PHI / PII Identification & Governance
- Identify, document, and classify PHI and PII data elements across applications, databases, and data pipelines.
- Collaborate with Compliance, Legal, Security, and Privacy teams to ensure accurate interpretation of regulatory requirements (e.g., HIPAA, GDPR, local privacy laws as applicable).
- Support audits and assessments by providing clear documentation of sensitive data usage, storage, and flow.
Data Dictionary & Metadata Management
- Create, maintain, and govern an enterprise data dictionary, including:
- Logical and physical data elements
- PHI/PII classification and sensitivity levels
- Definitions, source systems, downstream consumption, and ownership
- Ensure data definitions remain current and aligned across releases and environments.
- Act as a steward for data standards, naming conventions, and business definitions.
Release & Impact Analysis
- Partner with DB Admins, Architects, and Engineering teams to:
- Identify entities, tables, columns, and views impacted by each release
- Analyze upstream and downstream impacts of schema and data model changes
- Document and socialize data impact assessments as part of release planning and approvals.
- Ensure PHI/PII impacts are explicitly identified and reviewed before deployment.
Stakeholder Collaboration
- Serve as the bridge between business, compliance, and technical teams.
- Translate complex data and privacy requirements into clear, actionable documentation for technical teams.
- Facilitate discussions and walkthroughs related to data changes, privacy risks, and mitigation plans.
Documentation & Process Improvement
- Produce high quality artifacts such as:
- Data lineage and entity impact documents
- Functional and data requirements
- Change logs and release notes related to data
- Continuously improve data governance and release impact processes to reduce risk and rework.