention to detail; organizational and time management skills
• Demonstrated process improvement experience
• Proven ability to maintain discretion and confidentiality
• Demonstrated ability to apply critical thinking skills and problem solve through difficult situations
• Experience establishing and maintaining key relationships internally and externally, at all levels of an organization
• Ability to establish rapport and effectively influence and/or present information to a wide variety of audiences

Preferred Qualifications:

• Healthcare, Pharmacy Benefit Management (PBM) or other managed care work experience

• Master’s degree or other advanced education in Business, Healthcare, Political Science, Legal, or related area of study
• Certified Information Privacy Professional (CIPP), Certified Information Privacy Technologist (CIPT) or Certified Information Privacy Manager (CIPM) certifications from International Association of Privacy Professionals (IAPP)

• Certified Compliance and Ethics Professional (CCEP) or Certified Healthcare Compliance Professional (CHC) or Certified Healthcare Privacy Compliance (CHPC)
• Project management experience and/or Project Management Professional (PMP) certification

Minimum Physical Job Qualifications:

• Ability to travel up to 10% of the time
• Constantly required to sit, use hands to handle or feel, talk and hear
• Frequently required to reach with hands and arms
• Occasionally required to stand, walk and stoop, kneel, and crouch
• Occasionally required to lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds
• Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and ability to adjust focus

Reporting Structure:

Reports to Principal or a Manager in the Privacy/Compliance Department

Prime Therapeutics LLC is proud to be an equal opportunity and affirmative action employer. We encourage diverse candidates to apply, and all qualified applicants will receive consideration for employment without regard to race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition (including breastfeeding), expecting or parents-to-be, or any other basis protected by law. 

We welcome people of different backgrounds, experiences, abilities, and perspectives including qualified applicants with arrest and conviction records and any qualified applicants requiring reasonable accommodations in accordance with the law.

Prime Therapeutics LLC is a Tobacco-Free Workplace employer.

Positions will be posted for a minimum of five consecutive workdays.