Serves as the enterprise HIPAA Privacy Officer for U.S. operations, responsible for interpretation, application, and oversight of HIPAA Privacy Rule requirements across the organization. Provides day-to-day guidance and subject matter expertise on HIPAA compliance across operational changes, initiatives, and projects of varying size and complexity. Advises business, clinical, and IT teams on appropriate handling, use, and disclosure of PHI, including identification and mitigation of privacy risks. Partners closely with Governance, Risk & Compliance (GRC) to develop and maintain Privacy Policies, standards, and procedures that meet HIPAA requirements, ensure HIPAA controls are defined, implemented, and monitored, align privacy requirements with broader regulatory and control frameworks, support reviews of third party vendors for compliance with HIPAA, and support audits, assessments, and regulatory inquiries. Collaborates with Cyber & Privacy Operations during privacy incidents to support breach assessment and risk analysis, ensure timely escalation, containment, and notification decisions, and contribute to post-incident remediation and continuous improvement efforts. Develops standard operating procedures (SOPs) and develops and delivers training on PHI policies and procedures. Works in close partnership with U.S. Privacy Legal Counsel to assess regulatory requirements and enforcement expectations, serve as primary point of contact for privacy complaints, investigations, breach risk assessments, and regulatory inquiries, ensure alignment of operational practices with legal obligations, and support development and maintenance of privacy policies and notices. Reviews and provides input on project designs, system implementations, workflows, and process changes to ensure alignment with HIPAA and organizational privacy requirements. Drives the integration of privacy-by-design principles into clinic operations and enterprise processes, ensuring sustainable and scalable compliance. Maintains documentation required to demonstrate HIPAA compliance, including overseeing requests for access, amendments, restrictions, and confidential communications for patient medical records; and ensuring timely response and appropriate denials and approvals. Develops practical, scalable self-service tools, templates, and guidance to enable teams to independently address routine privacy requirements. Partners with clinical and operational leaders to ensure HIPAA requirements are consistently and effectively executed in day-to-day clinic and physician practices’ operations. Supports awareness and training efforts to promote understanding of privacy responsibilities across workforce members. Participates in internal and external meetings, including regulatory, audit, and compliance forums, representing the organization’s HIPAA privacy posture.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Job Type
Full-time
Career Level
Principal