Lead Privacy Compliance Analyst
Bring your drive for excellence, team orientation, and customer commitment to Independence; help us renew and reimagine our business and shape the future of health care.
The Lead Privacy Compliance Analyst serves as a senior individual contributor within the Privacy Office, leading key privacy compliance activities across the organization. Acts as a subject-matter expert on HIPAA privacy requirements, privacy risk management, and regulatory compliance. Independently manages the complex member rights processes and escalated privacy inquiries. Ensures timely, accurate, and risk-based resolution of privacy inquiries. Prepares and analyzes privacy metrics and trend reports to support leadership oversight and continuous improvement. Responds to inquiries from internal stakeholders, members, employer groups, and regulators. Partners with Legal, Security, Compliance, and business leaders to strengthen enterprise privacy governance, incident prevention, and regulatory readiness.
Works collaboratively with business leaders and Legal and Security teams involved with the release/transmission of Protected Health Information (“PHI”), to ensure compliance with organizational policies and applicable state and federal laws.
Independently plans and conducts privacy audits and targeted reviews, documents findings and risk ratings, facilitates corrective action plans, and escalates issues to Privacy leadership as appropriate. Acts as Privacy contact for business and group requests involving the release, storage, transmission, destruction, security, sharing, and any other use of Personally Identifiable Information (“PII”) and/or Protected Health Information (“PHI”), to ensure full coordination and cooperation under the organization's policies and procedures as well as state and federal law. Leads privacy-related vendor management activities, including supporting the review and analysis of vendor privacy and security assessments, Business Associate Agreements (BAAs), and confidentiality agreements; evaluates vendor risk, documents mitigation strategies, and supports remediation of identified gaps.
Responsibilities:
· Leads and provides expert guidance on HIPAA privacy inquiries and the member rights process, including the authorization, personal representative, and confidential communications processes.
· Designs and delivers enterprise-wide privacy and incident response training; promotes a culture of privacy awareness. Supports privacy incident investigations, root cause analysis, and corrective action planning in coordination with Legal and Security.
· Leads proactive and strategic initiatives of the Privacy Office, including enterprise-wide privacy and incident response training, data oversight process implementation, and the tracking of privacy trends to ensure loss prevention and privacy incident avoidance.
· Assists with vendor management activities, including the distribution and analysis of vendor privacy and security assessments, analysis of vendor Business Associate Agreements, evaluating requests for deviations from our standard terms against applicable policies, and assisting with the development of corrective action plans in cases of potential vendor non-compliance.
· Responsible for the review and processing of confidentiality agreements and member data requests to release data to external recipients.
· Assists with group requests involving the release, storage, transmission, destruction, security, sharing, and any other use of Personally Identifiable Information (“PII”) and/or Protected Health Information (“PHI”), to ensure full coordination and cooperation under the organization's policies and procedures as well as state and federal law.
· Leads the annual privacy risk assessment and supports remediation planning and process improvements.
· Assists with responses to requests for proposals from employer groups.
· Independently conducts an annual privacy risk assessment, provides feedback to the Manager, and participates in the development of business area process improvements related to the assessment findings.
· Responsible for independently conducting privacy office audits, facilitating corrective action plans (if necessary), compiling audit summaries, and escalating compliance issues to the Manager. Responsible for tracking business associate files and performing audits of those files to ensure accuracy.
· Responsible for the annual offshore subcontractor audit, audit summary, and assists with the development of corrective action plans (if necessary).
· Responsible for the annual review and revision of the privacy office desk procedures.
· Responsible for maintaining department documentation in accordance with the records retention policy.
· Other duties as assigned.
Qualifications:
· Undergraduate degree preferred, although commensurate work experience will be considered.
· Minimum 3-5 years progressive related experience in a managed care setting, preferably in a privacy regulatory compliance environment.
· Experience independently leading audits, risk assessments, or compliance reviews strongly preferred.
· Experience reviewing and analyzing contracts preferred.
· Must be able to work with a team on multiple, simultaneous projects and demonstrate strong leadership skills.
· Strong writing skills required.
· Demonstrated ability to define business solutions, make decisions, identify problems, coordinate resources, and implement changes.
· Proven effective communication and analytical skills required to lead, convey complex ideas and concepts internally and across appropriate cross-functional entities.
· Knowledge of process improvement, project management, and system testing methods, best practices, and analysis.
· Effective facilitation and presentation skills necessary to demonstrate business solutions in a clear and concise manner.
· Must be detail-oriented, able to multitask, and understand corporate objectives. Ability to follow through on the project life cycle while maintaining target deadlines.
· Must be able to work independently on projects.
· Proficiency in Microsoft Office (including Excel) and collaboration tools such as Copilot; experience developing reports, tracking metrics, and managing documentation preferred.
Independence has implemented a “Hybrid” model which consists of Associates working in the office 3 days a week (Tuesday, Wednesday & Thursday) and remotely 2 days a week (Monday & Friday). This role is designated as a role that fits into the “Hybrid” model. While associates may work remotely on our designated remote days, the work must be performed in the Tri-State Area of Delaware, New Jersey, or Pennsylvania
IBX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to their age, race, color, religion, sex, national origin, sexual orientation, protected veteran status, or disability
Must have an Android or iOS device which is compatible with the free Microsoft Authenticator app.
Inclusion and Belonging
At IBX, everyone can feel valued, supported, and comfortable to be themselves, and all associates have a fair opportunity to achieve their full potential. We put these principles into action every day by acting with integrity and respect. Celebrating and embracing diverse thoughts and perspectives that make up our workforce means our company is more vibrant, innovative, and better able to support the people and communities we serve.
About Our Company
Serving more than 8 million people nationwide, including 2.5 million in southeastern Pennsylvania, Independence Health Group — together with its subsidiaries — is the leading health insurance organization in the Philadelphia region. Our mission to build healthier lives for you, your family, and your employees shapes our actions and decisions every day.
At Independence, we see each of our members as an individual, with unique needs and concerns. We’re dedicated to harnessing the very latest ideas and technologies to deliver access to care that meets those needs and surpasses your expectations. For more information about Independence access our website at www.ibx.com. We’re revolutionizing health care, and our focus is on you!
Equal Employment Opportunity
IBX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to their age, race, color, religion, sex, national origin, sexual orientation, protected veteran status, or disability.
Agency Disclaimer
All resumes submitted directly to an Independence Blue Cross employee from a vendor via email, the Internet or in any other form without a valid written search agreement in place for this position from the Independence Blue Cross Family of Companies Human Resources Department will be deemed the sole property of Independence Blue Cross and the Independence Blue Cross Family of Companies. Please note that no fee will be paid in the event the candidate is hired by Independence Blue Cross or the Independence Blue Cross Family of Companies as a result of the referral or through means other than our established process.