Job Details

Privacy Specialist

Company name

Change Healthcare

Organization Type


Job Type


Date Last Verified

Jun 21,2019

Valid Through

Oct 04,2019

Posted on

Jan 22,2019

Years of Experience

Min 7 yrs required


Alpharetta, GA, United States

Employment Type



Practice Area
Health Care >> Health Care
Apply for this job
Your Email:
Upload Resume:

47 hits


Privacy Specialist
The candidate will help lead select privacy matters for the organization, including oversight and management of privacy notices and Privacy by Design initiatives. Will respond and act as an advisor to the sales and business organizations in order to educate business clients on privacy issues facing their business and processes in order to assess privacy risks, investigate potential privacy incidents, and create all support, investigation and remediation documentation as required by applicable law, e.g. HIPAA, state law, PIPEDA and GDPR to minimize firm’s exposure and risk. Has exposure to management in supporting a competitive business within the healthcare industry. Collaborates with key Privacy Office team members, compliance leads, Counsel and BU attorneys, external counsel, and Sales and Business Unit operational leaders. Understanding of federal and state privacy laws, particularly HIPAA and state healthcare privacy related laws and regulations, and have a working knowledge of GDPR, as well as incident response and privacy laws in other foreign jurisdictions. Must be able to communicate effectively with clients and BU customers concerning the importance of protecting Personal Health Information (PHI) and Personal Data. Working through a diverse scope of issues where analysis of the information may require identification and evaluation of many relevant potential factors. Anticipating privacy issues and initiate appropriate actions to ensure potential incidents are investigated thoroughly and efficiently and in accordance with company policies and guidelines. Managing, with the Business Unit compliance resources and others in Legal and Compliance, all required breach determination and notification processes under HIPAA and applicable state breach rules and requirements. Proficiently drafting various communications, including notification letters, risk assessments, incident response reports and regulatory responses with minimal attorney oversight. Providing guidance on whether a potential incident is substantiated or unsubstantiated, and providing an accurate assessment of overall incident risk. Identifying, analyzing, researching and resolving legal and business process issues and makes appropriate recommendations. Working with and managing external counsel on incidents as needed. Supporting Privacy Incident Response, including privacy reporting, recommendations for resolution, mitigation and, in collaboration with Privacy Counsel, execution of any required notices to individuals and government officials. Performing required breach risk assessment, documentation, and mitigation. Exercising reasonable judgment within generally defined practices and policies in selecting methods and techniques for obtaining solutions. Interfacing with various internal business groups (legal, compliance, regulatory, operations etc.) to ensure investigation reports, risk assessments, notification letters, and other relevant documentation are accurately reflected. Conducting research and investigations in a timely manner to ensure contractual notice obligations and other obligations under relevant laws (e.g. GPDR, HIPAA and other federal and state incident notification laws) are met. Working with business unit and information technology teams to implement compliance (Privacy by Design) across all consumer and worker touchpoints and back-end systems. Assessing vendor and in-house software technologies and applications for privacy compliance, collaborating closely with information technology and business functions requesting release and use of new technologies. Monitoring and managing Privacy mailboxes. Assisting with communication and training. Managing identification and rollout of scalable innovative technologies to support global privacy compliance, including developing usage policies and guidelines, audit and control processes. Supporting reviewing and updating of existing Privacy Policies and Notices. Participating on special project teams for the creation of tools, documents, and processes to enable improvements as needed. Collaborating with Chief Privacy Officer to design and establish ongoing compliance and quality assurance programs. Building and maintaining effective working relationships with internal and external stakeholder groups. Performing other duties as assigned.

Qualification and Experience

The candidate should have a Juris Doctor Degree from an ABA accredited law school with excellent academic credentials and admission to practice in good standing as a member of a jurisdiction. In lieu of degree, both 7+ years of relevant experience and a CIPP certification may be considered. Proven experience and expertise in leading a large and complex organization through transformation from one of a largely independent stand-alone business units to a more fully integrated and strategically aligned organization essential. Should have 3 years of direct contract drafting experience. Must preferably have 2 years of experience with incident response management. Should preferably have 2 years of experience with healthcare information technology or security technologies. Deep knowledge of and experience in HIPAA, GDPR, and other federal, state, and international privacy protection laws and regulations dealing with privacy incidents essential. Excellence in conducting in-depth legal research and analysis regarding a broad range of health care and privacy law issues needed. Outstanding verbal and written communication skills, including presentation skills essential. Additional Knowledge: Organizational savvy and notable business acumen dealing with risk management and compliance; Mid-level knowledge in information technologies; Experience with privacy tools such as RADAR, AgileCase, Trust, etc., helpful; Recommended privacy certification such as International Associate of Privacy Professionals (IAPP), Healthcare Privacy and Security (CHPS) and/or other healthcare industry related credential.

Additional info

Ref: R5308.

Company info

Hiring Coordinator
Change Healthcare
13010 Morris Road
Bldg 2
Alpharetta, GA 30004

Similar Jobs:

Legal Specialist, IP and Marketing The candidate will handle duties that include: Drafting and nego...
Legal Specialist, IP and Marketing The candidate will handle duties that include: Drafting and nego...
Counsel, Software & Analytics The candidate handles a variety of general corporate and commercial l...