HIPAA Privacy Officer

Fresenius Medical CareWaltham, MA

About The Position

Serves as the enterprise HIPAA Privacy Officer for U.S. operations, responsible for interpretation, application, and oversight of HIPAA Privacy Rule requirements across the organization. Provides day-to-day guidance and subject matter expertise on HIPAA compliance across operational changes, initiatives, and projects of varying size and complexity. Advises business, clinical, and IT teams on appropriate handling, use, and disclosure of PHI, including identification and mitigation of privacy risks. Partners closely with Governance, Risk & Compliance (GRC) to develop and maintain Privacy Policies, standards, and procedures that meet HIPAA requirements, ensure HIPAA controls are defined, implemented, and monitored, align privacy requirements with broader regulatory and control frameworks, support reviews of third party vendors for compliance with HIPAA, and support audits, assessments, and regulatory inquiries. Collaborates with Cyber & Privacy Operations during privacy incidents to support breach assessment and risk analysis, ensure timely escalation, containment, and notification decisions, and contribute to post-incident remediation and continuous improvement efforts. Develops standard operating procedures (SOPs) and develops and delivers training on PHI policies and procedures. Works in close partnership with U.S. Privacy Legal Counsel to assess regulatory requirements and enforcement expectations, serve as primary point of contact for privacy complaints, investigations, breach risk assessments, and regulatory inquiries, ensure alignment of operational practices with legal obligations, and support development and maintenance of privacy policies and notices. Reviews and provides input on project designs, system implementations, workflows, and process changes to ensure alignment with HIPAA and organizational privacy requirements. Drives the integration of privacy-by-design principles into clinic operations and enterprise processes, ensuring sustainable and scalable compliance. Maintains documentation required to demonstrate HIPAA compliance, including overseeing requests for access, amendments, restrictions, and confidential communications for patient medical records; and ensuring timely response and appropriate denials and approvals. Develops practical, scalable self-service tools, templates, and guidance to enable teams to independently address routine privacy requirements. Partners with clinical and operational leaders to ensure HIPAA requirements are consistently and effectively executed in day-to-day clinic and physician practices’ operations. Supports awareness and training efforts to promote understanding of privacy responsibilities across workforce members. Participates in internal and external meetings, including regulatory, audit, and compliance forums, representing the organization’s HIPAA privacy posture.

Requirements

  • Bachelor’s Degree required
  • 8–10 years of experience in privacy, compliance, or healthcare regulatory roles
  • Demonstrated expertise in HIPAA Privacy Rule requirements and real-world application in healthcare operations
  • Experience supporting clinical, operational, and IT environments with privacy guidance
  • Proven ability to translate regulatory requirements into actionable, business-friendly solutions
  • Strong experience working cross-functionally with Legal, Compliance, Security, and operational stakeholders
  • Experience supporting privacy incident response and breach risk assessments
  • Strong understanding of healthcare workflows, PHI data flows, and regulatory risk
  • Excellent communication skills, with the ability to present complex privacy concepts to non-technical and executive audiences
  • Strong analytical, problem-solving, and decision-making capabilities
  • High attention to detail and ability to operate in a fast-paced, evolving environment

Nice To Haves

  • Degree in a related discipline such as Health Information Management, Healthcare Administration, or Law preferred
  • Certified in Healthcare Privacy Compliance (CHPC) – HCCA
  • Certified Information Privacy Professional (CIPP/US or CIPP/E) – IAPP
  • Certified Information Privacy Manager (CIPM) – IAPP

Responsibilities

  • Serves as the enterprise HIPAA Privacy Officer for U.S. operations, responsible for interpretation, application, and oversight of HIPAA Privacy Rule requirements across the organization.
  • Provides day-to-day guidance and subject matter expertise on HIPAA compliance across operational changes, initiatives, and projects of varying size and complexity.
  • Advises business, clinical, and IT teams on appropriate handling, use, and disclosure of PHI, including identification and mitigation of privacy risks.
  • Partners closely with Governance, Risk & Compliance (GRC) to develop and maintain Privacy Policies, standards, and procedures that meet HIPAA requirements.
  • Ensures HIPAA controls are defined, implemented, and monitored.
  • Aligns privacy requirements with broader regulatory and control frameworks.
  • Supports reviews of third party vendors for compliance with HIPAA.
  • Supports audits, assessments, and regulatory inquiries.
  • Collaborates with Cyber & Privacy Operations during privacy incidents to support breach assessment and risk analysis.
  • Ensures timely escalation, containment, and notification decisions during privacy incidents.
  • Contributes to post-incident remediation and continuous improvement efforts.
  • Develops standard operating procedures (SOPs).
  • Develops and delivers training on PHI policies and procedures.
  • Works in close partnership with U.S. Privacy Legal Counsel to assess regulatory requirements and enforcement expectations.
  • Serves as primary point of contact for privacy complaints, investigations, breach risk assessments, and regulatory inquiries.
  • Ensures alignment of operational practices with legal obligations.
  • Supports development and maintenance of privacy policies and notices.
  • Reviews and provides input on project designs, system implementations, workflows, and process changes to ensure alignment with HIPAA and organizational privacy requirements.
  • Drives the integration of privacy-by-design principles into clinic operations and enterprise processes, ensuring sustainable and scalable compliance.
  • Maintains documentation required to demonstrate HIPAA compliance, including overseeing requests for access, amendments, restrictions, and confidential communications for patient medical records; and ensuring timely response and appropriate denials and approvals.
  • Develops practical, scalable self-service tools, templates, and guidance to enable teams to independently address routine privacy requirements.
  • Partners with clinical and operational leaders to ensure HIPAA requirements are consistently and effectively executed in day-to-day clinic and physician practices’ operations.
  • Supports awareness and training efforts to promote understanding of privacy responsibilities across workforce members.
  • Participates in internal and external meetings, including regulatory, audit, and compliance forums, representing the organization’s HIPAA privacy posture.

Benefits

  • medical, dental, and vision insurance
  • a 401(k) with company match
  • paid time off
  • parental leave
  • potential for performance-based bonuses depending on company and individual performance
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service