Permanent Staff (EHRA NF)Department:
Privacy Office-230300Working Title:
Privacy AnalystAppointment Type:
EHRA Non-FacultyPosition Posting Category:
Information TechnologySalary Range:
Commensurate with experienceFull Time/Part Time?:
Full-Time PermanentHours per Week:
01001939Posting Open Date:
12/01/2020Open Until Filled:
NoProposed Start Date:
The Privacy Analyst performs ongoing activities to monitor compliance with the University’s policies and procedures, contractual obligations, individual privacy rights, and federal and state privacy and security regulations. This includes receiving complaints and incident reports, tracking and participating in investigations, and preparing reports, findings, and recommendations. The Analyst works with IIRM management and the Office of University Counsel to identify privacy risks, trends, and vulnerabilities, and researches solutions for risk mitigation. This position also creates plans to remediate identified risks from Health Insurance Portability and Accountability Act (HIPAA) Security Risk Assessments. This position serves as a technical expert in HIPAA and other regulations that deal with restricted or sensitive information that is collected, used, and/or retained by the University. This position serves as a Subject Matter Expert (SME) in related operational systems, performs preventive maintenance on these systems in conjunction with ITS, and researches emerging technologies associated with these systems. The Privacy Analyst also serves a project manager, developing and contributing to development of project plans under the scope of the Privacy Office, serving as a technical lead, consulting with clients, internal staff, and vendors, and coordinating needs assessments and planning for new and potential IT initiatives.
The Privacy Office monitors compliance with federal and state privacy regulations, as well as general industry privacy standards for restricted or sensitive information collected, used, and retained by the University. This office provides centralized oversight and compliance relating to applicable laws, regulations, and policies that govern privacy-related activities for the University. Structurally, the Privacy Office is part of the Vice Chancellor for Institutional Integrity and Risk Management (IIRM) organization. The Vice Chancellor for IIRM serves as the University’s senior executive responsible for oversight and coordination of compliance, risk management, and safety functions at the University. This includes responsibility for multiple critical enterprise functions: central compliance; risk management and enterprise risk management; public safety; environment, health, and safety; emergency management; and ethics education and policy management. IIRM is responsible for oversight of the University’s compliance efforts, identification and mitigation of enterprise risks, and an integrated set of activities that assure the physical safety of the University’s faculty, staff, students, and visitors.Educational Requirements:
Master’s degree and 1-2 years’ experience;
or Bachelor’s degree and 2-4 years’ experience; or will accept a combination of related education and experience in substitution.
Knowledge of HIPAA privacy and security rules, the HITECH Act, the National Institute of Standards and Technology (NIST), the Privacy Act of 1974 as amended, and other applicable regulations and laws.
Excellent oral and written communication skills. Excellent organizational skills and ability to meet deadlines under pressure. Ability to work with diverse constituents across the University and with external vendors as necessary.
Prefer experience working in one or more areas of health care, compliance, legal, information security and privacy, especially in a University setting.
Prefer experience negotiating and drafting Business Associate Agreements (BAAs) as related to Protected Health Information (PHI).
Prefer paralegal experience.
Professional certification in Information and Security and Privacy is a plus (HCISPP, CHPS, CHPC, CIPP, or similar).
Prefer knowledge of and ISO 270002 standards.
Prefer knowledge of privacy program implementation techniques and procedures, and knowledge of privacy laws, access, release of information, and release control technologies. This includes knowledge of the Family Educational Rights and Privacy Act (FERPA) and the N.C. Identify Theft Protection Action (NC ID Theft Act).Equal Opportunity Employer :
The University of North Carolina at Chapel Hill is an equal opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or status as a protected veteran.