Sr. Privacy Associate

Position Objective:
The Senior Privacy Associate supports the Privacy Officer in implementing and maintaining the organization’s privacy program. This role ensures compliance with GDPR, HIPAA, HITECH, PIPA, and other applicable privacy laws. The position focuses on operationalizing privacy controls, conducting risk assessments, and integrating privacy into daily operations and technology systems.

Essential Job Duties:

• Support the development, implementation, and continuous improvement of the privacy program.
• Monitor compliance with HIPAA, HITECH, state privacy laws, and internal policies.
• Conduct periodic audits and privacy risk assessments to identify vulnerabilities and ensure compliance.
• Support investigations, documentation, and timely reporting of privacy incidents and breaches to regulators.
• Assist in developing and delivering HIPAA and privacy training to workforce members.
• Research and analyze federal and state privacy regulations; recommend and implement compliance solutions.
• Draft and maintain privacy policies, procedures, and notices of privacy practices.
• Respond to privacy inquiries and access requests within required timeframes.
• Support review and assessment of Business Associate Agreements (BAAs).
• Track and report privacy metrics, incidents, and organizational risk posture.
• Participate in Compliance and Privacy Committee meetings.
• Stay current with privacy regulations, enforcement trends, and best practices.
• Perform other tasks and projects as assigned.

Education/Experience Requirements:

• Bachelor’s degree in Health Information Management, Law, Compliance, or related field.
• Minimum of 5 years of experience in healthcare privacy or compliance.
• Strong understanding of HIPAA Privacy and Security Rules, HITECH, and state privacy laws.
• Experience conducting audits and supporting privacy investigations.
• Excellent analytical, organizational, and communication skills.
• Proficient in Microsoft Office applications and professional communication tools.
• Professional certification preferred (CHPC, CHC, CHPS, CIPP/US, or CIPM).
• Ability to prioritize, manage multiple tasks, and work independently with accuracy and attention to detail.
• Strong customer service skills and discretion in handling confidential information.

Preferred Qualifications:

• Experience with healthcare systems such as Epic.
• Familiarity with privacy compliance software (e.g., Bluesight, EthicsPoint).
• Legal or healthcare compliance background preferred.

Physical Demands:

• Able to view monitor screens for extended periods and perform data entry.
• Ability to lift 10–20 lbs unassisted and travel between locations as needed.
• Ability to sit or stand for extended periods; reasonable accommodations may be made under the ADA.

Mental Demands:

• Ability to function effectively in high-stress environments and manage multiple priorities.
• Sound judgment and independent decision-making skills.
• Excellent written and verbal communication and ability to educate others.
• Strong problem-solving, patience, and professionalism when handling sensitive or confidential matters.
• Commitment to Luminis Health’s mission, vision, and values.

The above job description provides an overview of key functions and requirements for this role. It is not intended to be an exhaustive list; additional responsibilities may be assigned as necessary.