Privacy Director

Thank you for considering a career at Bon Secours Mercy Health! Scheduled Weekly Hours: 40 Work Shift: Days (United States of America) PRIVACY DIRECTOR | Work From Home/Remote WFH/Remote anywhere in the US (Eastern/Central Time Zone Preferred) We operate in the Eastern Time Zone Reports to: System Director, Compliance - Privacy # of Direct Reports: 2 Primary Function/General Purpose of Position As directed by the System Director, Compliance, oversees all ongoing activities across defined service areas within the group related to the development, implementation, maintenance of, and adherence to the organization's policies and procedures covering the privacy of, disclosure of and access to, patient Protected Health Information (PHI) in compliance with federal and state laws and the healthcare organization's information privacy practices. Essential Job Functions Assists in building a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and procedures that enable consistent, effective privacy practices. Such practices shall minimize risk and ensure the confidentiality of PHI as well as ensure privacy forms, notices, policies, standards and procedures are current. Collaborates with IT Security Directors and Information Services Directors, or their designee, to ensure alignment between security and privacy programs including policies, practices and investigations. Collaborates with IT, Security, Legal, and Business partners for privacy impact assessments and incident response. Guide business in assessing and mitigating privacy risks by providing recommendations and controls for AI, machine learning, and digital health technologies. Develop and enhance formal processes for privacy risk assessments with vendors, contractors, and business associates, including data management and data destruction. Public-facing responsibilities such as supporting responses to consumer, government, and media inquiries about privacy incidents or policies. Regularly benchmark privacy program maturity against industry standards Conducts ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions. Reviews role-based access controls; conducts and oversees audits of access to PHI; recommends appropriate action necessary as a result of audit activities. Takes a lead role to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organization and legal practices and requirements. Conducts Risk Assessments to identify, evaluate, and mitigate potential threats to PHI. Oversees, develops and delivers advanced privacy training modules, including scenario-based learning and regular refreshers. Participates in the development, implementation and ongoing compliance monitoring of business associates and business associate agreements to ensure all privacy concerns, requirements and responsibilities are addressed. Establishes, with management and operations, a mechanism to track access to PHI, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity. Contributes to the establishment and administration of a process for receiving, documenting, tracking, investigating, and taking action on all types of complaints concerning the organization's privacy policies and procedures in coordination and collaboration with other Directors, managers of other functional areas, and when appropriate, risk managers and legal counsel. Provides leadership, support and supervision to Privacy program staff in performing day to day privacy-related functions. Licensing/Certification Certified in Healthcare Privacy Compliance – Health Care Compliance Association (required); or Certified in Healthcare Compliance - Health Care Compliance Association (required); or Certified Information Privacy Manager – International Association of Privacy Professionals (required) Education Bachelors, Healthcare, regulatory, business administration, business ethics (required) Masters (preferred) Work Experience 6 to 10 years Healthcare Regulatory experience including HIPAA (required) Skills: Hard/Tech/Clinical Skills: Deep knowledge of Privacy, Security, and Breach Notification Laws Incident and Breach Response Research of Regulations Risk Assessment Skills Auditing, Monitoring Investigation Processes & Techniques Policy Development and Implementation Education Development and Training Data Analytics and Reporting Microsoft Office & CoPilot Proficiency Familiarity with privacy & compliance applications (e.g., Symplr, Protenus, EPIC) Soft/Interpersonal Skills: Strategic Leadership Communication Collaboration & Stakeholder Management Problem-Solving Adaptability Change Management Conflict Resolution Analytical Thinking Team Development Integrity in Everything Bon Secours Mercy Health is an equal opportunity employer. As a Bon Secours Mercy Health associate, you’re part of a Mission that matters. We support your well-being – personally and professionally. Our benefits are built to grow with you and meet your unique needs, every step of the way. What we offer Competitive pay, incentives, referral bonuses and 403(b) with employer contributions (when eligible) Medical, dental, vision, prescription coverage, HSA/FSA options, life insurances, mental health resources and discounts Paid time off, parental and FMLA leave, shot- and long-term disability, backup care for children and elders Tuition assistance, professional development and continuing education support Benefits may vary based on the market and employment status. Department: SS Enterprise Risk - Corp Responsibility It is our policy to abide by all Federal and State laws, as well as, the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). Accordingly, all applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, age, genetic information, or protected veteran status, and will not be discriminated against on the basis of disability. If you’d like to view a copy of the affirmative action plan or policy statement for Mercy Health– Youngstown, Ohio or Bon Secours – Franklin, Virginia; Petersburg, Virginia; and Emporia, Virginia, which are Affirmative Action and Equal Opportunity Employer, please email [email protected]. If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact The Talent Acquisition Team at [email protected]. We believe your best is yet to come. At Bon Secours Mercy Health, we celebrate the human side of health care, uniting individuals from all walks of life. We'll ask a lot of you, but we'll give a lot back, as well. Whether you’re called to bedside care, patient support, community service or operations and administration, there’s a place for you here. Because if there's one thing we know for certain, it's that good works start with great people. We’ll support and empower you to bring your best – in service of our patients and our Mission.