Job Description

Your Role

The Privacy Office develops and oversees Blue Shield's Privacy Program. The Privacy Program ensures that Blue Shield and its affiliated covered entities, including Blue Shield of California Promise Health Plan, are in compliance with state and federal privacy laws and regulations, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), and California's Confidentiality of Medical Information Act (CMIA). The Privacy Program Specialist, Consultant reports to the Privacy Office Manager or Director and plays an essential role in advancing and enforcing Blue Shield's Privacy Program.

Responsibilities

Your Work

In this role, you will:

• Be responsible for the oversight of Blue Shield's compliance with state and federal privacy laws, including HIPAA and HITECH
• Respond to privacy complaints and incidents reported to the Privacy Office, lead assigned privacy investigations, timely and accurately document case files, direct investigations into root cause analysis, address mitigation, and work with impacted business units to develop and complete corrective action for remediation and to minimize risk of recurrence
• Consult with internal clients, as a subject matter expert, to provide privacy guidance about proposed projects and initiatives
• Respond to third-party privacy-related requests
• Develop and assist with the implementation of workforce privacy trainings, privacy policies, desk level procedures, resource guides, job aides, and other educational tools
• Negotiate Business Associate Agreements
• Act as a liaison with regulatory enforcement agencies to address technical assistance letters, investigation compliance reviews, audits, and other related reviews
• Auditing and monitoring compliance with the Privacy Program, developing and implementing corrective action plans (CAPs) on behalf of the Privacy Office, advising on CAPs issued by other business units with privacy-related components, conducting Privacy Impact Assessments and Data Protection Impact Assessments
• Assist, evaluate, and determine appropriateness of ad hoc requests from internal clients to disclose protected health information (PHI) to third parties and/or to allow third parties access to, or use of, Blue Shield PHI

Qualifications

Your Knowledge and Experience

• Requires a bachelor's degree or equivalent experience
• Requires at least 7 years of prior relevant experience
• Requires prior experience in healthcare, legal services, privacy, third-party cybersecurity incident management, investigative services, audit, systems or operations support, corporate training, or another related field
• Requires a solid understanding of state and federal privacy laws, including HIPAA/HITECH, CMIA, and privacy-related consumer protections laws, such as the Telephone Consumer Protection Act (TCPA), as well as knowledge of Department of Health Care Services (DHCS) privacy requirements for Medi-Cal Managed Care Health Plans and Centers for Medicare or Medi-Cal and Medicaid (CMS) Medicare or Medi-Cal Managed Care Plans
• Preferred: Privacy healthcare-related experience that includes a familiarity with Privacy Impact Assessments and Data Protection Impact Assessments; auditing and monitoring; investigating, managing, and reporting privacy incidents; health information management
• Preferred: CIPP/US Certification or HCCA CHPC Certification

About the Team

About Blue Shield of California

As of January 2025, Blue Shield of California became a subsidiary of Ascendiun. Ascendiun is a nonprofit corporate entity that is the parent to a family of organizations including Blue Shield of California and its subsidiary, Blue Shield of California Promise Health Plan; Altais, a clinical services company; and Stellarus, a company designed to scale healthcare solutions. Together, these organizations are referred to as the Ascendiun Family of Companies.

At Blue Shield of California, our mission is to create a healthcare system worthy of our family and friends and sustainably affordable. We are transforming health care in a way that genuinely serves our nonprofit mission by lowering costs, improving quality, and enhancing the member and physician experience.

To achieve our mission, we foster an environment where all employees can thrive and contribute fully to address the needs of the various communities we serve. We are committed to creating and maintaining a supportive workplace that upholds our values and advances our goals.

Blue Shield is a U.S. News Best Company to work for, a Deloitte U.S. Best Managed Company and a Top 100 Inspiring Workplace. We were recognized by Fair360 as a Top Regional Company, and one of the 50 most community-minded companies in the United States by Points of Light. Here at Blue Shield, we strive to make a positive change across our industry and communities - join us!

Our Values:

• Honest. We hold ourselves to the highest ethical and integrity standards. We build trust by doing what we say we're going to do and by acknowledging and correcting where we fall short.
• Human. We strive to listen and communicate effectively, showing empathy by understanding others' perspectives.
• Courageous. We stand up for what we believe in and are committed to the hard work necessary to achieve our ambitious goals.

Our Workplace Model

We believe in fostering a workplace environment that balances purposeful in-person collaboration with flexibility - providing clear expectations while respecting the diverse needs of our workforce. Our workplace model is designed around intentional in-person interaction, collaboration, connection, creativity and flexibility:

• For most teams, this means coming into the office two days per week.
• Employees living more than 50 miles from an office location, out of state employees, and employees in certain member-facing roles should work with their manager to determine in-office time based on business need.
• For employees with medical conditions that may impact their ability to work in-office, we are committed to engaging in an interactive process and providing reasonable accommodations to ensure their work environment is conducive to their success and well-being.

The Company reserves the right to require more presence in the office based on business needs, and requirements are subject to change with periodic reviews.

Physical Requirements:

Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of work day.

Please click here for further physical requirement detail.

Equal Employment Opportunity:

External hires must pass a background check/drug screen. Qualified applicants with arrest records and/or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.