Covenant Health

Job Title
Health Info Privacy Specialist
Covenant Health Corporate
Department Name
Centralized Privacy




Health Information Privacy Specialist

Full-Time, 80 hours per pay period, Day Shift


Covenant Health Overview:

Covenant Health is East Tennessee’s top-performing healthcare network with 10 hospitals and over 85 outpatient and specialty services, and Covenant Medical Group, our area’s fastest-growing physician practice division. Headquartered in Knoxville, Covenant Health is a community-owned, not-for-profit healthcare system and the area’s largest employer with over 11,000 employees.


Covenant Health is the only healthcare system in East Tennessee to be named six times by Forbes as a Best Employer. 


Position Summary:

Paralegal experience is preferred.

Responsible for problem solving issues relative to privacy complaints, investigations, misdirected faxes, amendment & correction of records, more complicated release of information concerns (e.g. decedents, POA’s, health oversight),  access and audit trail monitoring.  Participates in environment of care rounds / risk assessment rounds to ensure proper privacy and security protections are in place. Provides training and education related to privacy and confidentiality for hospital/ facility system users, including physicians, and ancillary hospital staff. Analyzes information, audit trails, complaints to ensure privacy protections are in place and policies / regulations are followed.   This position is responsible for helping to maintain the integrity of the health information data.



  • Exercises independent judgment in case investigation and interviews to determine whether or not a valid privacy concern has occurred including the who, what, when, where, how, and why.
  • Works closely with management to analyze the problem, including looking at systems and processes for prevention and mitigation.
  • Consults with human resources, management and the Integrity Compliance Officer on disciplinary actions, including individual trending and monitoring for future information access capabilities/ restrictions.
  • Interacts with physicians and their office staff on privacy concerns and resolutions.
  • Responsible for memorializing detailed case documentation to support findings and actions, which may be utilized in future audit or defense response.
  • Travels to various Covenant Health facilities to investigate, interview, education and monitor privacy activities often with little advance notice.
  • Serves as first line consultant to PHI storage, retention, destruction, access issues.
  • Assists with accessing secure flash drives, monitoring unsecured emails, electronic transfer or storage or PHI/PII.
  • Performs basic HIPAA Risk Assessment for PHI risk exposure and security issues with walk-through analysis and provides report to leadership for correction actions.
  • Evaluates privacy cases by completing HIPAA Risk Assessment to assess for Low Probability of Compromises (non-reportable breaches) and escalates to legal counsel with discussion of case any that are questionable or above low probability of compromise (reportable breaches).
  • Monitors and approves HIPAA Business Associate Agreements (BAAs) with vendors for standard agreements and consults legal counsel any changes, questions, or unusual BAA items for advise and follows through to resolution.
  • Captures and maintains PHI inventory of non-IT supported electronic devices (eDevice assets) for systems that collect, use, store, share and dispose of PHI (in its life cycle) to protect against breach.



Minimum Education:           

Will accept any combination of formal education and/or prior work experience sufficient to demonstrate possession of the knowledge, skill and ability needed to perform the essential tasks of the job, typically such as would be equivalent to an Associate's degree. Preference may be given to individuals possessing an Associate's degree or higher in a directly-related field from an accredited college or university (e.g. AS in Health Information Technology or BS in Health Information Administration)


Minimum Experience:        

A minimum of four (4) years of directly-related work experience with emphasis on technology and management. Paralegal experience is preferred.


Licensure Requirement:     

Certification in Healthcare Privacy and Security (CHPS), Certified Compliance Professional (CCP), Certified in Healthcare Compliance (CHC), Registered Health Information Technician (RHIT) or Registered Health Information Administrator (RHIA) preferred.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed