Privacy Specialist - Human Services Nonprofit in Salt Lake City, Utah at Volunteers Of America, Utah

Schedule: 15-20 hours per week

Benefits

• 403b retirement plan with employer match (50% match up to 3%).
• Employee Assistance Program for all employees

About

Volunteers of America, Utah is an affiliate of a national, nonprofit, faith-based organization that has served communities across the United States for more than 125 years. Volunteers of America, Utah’s mission is to provide community-supported paths for those who are vulnerable to improve their lives and increase their self-reliance. Our programs serve people experiencing challenges related to mental health, substance use, and homelessness. We encourage all who are passionate about making a difference, including individuals with lived experience, to apply.

Position Summary

This position is responsible for ensuring organizational compliance with applicable privacy regulations through the management of records requests, privacy-related documentation, data-access agreements, and other related compliance activities. The role requires strong organizational judgment, coordination with internal departments and external requestors, and the ability to manage multiple concurrent requests and deadlines.

Essential Duties

• Process records requests in compliance with privacy regulations and agency policy. This includes reviewing valid authorization, coordinating with internal and external parties to obtain documentation, compiling and organizing records, and securely transmitting information.
• Maintain documentation and tracking systems for records requests, disclosures, and related activities.
• Respond to subpoenas, court orders, and other legal requests for records by verifying validity and scope, coordinating with internal staff and requestors, and ensuring disclosures comply with applicable laws, regulations, and agency policy.
• Serve as a subject matter resource to staff on HIPAA and 42 CFR Part 2, providing guidance, training, and ongoing support related to privacy compliance and records procedures.
• Oversee the agency’s records retention schedule by maintaining the schedule, coordinating with internal departments and the archival storage vendor, identifying records eligible for destruction, ensuring secure destruction of approved records, and maintaining accurate documentation of these activities.
• Draft, review, and manage data-access agreements, including Memoranda of Understanding (MOUs), Business Associate Agreements (BAAs), and Qualified Service Organization Agreements (QSOAs). This includes tracking deadlines, initiating renewals, and coordinating with internal staff and vendors as needed.
• Maintain and update privacy-related documents, including Release of Information forms and the Notice of Privacy Practices (NPP), ensuring accuracy and regulatory compliance.
• Perform other duties as assigned.

Qualifications

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

The equivalent combination of education, experience, and training which provides the following knowledge, skills, and abilities:

• An associate’s degree or higher is required.
• Paralegal training or similar experience strongly preferred.
• Excellent verbal and written communication skills.
• High attention to detail and accuracy.
• Strong organizational skills, with the ability to track multiple active requests and lead cross-department coordination.
• Ability to interpret and apply regulatory or procedural guidance (training provided as needed).
• Ability to uphold professional boundaries, confidentiality regulations, agency policies and procedures, and interact in a professional manner with a diverse workforce, clients, and the public.
• Proficient in Microsoft Excel and Word.
• Willingness to accept supervision and direction.
• Ability to pass a criminal background check and pre-employment drug screen.

Physical Demands

• Work is generally performed in an office environment.
• This position is not eligible for remote work, as it requires access to on-site records and direct interaction with clients.
• Requires prolonged use of a computer and standard office equipment.