Health System Privacy Officer

About The Position

Requirements

• Bachelor's degree in Healthcare, Business, Legal Studies, Accounting, Finance, or a related area.
• Master's degree in a related area or an equivalent combination of education and experience from which comparable knowledge, skills, and abilities can be acquired.
• Seven (7) years of related experience.
• Certified in healthcare privacy compliance (CHPC) by the Health Care Compliance Association.

Nice To Haves

• Juris Doctor (JD) or Master's degree in Business Administration, Health Administration, or Finance.
• Experience working in an academic medical center or integrated health system.
• Advanced knowledge of healthcare privacy practices, electronic health records, and breach mitigation strategies.

Responsibilities

• Oversees implementation and management of the HIPAA Privacy Program to ensure compliance with applicable federal and state regulations.
• Monitors compliance with HIPAA privacy and related state laws across covered components.
• Leads investigations of potential privacy breaches, documents findings, ensures mitigation and reports as required.
• Coordinates privacy audits, risk assessments, and monitoring activities to identify gaps and support mitigation strategies.
• Provides subject-matter expertise on privacy implications for clinical research, information exchanges, and health data utilities.
• Collaborates with compliance, legal, information security, and clinical teams to support privacy-by-design in operations and technology initiatives.
• Participates in system-level data governance and other committees, ensuring privacy considerations are fully integrated.
• Develops, implements, and updates policies and procedures governing access, use, and disclosure of protected health information (PHI).
• Coordinates privacy-related education, awareness, and training initiatives to promote HIPAA compliance across all levels of staff and faculty.
• Monitors privacy program metrics, trends, and incident patterns to identify areas of risk and drive system-wide improvements.
• Advises and collaborates with MU Health Care leadership, academic partners, and the Tiger Institute on privacy-related initiatives and projects.
• Prepares regular reports for the Chief Compliance Officer and other leadership on privacy compliance status, investigations, and policy developments.
• Serves as a key liaison for responding to regulatory inquiries, audits, and investigations related to privacy compliance.
• Leads, mentors, and supports privacy department staff in best practices, standards, and continuous improvement.
• Ensures appropriate documentation and tracking of compliance program activities.
• Leads a culture of safety through proactive risk mitigation and continuous quality improvement, taking measures to routinely evaluate regulatory readiness. Monitors and analyzes safety and performance metrics to identify trends and implement corrective actions for staff and/or patients as appropriate.
• Manage the development, coordination, and maintenance of daily staffing schedules to ensure the appropriate level of coverage and continuity of care.
• Monitor and oversee time and attendance in alignment with MU Health Care policies and practices, ensuring accuracy of records and timely approval for payroll purposes.
• May complete unit/department-specific duties as outlined in department documents.

Benefits

• Health, vision and dental insurance coverage starting day one
• Generous paid leave and paid time off, including nine holidays
• Multiple retirement options, including 100% matching up to 8% and full vesting in three years
• Tuition assistance for employees (75%) and immediate family members (50%)
• Discounts on cell phone plans, rental cars, gyms, hotels and more