Business Analyst - Data Governance & Privacy

PHI / PII Identification & Governance • Identify, document, and classify PHI and PII data elements across applications, databases, and data pipelines. • Collaborate with Compliance, Legal, Security, and Privacy teams to ensure accurate interpretation of regulatory requirements (e.g., HIPAA, GDPR, local privacy laws as applicable). • Support audits and assessments by providing clear documentation of sensitive data usage, storage, and flow.

Data Dictionary & Metadata Management • Create, maintain, and govern an enterprise data dictionary, including: • Logical and physical data elements • PHI/PII classification and sensitivity levels • Definitions, source systems, downstream consumption, and ownership

• Ensure data definitions remain current and aligned across releases and environments. • Act as a steward for data standards, naming conventions, and business definitions.

      Release & Impact Analysis • Partner with DB Admins, Architects, and Engineering teams to: • Identify entities, tables, columns, and views impacted by each release • Analyze upstream and downstream impacts of schema and data model changes

• Document and socialize data impact assessments as part of release planning and approvals. • Ensure PHI/PII impacts are explicitly identified and reviewed before deployment.

Stakeholder Collaboration • Serve as the bridge between business, compliance, and technical teams. • Translate complex data and privacy requirements into clear, actionable documentation for technical teams. • Facilitate discussions and walkthroughs related to data changes, privacy risks, and mitigation plans.

Documentation & Process Improvement • Produce high quality artifacts such as: • Data lineage and entity impact documents • Functional and data requirements • Change logs and release notes related to data

• Continuously improve data governance and release impact processes to reduce risk and rework.