Sr. Privacy Analyst

Job Description

Job Description

About Mosaic Health:

Mosaic Health is a national healthcare company delivery platform focused on expanding access to primary care for consumers with coverage across Commercial, Individual Exchange, Medicare, and Medicaid health plans. Mosaic was formed in 2025 through the combination of Millennium Physician Group, CareMore Health, and Apree Health.

Position Summary

The Senior Privacy Analyst collaborates with Mosaic Health's leadership, Information Technology, Security, Legal, Product, Marketing/Engagement, and Customer Success Teams to address data privacy matters. This role includes data subject access requests, release of health information requests, privacy incident response, privacy impact assessments, the implementation of privacy by design principles through the product and service lifecycle and supporting workstreams related to the implementation of various policies and training.

Key Responsibilities

• Support data privacy compliance initiatives as directed by the Privacy Officer, CISO (Chief Information Security Officer), and other key stakeholders.
• Participate in conferences, meetings, and/or discussions on complex privacy matters with customers and other stakeholders at the direction of management.
• Support activities related to compliance with HIPAA Privacy Rules and additional applicable privacy laws.
• Develop and manage the organization's privacy policies and procedures, including:
  • Authorization and monitoring procedures for access, use and disclosure of patient information.
  • Implementation of processes that maintain compliance with laws relevant to privacy, confidentiality, and protection of patient information; and
  • Procedures for responding to suspected privacy and security incidents.
• Track regulatory developments, industry trends, and enforcement actions to advise leadership on evolving risks and standards. Research and maintain key, actionable knowledge of regulatory requirements and privacy laws including:
  • HIPAA, GDPR, CCPA, VCDPA, CPA, CTDPA, TCPA, CAN-SPAM, FTC, State Laws
• Collaborate cross-functionally with management, HR, legal, clinical, technology, business development and customer support teams to ensure a coordinated approach to data protection and privacy compliance.
• Actively promote, manage, and maintain the visibility of the privacy program throughout the organization by utilizing intra-office communication channels to promote awareness.
• Support and lead initiatives related to client privacy inquiries, data mapping, and risk assessments.
• Support and review initiatives for quarterly and annual reporting activities including:
  • Employee information systems access.
  • HHS/OCR HIPAA and State Regulatory Agency Reporting.
  • Data Subject Access Request and Authorized Release of PHI Reporting.
  • SOC2/HITRUST/NCQA Reporting

Qualifications

• Bachelor's degree in health information management, Healthcare Administration, Compliance, Legal Studies, or a related field; Master's degree preferred.
• Professional certifications such as CHPC, CHP, CIPP/US, or equivalent are highly desirable.
• 4+ years' experience in privacy compliance, preferably within healthcare or a multi-state physician group environment.
• Experience working in multi-site healthcare delivery organizations.
• Strong knowledge of HIPAA, HITECH, and relevant state privacy laws and regulations.
• Proven experience in privacy incident investigations, breach assessments, and regulatory reporting.
• Excellent analytical, organizational, communication, and stakeholder engagement skills.
• Familiarity with EMR/EHR systems (e.g., Athena, NextGen) and healthcare IT privacy challenges.
• Strong interpersonal skills with the ability to collaborate effectively across departments and influence without direct authority.
• Demonstrated ability to handle confidential information with discretion and professionalism.
• Ability to work independently in a fast-paced, cross-functional environment.

Job Posted by ApplicantPro