Compare your current skills to what this opportunity needs—we'll show you what you already have and what could strengthen your application.
Job Description
Location:
Los Angeles, CA Pay Rate:
$95-149
Contract Duration:
1 year contract
OT Pay Rate:
Straight Time Pay Rate (Exempt)
Estimated Regular Hours/Week:
40.00 Hybrid Position. The HIPAA Program Manager (PM) works under the direction of the Chief Privacy Officer or user agency personnel and manages or oversees all aspects of one or more HIPAA compliance projects while interacting with mid-level officials of similar capacity at the user agency and private sector. The
HIPAA PM
will perform HIPAA compliance activities and data protection initiatives, with a particular focus on the County's access to and the use of protected health information (PHI), in support of the Countywide Privacy Program. They will be responsible for performing HIPAA compliance auditing and monitoring functions, assisting with the development and enhancement of policies and procedures as required by the HIPAA Privacy Rule, provide guidance to County departments about privacy impact assessments and HIPAA risk assessments, provide guidance about the assessment of HIPAA and Privacy policy violations and/or incident response investigations, perform and evaluate HIPAA risk assessments and privacy risk assessments, participate in the review and update of the HIPAA and Privacy Awareness trainings and educational activities, and conduct HIPAA-focused presentations at events. The
HIPAA PM
is responsible for having in-depth knowledge of federal and state health privacy laws and regulations (strong focus on California laws), including those governing access, release of information and security technologies such as, but not limited to
HIPAA, HITECH
Act, CA Civ Code § 1798.29, CMIA, Health & Safety Code, section 1208.15; will evaluate situations against federal and state health privacy laws and regulations (strong focus on California laws); determine key business issues and develop appropriate plans from multidisciplinary perspectives; advise on HIPAA compliance programs, including incident management; understand internal auditing standards. The
HIPAA PM
evaluates organizations existing policies and procedures for HIPAA compliance by performing and evaluating HIPAA risk assessments and privacy risk assessments. They will work with and maintain confidential information; be organized to analyze and synthesize information quickly; and be able to work independently in a fast-paced environment. The
HIPAA PM
will possess knowledge and experience in customer service; decision making; flexibility; interpersonal skills; organizational awareness; written and oral communication; planning and evaluating; analysis and risk management; independence; and be proficient in Microsoft Office and Adobe Acrobat software.
Skills Required:
Ability to operationalize HIPAA requirements into workflows, SOPs, and procedures. Technical knowledge of security controls, audit logging, system risk, and cloud environments (e.g., Azure/M365). Skills in data governance, retention strategy, and developing archiving/"hot vs. cold" storage plans. Experience supporting governance structures, charters, and escalation processes. Expertise in PHI workflow mapping across systems and divisions. Strong incident response and root-cause analysis capabilities. Advanced HIPAA training development and presentation skills. This classification requires at least a minimum of four (4) years of experience on privacy requirements in healthcare settings and healthcare industry operations, including: HIPAA policy development and governance, HIPAA compliance monitoring, privacy impact assessments (PIAs) and HIPAA risk assessments, third party vendor risk assessments, HIPAA compliance audits, and training. At least three (3) years of that experience must be with HIPAA requirements, incident response investigations, and breach notification laws/regulations.
Experiences Required:
3 years of experience leading or managing HIPAA compliance implementation projects or transitioning an organization into HIPAA-covered entity status. 3 years of experience working directly with IT teams on HIPAA Security Rule safeguards, including access control models, audit logging, encryption, retention models, and cloud-based data governance. 2 years of experience developing or enforcing data retention schedules, PHI lifecycle governance, or data archiving strategies (e.g., "hot" vs. "cold" storage models). 3 years of experience coordinating HIPAA or data privacy work across multiple divisions (e.g., Legal, IT, Fiscal, Contracts, Program Operations) and preparing executive-level briefings. 3 years of experience operationalizing HIPAA policies into SOPs, workflows, staff procedures, and implementation guides. 3 years of experience conducting HIPAA risk assessments, Privacy Impact Assessments (PIAs), threat modeling, or HIPAA audit readiness assessments. 3 years of experience managing HIPAA incident response investigations, performing root-cause analysis, and applying federal and breach laws . 2 years of experience reviewing, negotiating, or operationalizing HIPAA-related Business Associate Agreements (BAAs), Data Exchange Agreements (DEPAs), or third-party HIPAA vendor risk assessments. 2 years of experience developing or delivering HIPAA or privacy-focused training to staff, managers, contractors, or providers. 2 years of experience managing multi-phase compliance or regulatory projects using GANTT charts or other structured project-management tools
Education Required:
This classification requires the possession of (a) a bachelor's degree or higher, and (b) a certification in one or more of the following: Certified in Healthcare Compliance (CHC), Certified in Healthcare Privacy Compliance (CHPC), Certified Information Privacy Professional/United States (CIPP/US) or Certified Information Privacy Manager (CIPM) certification. The certification is required and may not be substituted with additional experience. An advanced degree, including a Master's in Business or Healthcare Administration, Master of Laws (LL.M), or Juris Doctor, may be substituted for two (2) years towards the minimum years of experience. Livescan Required for this position. We encourage Minorities, Women, Protected Veterans and Disabled individuals to apply for all positions that they may be qualified for. We maintain a drug-free workplace and perform pre-employment substance abuse testing and background checks If you are interested in this position, please submit your resume in a Word Document with the month and year that you have worked at each previous position to - hemalatha@norlandgroup.
com and copy:
884-HIPAA Program Manager to the email Subject Line.
