Director - Privacy & Compliance Program

About The Position

Requirements

• Bachelor's Degree in related field
• 7 -10 years' experience in health care environment
• Knowledge of Federal and State Privacy Laws, including, but not limited to: the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), the Payment Card Industry Data Security (PCI DSS)
• Knowledge of Federal and State compliance laws and regulations including but not limited to fraud, waste, and abuse laws, conflicts of interest, False Claims Act, Anti-Kickback and Stark statutes and regulations, and clinical research related laws and regulations.
• Prior experience working with one or more Privacy Frameworks (e.g. Generally Accepted Privacy Principles, Fair Information Practice Principles, NIST Privacy Framework, etc.; prior experience with Clinical Research compliance standards and programs, prior experience working with other federal and state compliance laws and regulations.
• Excellent written and verbal communication skills
• Strong presentation skills
• Demonstrable working knowledge of office applications (Word, Excel, email, etc.)
• Certified Compliance or Privacy Professional (CIPP, CHPC or CHC) or similar certification.

Nice To Haves

• Master's Degree or Juris Doctorate
• Strong investigation skills
• Certification related to Clinical Research Compliance (CHRC)

Responsibilities

• Manage the day to day working of the Privacy and Compliance Programs.
• Monitor and validate controls to ensure that systems, documentation, and processes are compliant with internal privacy and compliance standards and privacy and compliance regulations.
• Review with Chief Compliance Officer the status of each investigation case.
• Oversee the proactive management and monitoring of user access alerts and follow up.
• Manage Incident response. Track, analyze, and draft responses to privacy and compliance complaints and inquiries.
• In coordination with the Chief Compliance Officer, review, revise, and/or draft privacy and compliance department policies to help ensure all department policy review deadlines are met and new policies are created any needed with changes to laws and regulations.
• In coordination with the Chief Compliance Officer and as requested, review operational business unit policies that have privacy and compliance implications to help ensure such policies are consistent with and in compliance with applicable laws, regulations, and EHS Code of Conduct.
• Support gap analyses of existing processes to determine the privacy and compliance program needs of the organization:
• Help identify and assess privacy and compliance risks;
• Support the development of remediation and help ensure the implementation of corrective action plans with operational units to address the gaps identified as a result of the analyses;
• Recommend and review with the Chief Compliance Officer the organization's plans, policies, procedures and standards to meet privacy and compliance requirements;
• Support the development and regular reporting on the status of the implementation of a privacy and compliance program work plans;
• Activities, including privacy and compliance reviews, meetings with department/teams, and developing training and awareness materials;
• Support the Chief Compliance Officer in the ongoing assessment and oversight of the EHS Privacy and Compliance Programs with applicable Federal and State Laws and regulations;
• Oversight, participation, investigation follow-up, and team support of regular, ongoing Privacy and Compliance Program Open Case/Peer Review Meetings;
• Update and manage privacy and compliance training programs for all employees, contractors, and approved system users; build a culture where privacy and compliance awareness is a priority;
• Collaborate and liaise with the Chief Information Security Officer and EHS Technology Management Department to ensure alignment of Corporate-wide privacy, information security and other compliance initiatives;
• Work directly with the business units and leaders to facilitate privacy and compliance risk assessment and risk management processes;
• Coordinate with Information Security and other business units to support formulation, maintenance, and, as appropriate, implement the Incident Response Plan to ensure timely and appropriate resolution of the investigation of potential breaches of data;
• Ensure compliance with privacy and compliance practices and consistent application of sanctions for failure to comply with relevant policies for all EHS workforce members, extended workforce and all business associates, in cooperation with Human Resources, the Chief Information Security Officer, the Chief Compliance Officer, senior/executive leadership and legal counsel as applicable; and
• Serves as information privacy consultant to all EHS departments and affiliated entities and business associates.
• Demonstrate initiative, creativity and flexibility in problem resolution,
• Exercise good judgment;
• Effectively manage work time while handling more than one assignment at time;
• Prioritize work assignments to ensure the appropriate work is being completed;
• Demonstrate integrity, credibility and personal accountability;
• Set High work standards;
• Seek to share technical and other specialized knowledge with peers;
• Demonstrate excellent oral and written communication skills; and demonstrate commitment to customer service;
• The Director of Privacy and Compliance works independently with the Chief Compliance Officer, and relies on experience and judgment to plan and accomplish tasks;
• Days and hours work may be variable and may include after hours on-call support;
• Other duties as assigned by the Chief Compliance Officer.