Privacy Director

About The Position

Requirements

• 2+ years of experience in privacy management within the healthcare industry.
• In-depth knowledge and experience with healthcare privacy laws, including HIPAA, HITECH, and state-specific privacy regulations.
• Experience working with cross-functional teams, including IT, legal, compliance, and human resources, to develop and enforce privacy policies and practices.
• At least one of the preferred certifications or the ability to obtain certification within 1 year of employment is required.
• Ability to pass DHS background study.
• Expertise in healthcare privacy regulations, including HIPAA, HITECH, and state-level privacy laws.
• Knowledge of emerging privacy risks, trends, and technologies affecting healthcare organizations, including cybersecurity threats, data breaches, and cloud computing.
• Strategic thinking with the ability to align privacy initiatives with the organization’s business objectives while safeguarding patient privacy.
• Excellent analytical and problem-solving skills, with the ability to assess complex privacy issues and develop effective solutions.
• Ability to navigate complex regulatory environments and provide clear guidance on privacy issues.
• Excellent written and verbal communication skills, with the ability to effectively communicate privacy-related matters to all levels of the organization and external stakeholders.
• Strong interpersonal skills, with the ability to build relationships and foster a culture of privacy across the organization.

Nice To Haves

• Associate’s degree in Healthcare Administration, Law, Information Security, or a related field.
• Additional certifications in healthcare compliance, law, privacy, data security, or information management are a plus.
• Certified Information Privacy Professional (CIPP)
• Certified Information Privacy Manager (CIPM)
• Certified in Healthcare Compliance (CHC)
• Certified Compliance and Ethics Professional (CCEP)
• Registered Health Information Technician (RHIT)

Responsibilities

• Assist with the organization's privacy program and policies, providing guidance and recommendations to the Chief Compliance Officer senior leadership, including the CEO and Board of Directors.
• Report regularly on privacy risks, trends, breaches, and compliance metrics to the Chief Compliance Officer, Board, and other stakeholders as needed.
• Collaborate with other departments, including IT, HR, and legal, to ensure privacy practices are embedded throughout the organization.
• Assist with the development and implementation, of a comprehensive privacy program that protects patient information, complies with applicable privacy regulations, and addresses emerging privacy risks.
• Ensure that privacy policies, procedures, and controls are up to date and in compliance with relevant laws, including HIPAA, HITECH, and state-specific regulations.
• Lead the creation of a privacy governance framework and ensure effective privacy risk management strategies are in place.
• Conduct regular privacy risk assessments and audits to identify vulnerabilities in patient data protection practices and develop strategies to mitigate identified risks.
• Assess privacy-related threats and vulnerabilities, working with IT and other departments to strengthen data security measures and ensure compliance with privacy regulations.
• Develop and maintain an incident response plan for privacy breaches, ensuring that all potential privacy incidents are addressed promptly and in compliance with regulations.
• Lead privacy audits and compliance reviews to assess adherence to privacy policies and regulations across the organization.
• Monitor internal systems and processes to ensure compliance with federal and state privacy laws, including appropriate handling, storage, and disposal of protected health information (PHI).
• Oversee third-party vendor relationships and ensure that privacy requirements are met through contractual agreements, assessments, and ongoing monitoring.
• Develop, implement, and oversee a comprehensive privacy training program for all employees to ensure they understand their role in protecting patient privacy and complying with applicable laws.
• Ensure that training is updated regularly to reflect changes in privacy regulations, organizational policies, and emerging threats to privacy.
• Provide guidance to leadership and employees regarding privacy-related best practices and the handling of PHI.
• Foster a culture of privacy within the organization by promoting awareness and accountability for privacy-related matters at all levels of the organization.
• Promote privacy as a core value within the organization, helping to ensure patient trust and safeguarding sensitive information.
• Assist with the identification, investigation, and management of privacy incidents or breaches, ensuring prompt reporting to regulatory authorities as required by law.
• Work with internal teams, including IT, legal, and communications, to manage breach notifications and communicate effectively with impacted individuals in compliance with applicable laws.
• Conduct root cause analysis for privacy breaches and recommend corrective actions to prevent recurrence.
• Stay abreast of changes in privacy laws, regulations, and industry standards to ensure ongoing compliance with all applicable privacy requirements, including HIPAA, HITECH, and state privacy laws.
• Lead efforts to prepare for external audits and regulatory reviews, ensuring that the organization is fully compliant with privacy regulations.
• Serve as the primary point of contact with regulatory agencies, including the Department of Health and Human Services (HHS), Office for Civil Rights (OCR), and state health departments regarding privacy matters.
• Assist with the timely and accurate submission of required privacy-related reports and disclosures to regulatory bodies.
• Collaborate with the legal, compliance, IT, and operational teams to implement and refine privacy-related policies and procedures across the organization.
• Work with IT teams to ensure appropriate data security measures are implemented and maintain alignment with privacy goals.
• Partner with human resources to ensure that employee records are maintained in compliance with privacy regulations.
• Performs other duties as assigned.

Benefits

• medical/dental/vision/pet insurance
• disability and life insurance
• paid time off
• 401(k) retirement plans