Associate Privacy & Data Security Director

About The Position

Requirements

• Demonstrated knowledge in HIPAA Privacy, HIPAA Security, applicable state Privacy statutes and regulations, NIST Cybersecurity framework, 405(d) Health Industry Cybersecurity Practices, PCI, and SOX
• Working knowledge of medical group operation processes
• Ability to detect deficiencies in processes and determine needs to improve outcomes
• 5+ years of general healthcare privacy and security compliance experience with knowledge of medical group operations and physician services
• 5+ years of experience in regulatory research and knowledge of federal, state healthcare privacy and security requirements

Nice To Haves

• HIPAA Privacy Officer or Security Officer experience preferred
• Certified in Healthcare Privacy Compliance (CHPC) or other relevant certifications strongly preferred.

Responsibilities

• Initiates, facilitates, and promotes activities to foster a culture of privacy and data security compliance within Privia
• Provides guidance and direction on HIPAA Privacy and Security rules and other applicable federal and state health care privacy laws
• Assists in the development, implementation, and maintenance of administrative, physical, and technical safeguards for personally identifiable data, including, but not limited to managing user access, enforcing least-privilege principles, and maintaining system audit logs
• Periodically reviews and proposes revisions to Privia’s Privacy and Security Policies and Procedures and guidance materials to facilitate compliance with new privacy or cybersecurity-related laws/regulations or changes to existing federal, state, and local privacy or cybersecurity rules and regulations
• Collaborates with the CPO and CISO on the development of privacy and security training modules
• Assists ongoing privacy and security compliance monitoring and auditing activities, including staff awareness programs on phishing, ransomware, and insider threats
• In collaboration with the CPO and CISO, supports investigations of privacy and security incidents, breach risk assessments, and reporting to affected individuals and, when needed, HHS-OCR or other applicable agencies
• Maintains rapport with all business units to facilitate spirit of collaboration
• Collaborates with Information Security including conducting and reviewing security risk assessments to facilitate the implementation of effective mitigation of identified risks
• Assists with the implementation and management of PCI-DSS standards and SOX controls
• Other duties as assigned

Benefits

• medical
• dental
• vision
• life
• pet insurance
• 401K
• paid time off
• other wellness programs
• annual bonus targeted at 15%
• restricted stock units