Privacy Manager

About the Position: The Privacy Manager will serve as the primary lead for maintaining, ensuring and fostering an environment that enhances and promotes compliance with privacy-related laws, regulations, policies and procedures to build a culture of privacy. The Privacy Manager serves as an active member of the Privacy Office and is involved in all activities related to the operation of the Healthfirst Privacy Program.

Hybrid Work Schedule consists of reporting to our NY office from Tuesday through Thursday. We are located at 100 Church Street, NYC 10007.

Duties and Responsibilities:

• Conducts and promotes Privacy training and awareness to the workforce.
• Responsible for Privacy training content & design as well as planning instructor led events and webinars.
• Manages and leads Healthfirst privacy impact assessments (PIAs) to identify risks involving the collection, access, use, protection, storage and destruction of Protected Health Information (PHI) and Personal Identifiable Information (PII). Works with stakeholders to develop risk mitigation plans.
• Represents Privacy in Healthfirst’s Vendor Management Program, which includes onboarding and annual Privacy assessments of its Business Associates (BAs).
• Develops and maintain Healthfirst privacy policies and procedures.
• Partners with departments and business units to ensure that privacy specific procedures, or privacy components of a larger process, align with Healthfirst’s Privacy Policy as well as federal and state regulations.
• Investigates and researches Privacy incidents and complaints, including issues involving employee access and use of PHI. Interviews employees and recommends appropriate corrective action to key stakeholders.
• Collaborates with Security on activities involving ePHI such as potential breach incidents, vendor transmission of PHI, or Company-wide risk assessments.
• With Legal, maintains Healthfirst’s PHI Breach Incident Response Guide.
• Participates in the development of the annual Privacy Work Plan and is responsible for driving various privacy projects within the Work Plan. This includes an analysis of the Plan to ensure it supports the Privacy Program as well as aligning to the Company’s mission, vision and goals.
• Manages, conducts and designs Healthfirst’s privacy walk-throughs of its corporate site and off-site locations
• Participates in the design of Healthfirst’s Community Offices, kiosk locations and mobile RVs to ensure these spaces safeguard PHI and PII as well as promote privacy and confidentiality.
• Conducts Privacy Reviews to assess Healthfirst’s compliance with federal/state privacy regulations and monitors corrective action plans
• Remains current on the health care privacy landscape to determine how Healthfirst will be impacted. This can be done through participating in external professional Privacy forums or networks such as the International Association for Privacy Professionals (IAPP), Health Care Compliance Association (HCCA) and America’s Health Insurance Plans (AHIP), etc.

Minimum Qualifications:

• Bachelor’s degree from an accredited institution
• Must have a deep understanding of all aspects of the HIPAA Privacy Rule, which includes the ability to articulate complex rules and regulations and how they impact Healthfirst and the health care industry
• Must have prior experience in health care payer, provider or other healthcare-related setting working in the HIPAA Privacy Program
• Efficient project management skills
• Ability to either work independently or in a team
• Possesses keen attention to detail to “issue spot” and escalate appropriately
• Exhibits strong critical thinking and problem-solving skills
• Strong verbal and writing skills; ability to understand the intended audience to communicate effectively
• Exhibits diplomatic skills than can foster collaborative relationships across the Company to deliver results
• Proficient in MS Office: Word, Excel, and PowerPoint

Preferred Qualifications:

• Master’s degree from an accredited institution
• Privacy experience in a Medicare, Medicaid and/or commercial payer
• Possesses an appreciation for information technology (IT) and applications and an understanding of how PHI and PII flows from system to system
• Working knowledge of Microsoft SharePoint
• Familiarity with Salesforce
• Knowledgeable of AWS cloud infrastructure
• Experience communicating with regulatory agencies such as the Office of Civil Rights (OCR), New York State Department of Health (SDOH), Department of Financial Services (DFS), etc.
• Familiar with hospital settings and systems

License/Certification:

• Privacy certification such as CIPP-US, CIPM, CHPC, or the ability to certify within 6-12 months of hire