The mission of the Information Technology Group (ITG) is to develop, implement and maintain technology-based services and solutions enabling OHSU to effectively manage information to accomplish its missions.

 

The Privacy Compliance Specialist Sr. supports the Office of the Chief Privacy Officer and is responsible for working with the OHSU community to facilitate institutional compliance and integrity with the policies, procedures, regulations, and guidelines pertaining to information privacy and security. The OHSU Information Privacy & Security program (IPSO) assists OHSU in the security, confidentiality, and integrity of OHSU confidential information, including protected health information (PHI). The position will serve as a subject matter expert in the Privacy Office, performing tasks including privacy projects implementation, privacy impact and risk assessments, facility reviews, responding to privacy related inquiries and assisting leadership in developing privacy strategies in support of the OHSU mission.

Advisory inquires, projects and risk management activities

Use expert knowledge of HIPAA and other Information Privacy and Security related federal and state laws and regulations and OHSU policies and procedures to effectively:

• Timely respond to requests for Information Privacy and Security inquiries with accurate and coherent guidance while maintaining compliance with all applicable policy, regulatory and legal requirements.
• Serve as an expert advisory on Information Privacy and Security policy requirements specific to human subject research activities.

• Serve as a subject matter expert resource for information privacy and security policies and regulations for all missions including healthcare, academic and research.

• Provide program support for all matters related to information privacy and security policy guidance; risk identification, risk assessment and risk management.

• Tracks and monitors privacy program risks, developing and implementing strategies for mitigating identified risks.

• Supports Privacy program goals and projects as assigned by leadership.

• Provides accurate and effective training, education and performs outreach activities as assigned and in line with the Privacy program’s training plan.

• Assist leadership with improving policies and processes including providing best practice and workflow guidance.

• Observe due care, objectivity and respect for confidentiality of information.

• Conduct privacy reviews as directed by leadership or in line with the Privacy program, including conducting risk evaluations and facility reviews.
• Work with leadership and stakeholders to develop plans to address identified risks.
• Provide accurate and effective education and training as assigned and in line with the Privacy training program.
• Evaluate business practices in relation to current privacy policies and laws, and provide recommendations on risk reduction.
• Appropriately identify activities or practices that are high-risk and/or high-impact to the business that require escalation to leadership for review and guidance.
• Work with organizational partners to improve their compliance with regulations and IPS policies/procedures and support related projects as applicable.
• As directed by leadership, represent the Privacy Office on assignments for both internal and external constituencies on matters related to information privacy and security.
• Provide regulatory and policy guidance to ensure the appropriate and effective use of Epic and related systems to improve HIPAA compliance and controls related to ePHI.
• Serve as a subject matter expert/consultant on information privacy issues to all areas and all levels of the OHSU community.
• Manage assigned projects/tasks to ensure completion in a timely, complete and high-quality fashion.
• Conducts onsite and remote assessments of healthcare facilities to assess physical safeguards, access controls, workstation security and Protected Health Information (PHI) handling practices.
• Monitors onsite OHSU initiatives and events to ensure appropriate safeguards are implemented to protect PHI.
• Attends onsite meetings as needed.

HIPAA Compliance Subject Matter Expert

• Subject matter expert in relevant state and federal privacy and security regulations, including HIPAA, FERPA, GDPR and the GLBA.
• Proactively stays abreast of new or changing industry requirements and regulations including all relevant laws, rules and industry/regulatory trends.
• Serve as an expert resource to identify, develop and recommend revisions to Information Privacy and Security policies, procedures and standards.

Continuous Quality Improvement

Participate in continuous quality improvement, including compliance with regulations and standards regarding Epic and other ePHI systems.

• Work with leadership and the OHSU community, and other appropriate OHSU units in development and enhancement of information privacy and security compliance at OHSU.
• Identify weaknesses and deficiencies and provide input to leadership on how to enhance the quality and efficiency of the work performed.

Other duties as assigned.

• Bachelor’s Degree in a related field.
• 6 years of combined experience in healthcare privacy or compliance with at least 4 years in information privacy and security.

• Certification in compliance-related field or ability to obtain certification with 12 months.

Skills and Abilities

• Experience working with highly sensitive and confidential information and projects.
• Excellent organizational skills and ability to operate and communicate effectively while meeting multiple deadlines and completing projects simultaneously.
• Ability to analyze information and construct an action plan tailored to resolve issues effectively and cooperatively.
• Experience reviewing, interpreting, and providing guidance on regulatory rules and standards.
• Ability to read and comprehend complex terminology and procedures in order to provide thorough and accurate guidance and assessments.
• Knowledge of compliance, federal and state laws, regulations, and guidance related to information privacy and security and HIPAA compliance.
• Ability to analyze and communicate complicated regulations and requirements to individuals at all levels of the organization.
• Ability to chart a course of action that effectively and efficiently assists the organization and department in fulfilling goals and objectives.
• Proven knowledge of formal information security and privacy standards, techniques and methodologies.
• Experience with Epic and/or other clinical applications.
• Ability to collaborate effectively and work both independently and in a team environment.
• Exceptional verbal and written communication skills.
• Exceptional people skills. Ability to interact in a positive, productive manner with others (demonstrating sensitivity, tact and professionalism).
• Ability to deal effectively with difficult situations.
• Highly motivated, team oriented, professional and trustworthy with strong skills is personal diplomacy.

• Advanced Degree (J.D. or MHA) or specific or additional training in information privacy and security. 
• Prior experience in an academic medical center setting. 

• Advanced proficiency with EHR systems and software.

• One or more of the following certifications:

  • CIPP/US
  • CHPC
  • CHC
  • CISSP

Hybrid remote work environment; regular work hours to be coordinated with manager. Travel to meetings throughout OHSU on a regular basis, as assigned.

 

Benefits 

• Healthcare for full-time employees covered 100% and 88% for dependents.
• $50K of term life insurance provided at no cost to the employee.
• Two separate above market pension plans to choose from.
• Paid time off - 208 hours per year, prorated for part-time.
• Extended illness bank - 64 hours per year, prorated for part-time.
• 9 paid holidays per year.
• Substantial Tri-Met and C-Tran discounts.
• Employee Assistance Program.
• Childcare service discounts.
• Tuition reimbursement.
• Employee discounts to local and major businesses.

We are Oregon's only public academic health center.

In addition to caring for patients, we lead groundbreaking research. We also train the next generation of health care professionals. As Portland's largest employer, we give you opportunities to learn and advance in a system of hospitals and clinics across Oregon and Southwest Washington.

All are welcome.

OHSU welcomes people of all ages, ethnicities, genders, national origins, religions and sexual orientations. We are striving to build an anti-racist, multicultural institution and encourage people with diverse backgrounds to apply.

To request reasonable accommodation, contact askhr@ohsu.edu