Job Summary

The Privacy Specialist is responsible for managing day-to-day healthcare privacy compliance activities, including privacy incident review, patient privacy rights requests, audits, documentation, training, and monitoring of protected health information practices. This role serves as a privacy resource for internal departments and supports compliance with HIPAA, California privacy and medical information confidentiality requirements, and other applicable state privacy requirements. The Privacy Specialist also collaborates with IT on privacy-related cybersecurity matters involving electronic protected health information, system access, audit logs, and data protection practices. The Privacy Specialist may be assigned other compliance projects by Compliance leadership.

Duties and Responsibilities

• Manage day-to-day privacy compliance activities, including tracking, documentation, monitoring, and follow-up.
• Monitor compliance with HIPAA, California healthcare privacy requirements, other applicable state privacy requirements, and internal policies.
• Review, investigate, document, and escalate potential privacy incidents, including unauthorized access, improper disclosures, misdirected communications, patient complaints, and other suspected privacy concerns.
• Maintain documentation of privacy investigations, findings, corrective actions, mitigation steps, and follow-up.
• Review and process patient privacy rights requests, including access, amendment, restrictions, confidential communications, accounting of disclosures, and revocation of authorizations.
• Review patient communications, forms, authorizations, notices, and disclosures for appropriate privacy language and handling of protected health information.
• Review and track Business Associate Agreements and vendor privacy documentation.
• Conduct privacy audits and monitoring activities, including access reviews, communication reviews, documentation audits, and department-specific privacy reviews.
• Identify privacy risks and recommend corrective actions, retraining, policy updates, or process
  improvements.
• Provide privacy guidance to internal departments regarding patient communications, disclosures, record.requests, authorizations, and documentation practices.
• Develop, update, and maintain privacy policies, procedures, forms, logs, templates, and training materials.
• Conduct or coordinate privacy training, including onboarding, annual training, and targeted retraining.
• Collaborate with IT on privacy and cybersecurity compliance matters involving electronic protected health information, system access, user permissions, audit logs, secure transmission, and suspected unauthorized access.
• Support internal audits, accreditation reviews, payer audits, regulatory inquiries, and other compliance reviews related to privacy and patient information practices.
• Participate in additional compliance projects as delegated, including policy review, regulatory research, audit support, accreditation support, corrective action tracking, and compliance monitoring.
• Maintain confidentiality of patient information, employee information, company records, investigations, vendor information, and compliance matters.
• Perform other compliance-related duties as assigned.

Required Qualifications

• Working knowledge of HIPAA, protected health information, patient confidentiality, and secure handling of medical information.
• Familiarity with California healthcare privacy requirements and other state privacy requirements applicable to healthcare operations.
• Experience reviewing privacy incidents, patient records, authorizations, disclosures, complaints, audit findings, or compliance documentation.
• General understanding of privacy-related cybersecurity concepts, including user access, audit logs, secure transmission, system permissions, and electronic protected health information safeguards.
• Strong written and verbal communication skills.
• Strong attention to detail and ability to maintain accurate documentation.
• Ability to handle confidential and sensitive information with professionalism and discretion.
• Ability to work independently, identify privacy risks, document findings, and escalate issues appropriately.
• Proficiency with Microsoft Office, Google Workspace, electronic health records, pharmacy systems, compliance tracking tools, or similar systems.

Education and Experience Requirements

• Bachelor's degree in healthcare administration, health information management, compliance, business administration, legal studies, public health, or a related field.
• Minimum of 2 years of experience in healthcare privacy, compliance, health information management, pharmacy operations, patient services, auditing, quality assurance, or another related healthcare role.
• Experience with privacy investigations, breach documentation, patient rights requests, Business Associate Agreements, audits, corrective action tracking, or workforce privacy training.
• Experience in specialty pharmacy, infusion pharmacy, home health, ambulatory care,
  long-term care pharmacy, or another patient-service healthcare setting is preferred.
• Certified in Healthcare Privacy Compliance (CHPC) or similar certification preferred.

Required Skills

• Strong experience developing internal and external relationships/partnerships.
• Knowledge of pharmacy, pharmacy systems, and pharmacy workflow.
• Proficient in Microsoft Office Suite (Outlook, Word, Excel, PowerPoint) and technical proficiency with databases and spreadsheets.
• Excellent communication and collaboration skills to work across multiple departments.
• Ability to interpret, adapt, and apply guidelines and procedures.
• Demonstrates accuracy, strong analytical, and problem-solving skills.
• Looks for ways to improve and promote quality and monitors own work to ensure quality is met.
• Maintain confidentiality.
• Work independently, prioritize work activities, and use time efficiently.
• Excellent interpersonal and customer service skills.
• Excellent organizational skills and attention to detail.
• Excellent time management skills with a proven ability to meet deadlines.
• Ability to prioritize tasks and to delegate them when appropriate.
• Ability to function well in a high-paced and at times stressful environment.

Physical Requirements

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is continuously required to sit and talk or hear. The employee is occasionally required to stand; walk; use hands to finger, handle, or feel objects, tools, or controls; reach with hands and arms; and stoop, kneel, crouch or crawl. The employee must regularly lift and/or move up to 20 pounds and occasionally lift/or move up to 30 pounds. Specific vision abilities required by this job include close vision, peripheral vision, depth perception and the ability to adjust focus.

The above statements are intended to describe the work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties and skills required. The duties and responsibilities of this position are subject to change and other duties may be assigned or removed at any time.