HIPAA Privacy Specialist

Legal & Compliance Worcester, Massachusetts


Position at UMass Memorial Health

Everyone Is a Caregiver.

At UMass Memorial Health Care, Everyone is a Caregiver regardless of title. Exceptional patient care, academic excellence and leading-edge research make UMass Memorial the premier health care system of Central and Western Massachusetts, and a place where we can help you build the career you deserve. We are more than 14,000 employees, working together as one health care system. And everyone, in their own unique way, plays an important part, everyday.

Requisition #:  229357
Title: HIPAA Privacy Specialist
Department:  Legal & Compliance
Location: UMass Memorial Medical Center
Posting Date:  7/11/22
Shift:  Days
Status: Exempt
Hours: M-F, 8 AM - 5 PM
Shift Length:  8
Position Summary:
Responsible for monitoring and maintaining UMass Memorial Health Care’s (UMMHC) compliance with regulations related to the Privacy and Data Breach elements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as other Federal and State privacy laws.  This includes development, implementation and adherence to UMMHC’s policies and procedures covering the privacy of protected health information, patient rights under HIPAA, data breach response, and other UMMHC information privacy practices.  Works with members of UMMHC’s privacy and security leadership and appropriate offices to foster the development and operational implementation of appropriate information privacy practices throughout the organization.
The duties and responsibilities stated are a general summary and not all inclusive.
Major Responsibilities: 

  • Maintains current knowledge of HIPAA privacy and data breach regulatory guidance and applicable Federal and State privacy laws and monitors changes to ensure organizational awareness. Provides direction to and facilitates HIPAA compliance at UMass Memorial (UMM) member entities.
  • Assists the Chief Privacy Officer in the development of an annual Work Plan and reporting performance indicators to measure the effectiveness of the privacy program.
  • Assists the Chief Privacy Officer in conducting privacy investigations. Recommends appropriate follow-up actions related to patient privacy complaints/incidents, etc. Utilizes results of incidents to recommend monitoring programs and remediation plans.
  • Maintains the Privacy complaint process (including the Privacy Line and email inquiry account) for receiving, documenting, tracking, investigating, and preparing responses to inquiries received from patients, employees, and other sources.
  • Assists with external reviews or investigations from the Office for Civil Rights and other regulatory or law enforcement authorities.
Position Qualifications:
  • Associates degree in Business Administration, Health Care or related field.

Advanced degree is a significant plus.

  • A minimum of three years of progressively responsible experience in a regulatory field in a health care setting or relevant clinical management experience.
  • Knowledge and experience in information privacy laws.
  • Demonstrated organization, facilitation, communication and presentation skills.
  • Independent decision-making capabilities.
  • Ability to utilize a variety of computerized software applications such as word processing, spreadsheets, databases, presentations, etc.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

Standards of Respect: