Candidates hired for remote positions must reside in Oregon, Washington, Utah, Idaho, Arizona, Nevada, Texas, Montana, or Wisconsin. Job Title Sr Privacy Specialist Exemption Status Exempt Department Audit and Compliance Manager Title Privacy and Security Manager Direct Reports n/a Requisition # 24729 Pay and Benefits Estimated hiring range $88,430 - $108,080 /year, 5% bonus target, full benefits. www.careoregon.org/about-us/careers/benefits Posting Notes This is a fully remote role, but you must reside in one of the listed 9 states. Job Summary This position is a senior level position responsible for administering the privacy and security compliance activities of CareOregon. Core work includes leading in identifying effective measures to prevent, detect and correct privacy and security compliance issues in relation to federal and state rules and regulations, as well as requirements of contractual agreements. This position ensures that appropriate policies and procedures are in place and followed consistently to safeguard assets, verify the accuracy and reliability of data, and promote efficient and effective operations. This position is responsible for auditing and guiding the organization’s data protection efforts and infrastructure to help ensure the safety and security of member data. Core outcomes include ensuring member trust, brand protection, and compliance with relevant laws and regulations. Essential Responsibilities + Audit and monitor access to Protected Health Information (PHI) and Individually Identifiable Health Information (IIHI) data to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA), 42 CFR Part 2 substance use disorder rules, and other state and federal related regulations around privacy. + Investigate complex privacy incidents and make breach determinations in compliance with HIPAA federal and state laws + Address privacy-related questions and provide guidance to the organization’s lines of business and various functional areas. + Participate in teams and workgroups to further privacy-related goals, serving as a subject matter expert for privacy; advise business units regarding permissible disclosures and necessary restrictions. + Develop and recommend privacy-related policies, procedures, and related tools. + Lead with developing and presenting privacy-related trainings and communications. + Monitor new or proposed privacy-related legislation, notifying stakeholders and updating materials as appropriate. + Partner with all lines of business in identifying data structure enhancements and maintenance of databases containing PHI and IIHI. + Provides privacy mentoring to team members and at cross-departmental meetings. Organizational Responsibilities + Perform work in alignment with the organization’s mission, vision and values. + Support the organization’s commitment to equity, diversity and inclusion by fostering a culture of open mindedness, cultural awareness, compassion and respect for all individuals. + Strive to meet annual business goals in support of the organization’s strategic goals. + Adhere to the organization’s policies, procedures and other relevant compliance needs. + Perform other duties as needed. Experience and/or Education Required + Minimum 5 years’ experience in privacy, audit, or compliance, including 3 years’ experience with, or a combination of, the administration or operations of: + HIPAA privacy and security rule + SAMHSA 42 CFR Part 2 + Audit and Compliance Investigations Preferred + Work experience with a HIPAA covered entity + Certification in Healthcare Privacy Compliance (CHPC) through Health Care Compliance Association ( HCCA ), or Certification in Healthcare Privacy and Security (CHPS) through American Health Information Management Association (AHIMA) Knowledge, Skills and Abilities Required Knowledge + Advanced understanding of privacy and compliance principles and concepts + Strong working knowledge of privacy-related laws and regulations governing personal information + Advanced knowledge of Federal and State Privacy and Security compliance practices and procedures Skills and Abilities + Proficient technology skills, including word processing, spreadsheets and working in internal and external databases + Strong written and verbal communication and documentation skills + Strong analytical skills and attention to detail + Effective collaboration skills + Ability to research, interpret and understand laws, regulations, and other regulatory and compliance guidance + Ability to understand and apply complex legal language and terminology + Ability to lead and address diverse groups at all levels of the organization to affect change and serve as a champion for privacy + Ability to manage multiple tasks simultaneously and prioritize work to meet assigned deadlines, ensuring appropriate time and attention required + Ability to perform work with high level of integrity and ethics + Ability to work effectively with diverse individuals and groups + Ability to learn, focus, understand, and evaluate information and determine appropriate actions + Ability to accept direction and feedback, as well as tolerate and manage stress + Ability to see, read, hear, and perform repetitive finger and wrist movement for at least 6 hours/day + Ability to speak clearly for at least 3-6 hours/day Working Conditions Work Environment(s): ☒ Indoor/Office ☐ Community ☐ Facilities/Security ☐ Outdoor Exposure Member/Patient Facing: ☒ No ☐ Telephonic ☐ In Person Hazards: May include, but not limited to, physical and ergonomic hazards. Equipment: General office equipment Travel: May include occasional required or optional travel outside of the workplace; the employee’s personal vehicle, local transit or other means of transportation may be used. #MULTI Candidates of color are strongly encouraged to apply. CareOregon is committed to building a linguistically and culturally diverse and inclusive work environment. Veterans are strongly encouraged to apply. We are an equal opportunity employer. CareOregon considers all candidates regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, disability, or veteran status. Visa sponsorship is not available at this time.