Privacy Analyst, University of Maryland Medical System, Linthicum, MD


Job Overview (160 characters maximum): The Corporate Compliance and Business Ethics Group (CCBEG) Privacy Program provides privacy oversight, subject matter expertise, support and guidance to all administrative and clinical functions in the system Medical School from the University of Maryland (UMMS).

Detailed job description:

The University of Maryland Medical System is a 14-hospital system with academic, community, and specialty medical services reaching all areas of Maryland and beyond. UMMS is a national and regional reference center for trauma, cancer care, neurological care, cardiac care, women’s and children’s health and physical rehabilitation. UMMS is the fourth largest private employer in the Baltimore metropolitan area and one of the top 20 employers in the state of Maryland. No organization will offer you the clinical variety, support, or professional growth opportunities that you will enjoy as a member of our team. UMMS is currently seeking a Privacy Analyst for our offices in Linthicum, MD.

General summary

The Corporate Compliance and Business Ethics Group (CCBEG) Privacy Program provides privacy oversight, subject matter expertise, support and guidance to all administrative and clinical functions of the University of Maryland Medical System (UMMS ) and is based on the seven elements of a compliance program adhering to industry regulations, system policies, Centers for Medicare & Medicaid Services (CMS) terms of participation, payment terms, and specific requirements in the state.

Under the supervision of the Director, will manage complex privacy incidents, develop, implement and monitor privacy policies, procedures and processes, manage the privacy audit and monitoring plan and related management action plans , and will ensure compliance with existing and new federal and state privacy regulations. laws and regulations affecting the UMMS. Additionally, will work collaboratively with management of UMMS member organizations (e.g., hospitals) and other personnel to ensure corporate privacy program initiatives are implemented in the entire UMMS.

Main responsibilities and tasks:

  • Serves as a privacy resource for UMMS member companies and organizations, building strong cross-functional relationships with shared services and member organization leaders by advising them on privacy-related issues.
  • Serves as the information privacy resource for the organization regarding information disclosure and for all departments for privacy related issues.
  • Lead role in the management and resolution of complex privacy inquiries received through internal reporting methods, working with key internal and external stakeholders and member organizations to determine resolution and manage the process of determination and notification of breaches under the Health Insurance Portability and Accountability Act (HIPAA) and applicable state privacy rules and regulations. Perform root cause analysis, facilitate management action plan and oversee implementation.
  • Lead role in managing and resolving privacy inquiries and investigations received from regulatory agencies such as the Office of Civil Rights (OCR) of the Department of Health and Human Services (HHS) and the Office of the Attorney General (OAG) of HHS. The Senior Privacy Analyst is responsible for responding to federal or state regulatory agencies, working with key stakeholders to respond to privacy inquiries or investigate the complaint, write the investigation reports applicable, to facilitate the development of management action plans and to draft the response to the regulator with supporting documentation.
  • Prepares and submits federal and state privacy breach reports for UMMS under the direction of the Research Privacy and Compliance Manager.
  • Manages tracking of current, revised, and new federal and state privacy laws. Provides progress reports to CCBEG management on regulation and impact on UMMS. Develops and manages project plans with action steps to comply with regulatory changes and serves as a leader in collaborating with key organizational stakeholders and member hospitals on implementation and education of regulatory changes. Performs audits/reviews and performs analysis to determine compliance with applicable federal and state laws, policies and procedures.
  • Manages the privacy audit and monitoring plan for the organization. Drafts and implements an annual privacy audit and monitoring plan, develops audit tools and toolkits, works with member organizations to implement audit and monitoring activities, and performs quality assurance reviews as requested by the Director of Research Privacy and Compliance and provides applicable recommendations. Develops, prepares and presents audit and results monitoring reports with recommendations for improvement and correction to CCBEG management.
  • Reviews the investigation and breach risk assessment work of member organizations and compliance analysts.
  • Mentor and guide compliance analysts.
  • Manages and develops privacy policies and procedures.
  • Monitors survey and investigation data and trends to determine gaps and/or areas requiring further investigation and provides recommendations for operational changes and training opportunities.
  • Develops privacy awareness messages and educational materials in collaboration with the Chief Compliance Officer and the Chief Compliance Officer, Regulation and Oversight.
  • Prepares reports to meet the needs of the Chief Compliance Officer, Vice President of Compliance Operations, Chief Compliance Officer, UMMS General Management, and the Audit and Compliance Committee of the Board of Directors .
  • Perform other assigned duties.

What you need to succeed:

  • Bachelor’s degree in business administration or healthcare or relevant field required.
  • Three years of professional experience in the field of healthcare compliance, or an equivalent combination of education, experience and/r demonstrated performance with a high level and productive quality of work. Two years of experience in healthcare privacy, case investigation, audit and surveillance, or equivalent related fields is required.
  • Certified in Healthcare Privacy Compliance (CHCP) and/or Healthcare Compliance (CHC) (or achieve certification no later than 12 months from date of hire).
  • Experience with healthcare laws and regulations, including a strong knowledge of federal laws (e.g., HIPAA and 21st Century Cures Act) and state laws relating to privacy, personally identifiable information, and medical system policies is required.
  • Demonstrated strong cross-functional communication and leadership skills with the ability to proactively initiate and lead projects, strong analytical, organizational, facilitation, organizing, facilitation, written and oral communication and presentation.

We are an Equal Opportunity/Affirmative Action Employer. All qualified applicants will be considered for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age or any other characteristic protected by law.

Application submission information:

Apply online at


Comments are closed.