Privacy Program Specialist, Consultant

At Blue Shield of California we are parents, leader, students, visionaries, heroes, and providers. Everyday we come together striving to fulfill our mission, to ensure all Californians have access to high-quality health care at a sustainably affordable price. For more than 80 years, Blue Shield of California has been dedicated to transforming health care by making it more accessible, cost-effective, and customer-centric. We are a not-for-profit, independent member of the Blue Cross Blue Shield Association with 6,800 employees, more than $20 billion in annual revenue and 4.3 million members. The company has contributed more than $500 million to Blue Shield of California Foundation since 2002 to have a positive impact on California communities. Blue Shield of California is headquartered in Oakland, California with 18 additional locations including Sacramento, Los Angeles, and San Diego. We're excited to share Blue Shield of California has received awards and recognition for - LGBT diversity, quality improvement, most influential women in corporate America, Bay Area's top companies in volunteering & giving, and one of the world's most ethical companies. Here at Blue Shield of California, we're striving to make a positive change across our industry and the communities we live in - Join us!


Job Summary

This position reports to the Director, Chief Privacy Official (CPO). The position is part of the Privacy Office, a division of the Corporate Integrity and Risk Management Department within the Blue Shield Law Department.
  • Develops and implements privacy related policies and procedures; creates and deploys privacy training and education; encourages open lines of communication with workforce members, providers, vendors, customers and other third parties; acts as subject matter experts on healthcare data privacy issues and provides proactive privacy related advice;
  • Responds to privacy inquiries, complaints and reports of violations; conducts investigations and supports and/or manages all necessary sanctions and mitigation and remediation efforts; provides notifications and reporting required by law;
  • Manages privacy-related contracting and oversees business associate compliance; and conducts or otherwise assists with evaluating, auditing and monitoring privacy related risks.


The role of Privacy Program Specialist, Consultant is critical to the Privacy Office's ability to successfully build, implement and enforce Blue Shield's Privacy Program. Specifically, the Privacy Program Specialist, Consultant will be accountable for assisting the CPO and collaborating with fellow Privacy Office team members to achieve the following:
  • Implement, support and enforce Blue Shield's Privacy Program; assist in updates and revisions to the Privacy Program as needed or required by law to ensure Blue Shield's compliance with state, federal and international privacy laws; implement, support, and enforce best practices to protect the privacy of members' protected health information (PHI).
  • Build strong relationships and collaborate with workforce members throughout the Blue Shield Affiliated Covered Entities (ACE) to promote the Privacy Program and encourage privacy compliance at all levels of the organization.
  • Assist as requested in the timely creation, review, revision and updates to privacy policies, desk level procedures, resource guides, job aides and other educational tools.
  • Provide guidance and instruction to workforce members on privacy policies and procedures.
  • Assist individuals who contact the Privacy Office with privacy-related questions and provide subject matter expertise as needed for each unique, individual situation; provide privacy compliance advice and requirements to support business projects and strategic initiatives to ensure privacy-by-design and compliance with applicable privacy laws and regulations; provide support, guidance and subject matter expertise to other Privacy Office team members as needed with regard to questions they are handling.
  • Monitor Privacy Office email, helpline and hotline, online submission forms and Service Marketplace; assign and/or address all incoming requests for assistance, inquiries and incidents.
  • Assist individuals who wish to exercise their individual rights under HIPAA, including but not limited to, requests to access records, requests for accountings of disclosures, requests to amend records, requests to restrict uses or disclosures of PHI, requests for confidential communications, requests by personal representatives, etc. in a correct and timely manner.
  • Assist, evaluate and determine appropriateness of requests from workforce members to disclose PHI to third parties and/or to allow third parties to access, use or disclose Blue Shield PHI; review requests for minimum necessary determinations and the existence of appropriate authorizations and/or contractual documentation to allow the access, use or disclosure of PHI.
  • Assist individuals who contact the Privacy Office with privacy related concerns, complaints or allegations of privacy violations; provide support, guidance and subject matter expertise to other Privacy Office team members as needed with regard to questions they are handling.
  • Conduct, participate in and document privacy investigations; where substantiated, determine root cause, assist in determining proper and appropriate remediation and mitigation efforts, including creation of corrective action plans, to minimize risk of recurrence.
  • Act as a liaison with regulatory enforcement agencies; cooperate and participate as required by technical assistance letters, investigations, compliance reviews, audits and other reviews made by regulatory agencies, including OCR, DMHC, DHCS, LA Care and CA Attorney General.


Knowledge and Experience
  • Bachelors degree required.
  • Minimum of 5 years of experience in healthcare data privacy required. Solid background of investigating privacy incidents preferred.
  • IAPP CIPP/US Certification or HCCA CHPC Certification preferred.
  • Sound knowledge of state and federal privacy laws, including HIPAA/HITECH, CMIA, and privacy related consumer protections laws, such as the Telephone Consumer Protection Act (TCPA) required; knowledge of Department of Health Care Services (DHCS) privacy requirements for Medi-Cal Managed Care Health Plans and Centers for Medicare and Medicaid (CMS) Medicare Managed Care Plans preferred.
  • Ability to professionally and appropriately respond to inquiries, complaints or reports of potential violations from workforce members, business associates, customers, regulatory agencies, or other third parties required.
  • Excellent communication skills, both written and verbal, as well as relationship building skills to collaborate with and influence all relevant stakeholders, both internal and external.
  • Strong independent judgment, problem-solving, critical and analytical thinking skills, including a "moral compass" and high integrity required.
  • Ability to work with minimal supervision, to multi-task, and to deliver a quality work product in a highly regulated, demanding, and constantly changing corporate environment required.
  • Ability to work collaboratively in a team, applying people management and mentoring skills required.
  • Proficient in Microsoft Word, Access, Excel, PowerPoint and Outlook.
  • Experience and knowledge of compliance or privacy incident management software preferred.
  • This role will require some travel (10% or less), mostly throughout California.

Physical Requirements

Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of work day.
Please click here for further physical requirement detail.

External hires must pass a background check/drug screen. Qualified applicants with arrest records and/or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.EEO Policy