Serve as a privacy engineer supporting the Department of Veterans Affairs (VA) Office of Electronic Health Record Modernization (OEHRM). Collaborate with records management, Freedom of Information Act (FOIA) officers, system owners, information security officers, privacy officers, project managers, risk managers, developers, and acquisitions to ensure OEHRM's commitment to privacy law and regulations. Comprehend privacy laws and regulations with a focus on privacy protection needs of Health Information Technology (IT). Define privacy requirements, provide recommendations based on new or existing systems, interconnections, and data types, and develop processes and Standard Operating Procedures (SOPs) aligned to enterprise directives. Assess and respond to privacy complaints and incidents, complete Privacy Threshold Analyses (PTAs) and Privacy Impact Analyses (PIAs), provide responses, and submit correlating artifacts to privacy controls. Ensure implementation of privacy controls and the design of privacy into the system architecture. Assess for privacy compliance and manage or monitor Plans of Action and Milestones (POA&Ms) for new or existing privacy-related findings.
-10 years of experience in a professional work environment
-Experience with developing privacy requirements and assessing for privacy compliance
-BA or BS degree in Engineering, Computer Science, Systems, Business, or Science or Technology or 18 years of experience in a professional work environment may be substituted for a degree
-Healthcare Information Security and Privacy Practitioner (HCISPP), Certified Professional in Health Information and Management Systems (CPHIMS), or Certified Information Privacy Professional (CIPP) Certification
-Experience with the VA
-Experience in developing Privacy Threshold Analyses (PTAs) and Privacy Impact Analyses (PIAs)
-Knowledge of health information technology
We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.