• Cover letter required.
• Research & writing skills may be assessed if asked to interview.
• CHPC examination (or similar) or obtained within 24 months from hire date.
• Remote option with occasional travel to Ann Arbor possible.

The Privacy Auditor Intermediate manages a portfolio of privacy-related complaints and investigations and electronic health record access audits to ensure they are handled appropriately, thoroughly and in a timely fashion.  Gathers facts by conducting medical record reviews, system audit log reviews, Internet searches, interviews, and coordinating with other internal and external partners as needed.   Always manages difficult conversations with tactfulness and professionalism, especially with patients exercising their privacy rights. Produces written communications and reports and offers recommendations for corrective action plans.      

Michigan Medicine improves the health of patients, populations and communities through excellence in education, patient care, community service, research and technology development, and through leadership activities in Michigan, nationally and internationally.  Our mission is guided by our Strategic Principles and has three critical components; patient care, education and research that together enhance our contribution to society.

• Responds timely and professionally to privacy-related questions from employees and patients.
• Investigates, analyzes, and documents privacy-related concerns reported to the Privacy Office, including the Compliance hotline; identifies and assures that immediate mitigation steps are taken. 
• Participates in research, data gathering and interviews related to the Privacy Program's investigations/reviews. 
• Works with Human Resources on privacy incident investigations to assure disciplinary action steps and follow through occurs. 
• Understands the HIPAA Privacy Rule and related state and federal privacy laws (or demonstrates a willingness to learn). 
• Assists with conducting audits of accesses to the EMR system(s), investigating potential inappropriate access to patient information.  
• Prepares clear and concise written work product presenting investigation findings and recommended corrective actions.
• Performs a range of assignments in accordance with prescribed office procedures to analyze and resolve problems. 
• Works under limited supervision, but seeks and receives instruction, guidance and direction from others, with an open mind and acceptance for growth by handling work assignments of higher complexity.
• Identifies risk areas and assists with implementation procedures to ensure compliance with privacy-related policies and corrective action plans.
• Participates in the performance of the Privacy Program's compliance work plan for the organization. 
• May lead reviews, projects or project steps within Privacy Office sponsored projects. 
• Assists in privacy investigations initiated by external regulators as necessary.
• Assists with development of training aids/educational materials.
• Assists with conducting HIPAA walk-through reviews at clinics and other locations.
• Provides ongoing educational support to appropriate management and personnel, assisting senior and lead privacy program staff with presentations, question/answer sessions and other educational content.

• Bachelor's degree or 7 years' similar work experience, or equivalent combination of education and work experience, and/or demonstrated performance with high level work quality & productivity. 
• 3+ years' relevant experience specific to HIPAA Privacy and/or Security, conducting investigations and/or in a regulatory/legal role, or equivalent combination of education and experience.
• Ability to interact and communicate effectively with all levels of staff.
• Ability to research and understand state and federal privacy laws like HIPAA. 
• Strong critical thinking, analytical and problem-solving skills to effectively identify, investigate and analyze HIPAA compliance issues.
• Detail-oriented with excellent organizational skills and ability to manage multiple assignments. 
• Able to work independently with structured work assignments, under appropriate supervision, and able to recognize need for and seek appropriate guidance when handling issues/cases when necessary.
• Ability to maintain confidentiality of sensitive and private information in accordance with applicable laws, policies and rules.
   

• Familiarity with Michigan Medicine policies and procedures.
• Experience using electronic medical record systems, etc., preferably with Epic.
• Proficient using Microsoft Word and Excel and Sharepoint applications.  
• Certified in Healthcare Privacy Compliance (CHPC) or similar certification, or willing to achieve certification no later than 24 months from hire date.

Positions that are eligible for hybrid or mobile/remote work mode are at the discretion of the hiring department. Work agreements are reviewed annually at a minimum and are subject to change at any time, and for any reason, throughout the course of employment. Learn more about the work modes.

Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings.  Background screenings are performed in compliance with the Fair Credit Report Act. Pre-employment drug testing applies to all selected candidates, including new or additional faculty and staff appointments, as well as transfers from other U-M campuses.

Job openings are posted for a minimum of seven calendar days.  The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.

The University of Michigan is an equal employment opportunity employer.