Consulting HIPAA Privacy Analyst

  • HCA
  • Nashville, TN, USA
  • Jan 09, 2019

Job Description

Job Code: 10201-25515


No Weekends


At its founding in 1968, Nashville-based HCA was one of the nation's first hospital companies. Today, one of the nation's leading providers of healthcare services, HCA is comprised of locally-managed facilities that include more than 250 hospitals and freestanding surgery centers in 20 states and the United Kingdom, employing approximately 280,000 people. Approximately four to five percent of all inpatient care delivered in the country today is provided by HCA facilities resulting in more than 26M patient encounters each year. HCA is committed to the care and improvement of human life and strives to deliver high quality, cost effective healthcare in the communities we serve. Building on the foundation provided by our Mission & Values, HCA puts patients first and works to constantly improve the care we provide by implementing measures that support our caregivers, help ensure patient safety and provide the highest possible quality.

Additional Facts:

• Ranked 63 in Fortune 500
• Competitive Fortune 100, industry matched salaries and yearly merit increase
• Computerworld Top 50 Best Places to Work in IT since 2009
• Named one of the "World's Most Ethical Companies" since 2010
• 106 HCA hospitals are on The Joint Commission's list of top performers on key quality measures.


You will play a critical role with the development and support of HCA's information privacy and security program, as well as the Company's compliance, governance, and strategy relative to information protection. You will interact extensively with leadership and business owners across the enterprise and provides consultative support to all Facility Information Security Officials (FISOs), Directors of Division Information Security Assurance (DISAs), Facility Privacy Officials (FPOs), Ethics and Compliance Officers (ECOs), legal operations and labor counsel, as well as many others on all privacy and security related matters. Privacy experience is a healthcare setting is mandatory.


Your Key Duties and Responsibilities:

• You will assist in managing the strategic planning process including key enterprise initiatives to develop a clear vision of the department's objectives and to address all regulatory requirements related to privacy and security.
• You will participate in the development of the company privacy risk assessment strategy to review business processes and evaluate privacy controls necessary to protect sensitive information.
• Identifies, minimizes and mitigates legal and regulatory privacy and security compliance risks.
• You will lead the development of remediation plans to address issues discovered during privacy and security reviews and/or assessments of applications, processes, and technology infrastructure.
• You will be the privacy subject matter expert relative to the application of the HIPAA Privacy Rule, HITECH Act, and company policies and procedures.
• Identifies trends and educational opportunities relative to privacy and security issues and recommends and/or develops tools and resources to address them.
• Develops strategic working relationships across all lines of business and project partners as necessary to identify, evaluate, and reduce privacy and security risks.


7+ years of applicable work experience is needed for you to be a successful candidate.


Bachelor's degree required, however in lieu of a degree experience may be a substitute.


• Proven experience in information security, privacy, risk management, and privacy and security regulations (e.g., HITECH, HIPAA).
• A proven track record in creating and maintaining strong business relationships.
• Excellent written and verbal communication skills; interpersonal and collaborative skills; creative thinker with strong analytical skills: the ability to communicate privacy, security, and risk-related concepts to technical and non-technical audiences; persuasive, encouraging, motivating, and inspiring.
• Independent, yet collaborative; respected by peers and others.
• High degree of initiative, dependability, and the ability to work with minimal supervision.
• Adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities.
• Professional demeanor, appearance, and positive attitude.
• Certifications such as CHPS, CISSP, CISA, CRISC, GSEC, and/or CISM are preferred.

Last Edited: 01/08/2019