| Job Description: |
Under the direction of the Senior Privacy Director (SPD) and Privacy Manager (PM), the Compliance Analyst III performs activities in support of an effective privacy program across the University of Florida (UF) enterprise. Primary responsibilities include conducting investigations, performing auditing and monitoring functions, assisting with privacy policy development and maintenance, and conducting education and outreach activities. Subject matter areas of expertise for the Compliance Analyst III include, but are not limited to, HIPAA, state privacy laws, FERPA, GLBA, FTC privacy regulations and international data privacy laws. This position is based in Gainesville, Florida.
Conduct timely investigations and breach analyses of privacy incidents, including the following tasks:
- Follow investigation protocols to gather necessary facts and details by conducting thorough audits and interviews;
- Analyze facts against the applicable privacy regulations, laws and policies and use the approved breach notification analysis tool to determine breach notification requirements;
- Assist UF Information Security with privacy matters;
- Collaborate with Health Science Center colleges and other University stakeholders including Information Risk Management, IT Security, Internal Audit, etc. to mitigate risks identified during audits and investigations;
- Appropriately collaborate with other Privacy team members to fully investigate and resolve privacy violations by UF employees at UF Health locations;
- Coordinate with relevant department leaders and human resource liaisons to consistently apply appropriate corrective measures for similar privacy violation types;
- Consult with SPD, PM and Office of General Counsel, as needed;
- Complete breach notification activities in a timely manner and within required timeframes; and
- Maintain accurate records by thoroughly documenting investigation findings and outcomes in a timely manner and within the designated incident management system.
Under the direction of the SPD and/or PM, support general programmatic activities of the Privacy Program, including:
- Provide guidance and assist in the development, implementation and maintenance of privacy-related policies and procedures for UF-designated operations on all UF campuses;
- Assist the SPD and/or PM with special privacy-related projects;
- Conduct benchmarking required for reporting purposes and to establish relevant privacy metrics and statistics;
- Participate in Compliance and Privacy Awareness month activities; and
- Seek participation and actively engage in committees, subcommittees, workgroups, etc. requiring guidance on privacy-related matters.
Conduct routine and ongoing privacy compliance monitoring and auditing activities in accordance with regulatory requirements, including but not limited to:
- Assist with the development of the Privacy Services Annual Work Plan to help identify, monitor and assess new and ongoing organizational privacy compliance risks;
- In conjunction with other members of the Privacy team, complete all auditing and monitoring activities outlined in the Privacy Services Annual Work Plan;
- Use established tools and methodologies when conducting privacy audits;
- Draft formal audit reports and submit to PM and/or SPD for review and approval; and
- Participate in the development of new tools and audits for enhancing the effectiveness of privacy program activities.
Provide ongoing education and training on Privacy policies, procedures, standards and guidelines and state, federal and international privacy laws to employees, faculty, contracted personnel, students, volunteers, etc. This includes, but is not limited to, the following:
- Collaborate with colleagues to develop and implement effective training materials with content to comply with HIPAA, Florida State laws and other applicable privacy law requirements;
- Provide ongoing privacy compliance education and training to UF workforce members including employees, faculty, contracted personnel, students, volunteers, etc.;
- Provide accurate privacy compliance advice, guidance and recommendations; and
- Interact with physicians, clinical and non-clinical staff, administration, and other UF personnel on a routine basis to keep them apprised of privacy policies and procedures, updates, evolving trends and other privacy-related requirements.
Continually improve knowledge of privacy regulations and laws and changes to requirements. Attend relevant conferences and educational events to maintain and improve expertise in current and evolving privacy and security matters and maintain required certifications.
Perform other assigned duties to support Privacy Program activities.
|
| Preferred: |
- Relevant professional certification(s), including CIPP, CHPC, CCEP, CHPS, CCEP, etc.;
- Excellent interpersonal skills with demonstrated ability to function in a team setting;
- Ability to successfully interact with persons in a variety of professional levels;
- Strong verbal and written communication skills;
- Demonstrated ability to work in a high-volume, fast-paced environment;
- Knowledge and experience working with relevant privacy laws, including HIPAA, FERPA, FTC regulations and various state and international data privacy laws;
- Ability to conduct complicated privacy investigations;
- Ability to research and understand complex regulations and laws;
- Prior experience in an academic medical environment;
- Prior experience producing and delivering live in-person adult education/training presentations;
- Public speaking experience; and
- Comprehensive knowledge and skill using MS Office tools (including Excel, Word and PowerPoint).
|