Sr. Privacy Associate

Join to apply for the Sr. Privacy Associate role at Stamford Health Job Description Conduct training activities, privacy audits, and monitor all electronic medical record activity for the health system. Serve as the HIPAA privacy resource for the organization, assisting workforce with HIPAA compliance and privacy policies and procedures. Routinely monitor changes in applicable HIPAA government regulations and research and analyze available regulatory guidance in response to specific questions. Review FairWarning reports routinely to identify potential policy violations and investigate all questionable access. Manage the progress of corrective action plans for conducted audits. Maintain a database of privacy investigations in accordance with hospital policy and regulatory requirements. Develop and provide education for new and existing Stamford Health employees on privacy risk issues, the organization’s privacy program; develop training materials to address privacy compliance risks. Conduct privacy audits and rounding. Visit floors, patient rooms, and SHMG offices to discuss privacy policies/procedures, patient complaints, and ensure HIPAA compliance. Conduct privacy investigations and in‑person interviews with workforce members of all levels and backgrounds in coordination with Human Resources and applicable department leaders. Gather necessary information pre/post interview and maintain complete discretion during the investigatory process. Manage challenging patient and employee encounters, both in person and via telephone. Exemplify Stamford Health core values in these interactions to protect patients, the organization, and ensure compliance with applicable laws and internal policies and procedures. Prepare and/or develop written documentation such as policies, procedures, and other written communication to support ongoing activities of the privacy program. Decide when to elevate high‑risk matters to the Privacy Officer, General Counsel, Human Resources, or other leaders as needed. Develop and update the annual work plan, conduct annual risk assessments in collaboration with Compliance, identify and address high‑risk areas. Manage the HIPAA Privacy Oversight Committee meetings and meeting preparation; develop and present presentations to the Corporate Compliance Committee and Audit Committee. Participate in the Enterprise Risk Management Committee, SHMG IT Steering Committee, and IT Governance Committee. Collaborate with the CISO on protecting patient privacy, breach mitigation, and organizational training. Manage and train temporary or junior privacy staff. Work with outside counsel to draft breach notifications to the Office of Civil Rights and State Attorneys General; compile and file annual privacy breach reports to the Office of Civil Rights. Collaborate with the Risk Management team on investigations and privacy issues, providing coverage to the Compliance team as needed. Research, analyze, and develop reports and correspondence in response to privacy complaints and incidents. Develop and review the HIPAA internal intranet site. Present reports of HIPAA compliance activities to departments and various committees in the organization. Participate in professional organizations, represent Stamford Health in a positive light, and collaborate with external resources to identify and develop improvements for the Compliance Program specific to privacy. Perform other related duties as assigned or requested to maintain a high level of service. Required Skills Three years in a healthcare setting, with at least 3 to 5 years of experience in a privacy‑related function, preferably in a healthcare or regulatory setting. Strong analytical, critical thinking, and problem‑solving skills. Ability to manage and prioritize a high-volume workload independently or with limited assistance. High level of competency with computer skills, including Outlook, Teams, PowerPoint, Word, and Excel. Ability to analyze data and trends to identify deficiencies and develop corrective action. Knowledge of HIPAA (Health Insurance Portability and Accountability Act of 1996) and patient confidentiality required. Knowledge of other state and federal privacy laws preferred. Knowledge of electronic medical records, including EPIC. Analytical ability for special projects requested by the Privacy Officer and other key stakeholders and committees. High integrity and confidentiality, and excellent organizational and interpersonal skills; ability to work alone and as part of a team. Ability to exercise independent judgment in receiving patient complaints, determining the acuity of complaints, and collaborating with the Privacy leadership, directors, and other service providers to achieve satisfactory resolution. Excellent written, oral, presentation, and communication skills are essential. A combination of relevant work experience and educational background will be considered. Education Requirements Bachelor’s degree required; master’s degree preferred. CHPC (Certified in Healthcare Privacy Compliance) certification, CIPP or CIPM preferred. Seniority Level Mid‑Senior level Employment Type Full‑time Job Function Other Industries Hospitals and Health Care #J-18808-Ljbffr