Compliance Analyst
*Due to COVID-19 we are working 100% remotely, this includes the hiring process. When it is safe to do so, we will return to a hybrid of onsite and remote work for some positions.
Why This Role Is Important To Arcadia
The role of the Compliance Analyst is to ensure that Arcadia is conducting its business in full compliance with all state and federal healthcare laws and regulations, as well as professional standards, accepted business practices, and internal requirements. The Analyst will also work to ensure full compliance with SOC 2, ISO 27001, and HITRUST Certification Requirements.
The Compliance Analyst will work as a member of the Information Security team. This role will partner with teams throughout the company to ensure that technical security requirements are aligned with compliance requirements and are consistently implemented.
What success looks like...
In 3 months
· Evaluated and understood state of compliance within the organization and its regulatory obligations
· Developed an understanding of the organization’s business model and how (and where) state and federal regulations govern it
· Responded to compliance and security assessments accurately reflecting the organization’s control structure
In 6 months
· Beginning to track and keep up-to-date all customer compliance requirements
· Participate in compliance audits and work directly with auditors to provide artifacts and explain compliance program
· Assist in responding to privacy-related incidents
In 12 months
· Perform all aspects of job details confidently and independently, with minimal supervision
What You'll Be Doing
- Supporting the Senior Director of Information Security & Compliance with ongoing compliance efforts related to SOC 2, ISO 27001 and HITRUST Certification along with general state and federal healthcare, privacy and security requirements
- Ensuring compliance with HIPAA Law, Healthcare IT, Medicare, and Medicaid requirements
- Ensuring compliance with Federal and State regulations and policies as they relate to healthcare privacy and security
- Creating/revising applicable company healthcare policies
- Regularly reviewing policies and procedures to ensure ongoing compliance
- Supporting the Operations, Engineering, Production Support, and Technical Implementation teams by providing the necessary compliance expertise required to ensure that applications and infrastructure are implemented in accordance with company compliance objectives
- Ensuring that Arcadia’s infrastructure and applications meet Arcadia’s security and privacy compliance objectives (as outlined in Policies and Procedures)
- Maintaining a matrix of client compliance requirements and performing regular compliance reviews
- Monitoring the implementation of any prescribed corrective actions resulting from client assessments
- Supporting the completion of privacy/security assessments and annual audits for customers/prospective customers
- Supporting annual compliance audits (HITRUST, ISO and SOC 2) and customer assessments (and the preparation for both)
- Producing as required, any compliance metrics reports for the Information Security Officer (ISO), Senior Director of Information Security & Compliance and any other stakeholders or privacy/security steering committees prescribed
- Responding to requests for consultation or other inquiries from staff and provide compliance advice as required
- Supporting any requests for information by any external authoritative agencies as required (e.g., assessors, auditors, investigators, etc.)
- Providing any requested input for the ongoing maturation and development of the compliance and governance strategies necessary to support the business planning process
- Maintain currency and expertise with emerging trends in compliance and governance standards and technologies (both internal and external)
What You’ll Bring
- Good working knowledge of compliance as it relates to healthcare privacy and security, governance, and risk concepts and practices
- At least 2-3 years of healthcare compliance experience
- Background in healthcare technology, EHR implementation and healthcare compliance
- Strong understanding with HIPAA Law, Medicare and Medicaid
- Ability to work independently
- Advanced computer skills and excellent written and oral communication skills
What You'll Get
- Opportunity to be a part of a mission driven organization focused on helping provider organizations change the way they provide care to their patients
- Chance to be surrounded by a team of extremely talented and dedicated individuals driven to succeed
- Competitive compensation
- Amazing benefits including unlimited FTO
About Arcadia
Arcadia.io helps innovative healthcare systems and health plans around the country transform healthcare to reduce cost while improving patient health. We do this by aggregating massive amounts of clinical and claims data, applying algorithms to identify opportunities to provide better patient care, and making those opportunities actionable by physicians at the point of care in near-real time. We are passionate about helping our customers drive meaningful outcomes. We are growing fast and have emerged as the market leader in the highly competitive population health management software and value-based care services markets, and we have been recognized by industry analysts KLAS, IDC, Forrester and Chilmark for our leadership. For a better sense of our brand and products, please explore our website, our online resources, and our interactive Data Gallery.
This position is responsible for following all Security policies and procedures in order to protect all PHI under Arcadia's custodianship as well as Arcadia Intellectual Properties. For any security-specific roles, the responsibilities would be further defined by the hiring manager.