Privacy Director

About The Position

Requirements

• Certified in Healthcare Privacy Compliance – Health Care Compliance Association (required); or
• Certified in Healthcare Compliance - Health Care Compliance Association (required); or
• Certified Information Privacy Manager – International Association of Privacy Professionals (required)
• Bachelors, Healthcare, regulatory, business administration, business ethics (required)
• 6 to 10 years Healthcare Regulatory experience including HIPAA (required)
• Deep knowledge of Privacy, Security, and Breach Notification Laws
• Incident and Breach Response
• Research of Regulations
• Risk Assessment Skills
• Auditing, Monitoring
• Investigation Processes & Techniques
• Policy Development and Implementation
• Education Development and Training
• Data Analytics and Reporting
• Microsoft Office & CoPilot Proficiency
• Familiarity with privacy & compliance applications (e.g., Symplr, Protenus, EPIC)
• Strategic Leadership
• Communication
• Collaboration & Stakeholder Management
• Problem-Solving
• Adaptability
• Change Management
• Conflict Resolution
• Analytical Thinking
• Team Development
• Integrity in Everything

Nice To Haves

• Masters

Responsibilities

• Assists in building a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and procedures that enable consistent, effective privacy practices. Such practices shall minimize risk and ensure the confidentiality of PHI as well as ensure privacy forms, notices, policies, standards and procedures are current.
• Collaborates with IT Security Directors and Information Services Directors, or their designee, to ensure alignment between security and privacy programs including policies, practices and investigations.
• Collaborates with IT, Security, Legal, and Business partners for privacy impact assessments and incident response.
• Guide business in assessing and mitigating privacy risks by providing recommendations and controls for AI, machine learning, and digital health technologies.
• Develop and enhance formal processes for privacy risk assessments with vendors, contractors, and business associates, including data management and data destruction.
• Public-facing responsibilities such as supporting responses to consumer, government, and media inquiries about privacy incidents or policies.
• Regularly benchmark privacy program maturity against industry standards
• Conducts ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.
• Reviews role-based access controls; conducts and oversees audits of access to PHI; recommends appropriate action necessary as a result of audit activities.
• Takes a lead role to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organization and legal practices and requirements.
• Conducts Risk Assessments to identify, evaluate, and mitigate potential threats to PHI.
• Oversees, develops and delivers advanced privacy training modules, including scenario-based learning and regular refreshers. Participates in the development, implementation and ongoing compliance monitoring of business associates and business associate agreements to ensure all privacy concerns, requirements and responsibilities are addressed.
• Establishes, with management and operations, a mechanism to track access to PHI, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
• Contributes to the establishment and administration of a process for receiving, documenting, tracking, investigating, and taking action on all types of complaints concerning the organization's privacy policies and procedures in coordination and collaboration with other Directors, managers of other functional areas, and when appropriate, risk managers and legal counsel.
• Provides leadership, support and supervision to Privacy program staff in performing day to day privacy-related functions.

Benefits

• Competitive pay, incentives, referral bonuses and 403(b) with employer contributions (when eligible)
• Medical, dental, vision, prescription coverage, HSA/FSA options, life insurance, mental health resources and discounts
• Paid time off, parental and FMLA leave, short- and long-term disability, backup care for children and elders
• Tuition assistance, professional development and continuing education support
• Benefits may vary based on the market and employment status.