Director of HIPAA Privacy and Security Operations

Tryon Medical Partners•Charlotte, NC

About The Position

The Director of HIPAA Privacy & Security Operations serves as the organization’s designated HIPAA Privacy and Security Officer. This role is responsible for the strategic leadership, development, and execution of an enterprise-wide privacy, security, and data protection program to ensure compliance with all federal and state regulations, including HIPAA. Responsible for the foundational responsibilities of privacy compliance, incident investigation, and policy oversight, this position elevates accountability to the enterprise level—driving risk management, cybersecurity strategy, governance, and organizational resilience. The Director partners across Compliance, Legal, IT, Clinical Operations, and Executive Leadership to protect patient information (PHI/ePHI), mitigate risk, and ensure the secure delivery of care.

Requirements

Bachelor’s degree required
7–10+ years of experience in healthcare privacy, compliance, or information security
Progressive leadership experience with enterprise-level responsibility
Deep knowledge of HIPAA Privacy & Security Rules
Deep knowledge of Healthcare regulatory environment
Deep knowledge of Risk management and audit frameworks

Nice To Haves

Master’s or JD strongly preferred
CHPC, CHPS, CISSP, CISM, or equivalent certifications

Responsibilities

Serve as the organization’s designated HIPAA Privacy Officer and Security Officer.
Establish and maintain comprehensive HIPAA privacy and security programs, policies, and procedures.
Ensure organizational compliance with HIPAA, HITECH, and applicable state privacy laws.
Oversee patient privacy rights processes, disclosures, and regulatory reporting.
Execute the enterprise information security strategy and roadmap aligned to organizational priorities.
Provide compliance oversight of security architecture, identity/access management, encryption, and data protection standards.
Integrate security into all technology, clinical, and operational initiatives.
Lead enterprise-wide privacy and security risk assessments and gap analyses.
Develop mitigation strategies and track remediation efforts.
Maintain audit readiness for OCR, CMS, and other regulatory bodies.
Oversee third-party/vendor risk management, including Business Associate Agreements.
Direct investigation and response to privacy and security incidents and breaches.
Ensure timely and compliant reporting to regulatory authorities.
Lead root cause analysis, corrective action planning, and mitigation strategies.
Oversee incident response, disaster recovery, and business continuity planning.
Oversee and support administrative, physical, and technical safeguards for ePHI, including vulnerability management, threat detection and response, security monitoring and audit logging, and system access reviews and controls.
Ensure continuous monitoring of security posture and operational resilience.
Lead enterprise-wide HIPAA and cybersecurity training programs.
Promote a culture of privacy, security, and accountability across all departments.
Provide guidance to leadership, clinicians, and staff on privacy/security requirements.
Serve as primary advisor to executive leadership on privacy and cybersecurity risks.
Develop and report key performance indicators (KPIs) and risk metrics.
Represent the organization in external audits and regulatory inquiries.
Participate and lead cross-functional governance structures (Compliance Committee, Security Committee, etc.).
Partner with Legal on privacy matters, investigations, and regulatory interpretation.
Collaborate with IT to ensure secure management of ePHI.
Work with HR on sanctions, training compliance, and workforce accountability.
Provide direction to cross-functional stakeholders involved in compliance, IT security, and operations.
Establish clear ownership of controls, processes, and reporting structures across the organization.