Privacy Compliance Analyst

PointClickCare
Summary
Join PointClickCare's Legal and Compliance team as a Privacy Analyst, contributing to critical initiatives impacting the company, customers, and stakeholders. Reporting to the Privacy Officer, you will analyze and interpret evolving privacy regulations in the US and Canada, ensuring compliance with PointClickCare's policies and procedures. Your work will focus on protected health information (PHI) under HIPAA and other relevant laws, as well as emerging consumer and employee privacy regulations. You will collaborate with various departments, respond to compliance matters, and contribute to proactive policy development. This role demands strong analytical, communication, and project management skills, along with experience in privacy compliance and policy implementation.
Requirements
- BA/BS degree
- 2-4 years of relevant work experience
- Extensive knowledge and experience in United States health and general privacy compliance requirements
- Demonstrated capacity to understand, compare, analyze, and communicate complex regulatory and business challenges
- Experience defining, drafting, and implementing policies and training materials
- Experience conducting ongoing privacy compliance and monitoring activities
- Demonstrated organization, facilitation, communication, and presentation skills
- Strong project management skills, including ability to think end-to-end and manage multiple priorities/projects simultaneously for multiple stakeholders
- Excellent interpersonal skills; a team player with ability to collaborate at all levels of the organization
- Strong analytical capability and problem-solving skills, with attention to detail
- Keen judgement, integrity, and tact
- Strong written and verbal communication
- Self-starter with the ability to work independently
Responsibilities
- Assist in the development of, and ongoing updates to, PointClickCare’s privacy policies, controls, and training materials
- Assist in the unification/consolidation of privacy policies across PointClickCare’s subsidiaries
- Identify, communicate, and document privacy risks, privacy policy gaps, and privacy policy exceptions
- Stay informed of relevant regulatory and industry changes, trends, and best practices and assess the potential impact of these changes on PointClickCare
- Meet regularly with the Product Management and Clinical Solutions teams to ensure “privacy-by-design” consistency in all PointClickCare services
- Assist in responding to internal and external privacy impact assessments, privacy questionnaires, and other privacy compliance questions
- Assist the Security and Trust team on all privacy-related matters encompassed within security assessments/audits (e.g., for HITRUST CSF, SOC 2 Type II, etc.)
- Assist the Security and Trust team in analyzing the privacy implications and reporting obligations associated with information security incidents/events
- Work with Cloud Operations and other data storage teams to ensure alignment with privacy policies and data retention policies
- Perform privacy risk/impact/compliance assessments of certain sub-business associates and other third-party service providers
- Assist with responses to data/records requests
- Successfully set priorities, perform tasks in an orderly fashion, and meet deadlines
- Prepare agenda for and support legal and regulatory committees
- Travel 2-3x per year
Preferred Qualifications
- Privacy-related certifications desired (e.g., CIPP, CIPM, etc.)
- Familiarity with Canadian health and general privacy laws (e.g., PIPEDA, PHIPA, etc.)
- SaaS business experience
- Health information exchange experience
Benefits
- Retirement Plan Matching
- Flexible Paid Time Off
- Wellness Support Programs and Resources
- Parental & Caregiver Leaves
- Fertility & Adoption Support
- Continuous Development Support Program
- Employee Assistance Program
- Allyship and Inclusion Communities
- Employee Recognition