HIPAA Privacy & Security Analyst
Company: Central City Concern
Posted on: June 25, 2022
About Central City Concern:
Central City Concern is an innovative nonprofit agency providing
comprehensive services to single adults and families in the
Portland metro area who are impacted by homelessness, poverty and
addictions. We hire people who are skilled and passionate to meet
our mission through outcome-based strategies which support personal
and community transformation.
CCC is hiring a HIPAA Privacy & Security Analyst to join our
This position has the primary function of assisting the Office of
Compliance in working to protect the privacy of our patients and
clients. The Analyst assists with the development, implementation,
maintenance and oversight of the organization's policies,
procedures, guidelines, and trainings pertaining to OCITPA, HIPAA,
and 42 CFR Part 2 privacy protections, as well as monitoring
compliance with all federal and state privacy rules and regulations
and applicable CCC policies. This position will report to the
Director of Compliance who reports to the General Counsel. The
analyst will work closely with the other staff members in the
Compliance Department, will provide the main link between the
Compliance and IT Departments on information privacy and security
issues, and will act as a resource on information privacy and
security to shared services and program staff of Central City
Essential Duties & Responsibilities:
- Conduct compliance assessments, operational risk assessments,
and internal audits. Analyze results and provide formal and
informal reports of findings, including recommendations for
- Organize and facilitate regularly scheduled trainings regarding
key areas of compliance, such as HIPAA; 42 CFR Part 2; OCITPA;
Medicare/Medicaid Fraud, Waste, and Abuse; and records
- Respond to program queries about HIPAA, 42 CFR part 2, and
other privacy, security, and compliance issues.
- Assist with identifying and tracking the agency's regulatory
and contractual obligations, and monitor CCC's compliance with
- Maintain familiarity with HHS-OCR and its evolving Enforcement
Approach and provide regular updates to internal leadership
regarding trends and risk assessment.
- Support the investigation, communication, and response to all
alleged data security incidents including breaches of protected
health information, collaborate with internal parties on
remediation efforts, notify affected parties, and lead and support
corrective actions. Draft and send Breach Notification letters to
patients and report information breach events to governing agencies
and/or contractual partners, as appropriate.
- Support development, maintenance, and revisions of policies and
- Keep current with laws and regulations of federal, state,
local, and licensing bodies.
- Draft, negotiate, and manage records related to maintain
Business Associate Agreements.
- Provide support to Medical Records department in tracking and
maintaining the accounting of disclosures of PHI.
- Support administrative departments in a variety of compliance
related tasks as needed.
- Adhere to all state and federal privacy regulations, including
HIPAA and 42 CFR Part 2, and to CCC policies and agreements
regarding confidentiality, privacy, and security. Support
compliance with all privacy and security requirements pursuant to
community partners' and outside providers' patient confidentiality
agreements, including privacy and security requirements for EMR
access. This includes immediately reporting any breach of protected
health information or personal identification information of any
person receiving CCC services by CCC or an outside provider to the
CCC Compliance Department, as well as to your supervisor or their
- Participate in professional development activities and required
trainings. Attend all mandatory CCC trainings in a timely
- Perform other duties as assigned.
Skills & Abilities:
- Ability to interpret HIPAA requirements (including OCR
guidance) both from a business and technical perspective, and
ability to determine and provide leadership on what documentation
meets best practice and industry standards.
- Demonstrated ability to organize documentation and information
into a compliance program
- Ability to consider the impacts and outcomes for underserved
communities during decision-making process.
- Ability to consider impacts of oppression, structural racism,
and individual bias on client outcomes.
- Sound decision-making skills and excellent professional
- Ability to handle sensitive and confidential information on a
daily and ongoing basis.
- Ability to communicate clearly and concisely both orally and in
writing, including technical writing, interpersonal skills, and
speaking to groups of employees.
- Ability to maintain accurate records and necessary
- Ability to plan, coordinate, organize, train, and
- Ability to manage time, work independently, and meet
- Bachelor's degree required. Bachelor's or advanced degree in a
health-care related field, public administration or policy,
information technology or security, or a related field
- 3-5 years relevant experience in the field of information
privacy, health records management, law, compliance, or health care
- Detailed knowledge of and experience with HIPAA Privacy and
Security rules, regulations, and requirements required.
- Prior experience with HIPPA Compliance within a hybrid
- Familiarity with a variety of the compliance field's concepts,
practices, and procedures, especially the elements of an effective
- Knowledge of health care systems required, particularly
knowledge of primary care, mental health and substance abuse,
and/or community health care.
- High degree of computer literacy required, including ability to
learn new software and systems.
Central City Concern offers an incredible benefits package to our
- Generous paid time off plan beginning at 4 weeks per year.
Accrual increases with longevity.
- Amazing 403(b) Retirement Savings plan with an employer
- 10 paid Holidays PLUS 2 Personal Holidays to be used at the
- Comprehensive Medical, Vision, and Dental insurance
- Employer Paid Life, Short Term Disability, AND Long Term
- Sabbatical Program offering extended time off at years 7, 14
This description is intended to provide a snapshot of the work
performed and is not designed to contain a comprehensive inventory
of all duties, responsibilities, and qualifications required of the
CCC values and celebrates diversity in race, heritage, ethnicity,
gender identity and expression, sexual orientation, religion, age,
and disability. We are an Equal Opportunity Employer and we
prioritize active inclusion of diverse staff.
As an agency deeply rooted in recovery, part of our policy and
commitment to a drug and alcohol-free workplace includes
post-offer, pre-employment drug screens. Please note we follow
Federal Guidelines regarding prohibited substances, even for those
legal at the state level.
Equal Opportunity Employer/Protected Veterans/Individuals with
The contractor will not discharge or in any other manner
discriminate against employees or applicants because they have
inquired about, discussed, or disclosed their own pay or the pay of
another employee or applicant. However, employees who have access
to the compensation information of other employees or applicants as
a part of their essential job functions cannot disclose the pay of
other employees or applicants to individuals who do not otherwise
have access to compensation information, unless the disclosure is
(a) in response to a formal complaint or charge, (b) in furtherance
of an investigation, proceeding, hearing, or action, including an
investigation conducted by the employer, or (c) consistent with the
contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
Associated topics: attorney, attorney corporate, business, company,
compliance, corporate attorney, court, legal, legal affairs,
Keywords: Central City Concern, Portland , HIPAA Privacy & Security Analyst, Professions , Portland, Oregon
Didn't find what you're looking for? Search again!