Policy Analyst

Nashville, TN

ProviderTrust empowers safer healthcare for patients, providers, and payers by leveraging always-accurate compliance intelligence. Founded in 2010 in Nashville, TN, ProviderTrust creates comprehensive solutions to solve complex problems to make healthcare data meaningful and actionable. Our mission is to create a safer healthcare for everyone.

We partner with HR, Compliance, and Provider Operations teams to continuously monitor healthcare populations to identify license, credential, compliance, and payment eligibility issues before they impact patients. Our solutions monitor employees, vendors, provider networks, licenses, credentials, and more for OIG and state Medicaid exclusions, sanctions or disciplinary actions, license expirations or suspensions.

ProviderTrust monitors and verifies compliance and credential issues across the healthcare ecosystem, connecting vital intelligence to the moments and workflows you need it most. From OIG exclusions to licenses and credentials, our healthcare monitoring and verification platform goes beyond good enough.

We are seeking a Policy Analyst that will report to our Chief Compliance Officer and partner with many functional areas on day-to-day operational activities. This includes preparing for certification audits such as SOC, NCQA, and HITRUST, reviewing and documenting operational processes to ensure consistency and efficiency, as well as working closely with our development, product, and engineering teams. Collaboration across ProviderTrust as the documentation specialist, record-keeper of certification audit readiness evidence, monitoring for completion of routine required audits and reports, and maintaining a policy and procedure library, The ideal candidate will have an analytical mindset, be a confident communicator, possess critical thinking skills, and have experience with any number of healthcare information systems. Communication is key in this role, as these complex certification requirements need to be presented in an easily understandable manner. In the first year of employment you will help the organization navigate HITRUST certification.


The Policy Analyst will be the primary resource for the organization, contribution to and compilation of numerous policies and processes. Involvement will range from creating, updating, or maintaining SOP documents, contributing to employee handbooks to supporting department manuals which help maintain our compliance with certification requirements. In addition, this role will be responsible for maintaining evidence as required by each type of ProviderTrust certification (SOC, HITRUST, NCQA).

You will also be responsible for assisting with documentation and tracking of our risk management program, ensuring complete documentation of incidents, assisting with investigations when needed and auditing to ensure the ongoing protection of confidential client information.

  • Coordinate the collection of certification evidence as well as monitor the ongoing audits completed by various departments across ProviderTrust to ensure certification readiness.
  • Participate in security and privacy incident investigations, incident tracking, response plans, and activities related to security and privacy.
  • Assist in writing and updating HITRUST, HIPAA, and SOC compliant policies and procedures.
  • Participate in the planning of compliance reports, preparation of audit and compliance programs, drafting respective reports for presentation, and assessing corrective action plans.
  • Assist in performing Risk Assessments to ensure compliance with regulatory standards such as, HITRUST, SOC, HIPAA.
  • Analyze, update, and draft existing and new compliance policies and related documentation.
  • Conduct gap analysis and assessment of privacy, security and risk management programs.
  • Assist with the development of a roadmap to evolve the risk management program.
  • Participate in new business initiatives and product development activities to identify and escalate compliance considerations.
  • Collaborate with and assist business units to develop corrective action plans for identified compliance issues.
  • Continuously monitor the status and effectiveness of SOC controls (or future audit requirements)
  • Continually update and re-evaluate the extent to which customer PII is collected and shared internally and externally.

Duties and Responsibilities

  • Familiarity with regulatory requirements, cybersecurity industry frameworks and standards (E.g., HITRUST, HIPAA, ISO 27001, NIST, PCI DSS, or SSAE SOC standards.)
  • Extremely detail oriented, loves analyzing and documenting processes
  • A great communicator that understands the unique points of view brought by teams and individuals.
  • Excellent analytical and problem-solving abilities to identify process improvement opportunities and recommend solutions for business risks
  • Ability to work efficiently and lead yourself in a fluid environment
  • Demonstrate a strong passion for success as well as a strong work ethic
  • Some experience with creating and maintaining IT Policies and Procedures that are HIPAA, HITRUST, ISO 27001, NIST, PCI DSS, or SSAE SOC compliant.
  • Experience with Healthcare technology environments such as HRIS, ERP, AP and any number of systems or platforms.
  • BS or MS degree in business, engineering, computer science, or healthcare related field

What It’s Like To Work Here

At ProviderTrust, we recognize that experience can be built in a number of ways. If you have relevant skills that are not reflected in your resume or your experience doesn’t match our exact requirements, we welcome your candidacy and encourage you to share more. We will champion building a team that embodies empathy, equity, respect, and inclusivity while actively supporting our community, clients, partners, and friends. We value differences of opinions and embrace everyone’s unique perspective. We desire an environment that allows all team members to bring their full selves to work, unashamedly. We carefully consider every application and will either move forward with you, find another team that might be a better fit, keep in touch for future opportunities, or thank you for your time. ProviderTrust is an equal opportunity employer.

To be great at ProviderTrust, we find our team members have these things in common:

  • Gain energy from working in a fast-paced, creative environment
  • Decision making that employs a blend of data-driven insights and intuition
  • Ability to multitask and handle multiple projects concurrently
  • Resilience and positivity, able to address setbacks and bounce back quickly
  • Resourcefulness, discovering creative ways to get things done
  • Joy in making an immediate and positive impact
  • Diverse interests that are welcomed and extend beyond our organization

Things That Make Us A Great Place To Work

  • Competitive base salary and incentive package with 401k matching, meaningful equity, HSA employer contribution, and company-paid life and disability insurance
  • Medical, dental, and vision benefits; PT pays 80% of your premiums. We also offer access to a range of free mental health and well-being resources
  • Unlimited PTO, 11 paid holidays, and a flexible work schedule
  • Internal professional growth, development, and mobility
  • Daily all-company morning huddles to sync up across the business
  • In-office experience: fully stocked kitchen, ergonomic desk setup, dog-friendly, and lots of celebrations!
  • Remote experience: home office set-up with technology provided, remote-friendly meetings and celebrations, and interest-specific Slack channels for connecting across teams
  • Fitness stipend, wellness program, and cell phone reimbursement
  • Voted one of the Best Places to Work by the Nashville Business Journal (2015 – 2019)
  • Inc. 5000 list of the fastest-growing private firms in the U.S. (2016-2020)

Never miss an update

Get the latest healthcare news, advice from industry experts, and all things related to monitoring solutions delivered straight to your inbox.