System Director of Privacy & Privacy Officer

Hartford HealthCare•Hartford, CT

22h

About The Position

Every day, more than 40,000 Hartford HealthCare colleagues come to work with one thing in common: Pride in what we do, knowing every moment matters here. Hartford HealthCare is transforming healthcare across Connecticut and beyond—enhancing access, affordability, health equity, and excellence. Spanning 500 locations across 185 towns and cities, our comprehensive care-delivery system is built to serve every community, every day. From world-class hospitals to an expansive network of behavioral health services, multispecialty physician groups, urgent and virtual care, surgery centers, home care, senior care, rehabilitation, and mobile neighborhood health programs, Hartford HealthCare is there when and where it matters most. We touch the lives of nearly 28,000 people every single day, delivering unparalleled care through our unique Institute Model. The System Director of Privacy (Privacy Officer) serves a key strategic advisor to executive leadership providing authoritative guidance on enterprise privacy risks, emerging regulatory trends, digital transformation initiatives, and organizational readiness. The System Director will establish systemwide privacy vision and strategic direction, developing governance structures, and ensuring consistent implementation across all regions, service lines, and affiliated entities. The System Director will maintain enterprise accountability for compliance with federal and state privacy laws, emerging regulatory frameworks, artificial intelligence (AI) governance standards, and all policies and procedures related to the protection of confidential patient, colleague, and business information.

Requirements

Master’s or other advanced degree is required
Ten plus years of health care compliance and privacy experience, preferably in a large healthcare system setting or in a legal, advisory or consulting capacity
Ten plus years of progressive leadership experience is required
At least one privacy certification from either the Health Care Compliance Association (eg. CHPC) or International Association of Privacy Professionals (eg. CIPP) is required
Strong knowledge of applicable privacy laws and regulations
Visible leader with excellent interpersonal communication skills who relates well with all levels of the organization
A creative, forward-thinking leader with the proven ability to engage, coach and mentor direct reports, colleagues and other key stakeholders
Ability to analyze complex problems and develop effective solutions for correction. Regularly exercises independent judgment in solving day-to-day privacy matters
Ability to effectively work with and coordinate the activities of outside consultants and legal counsel
High level of integrity and trust

Responsibilities

Leads the development and execution of the enterprise‑wide privacy strategy by setting the system’s privacy vision, strategic priorities, and governance structures. Advises executive leadership on complex privacy risks, emerging issues, and system readiness through reports, analyses, and formal guidance materials
Oversees the system‑wide privacy risk management framework, conducting continuous and data‑driven risk assessments of internal operations, vendors, and business associates
Maintains expert knowledge of AI governance frameworks, emerging privacy technologies, and cross‑state privacy legislation. Translates emerging trends into enterprise policies, governance models, and strategic recommendations for executive leadership
Oversees governance of secondary uses of health and personal data, including research, analytics, quality improvement, innovation, population health, AI training, and data‑sharing initiatives, ensuring ethical use, regulatory compliance, and alignment with organizational values
Serves as the system’s executive lead for privacy incident response, overseeing all investigations involving potential HIPAA Privacy Rule breaches. Directs Incident Response Team (IRT) operations, interfaces with cyber insurance carriers, oversees investigative timelines, and prepares formal responses for executive leaders and regulatory bodies at the state and federal levels
Provides day‑to‑day executive oversight of the enterprise privacy function, including management of the compliance reporting system, incident investigation database, and all associated data, documentation, and reporting workflows
Oversees consistent and defensible risk analyses for all impermissible uses or disclosures of PHI to determine whether an incident constitutes a reportable breach under the HIPAA Breach Notification Rule
Directs the development, implementation, dissemination, and continuous improvement of privacy policies and procedures ensuring alignment with regulatory requirements, organizational needs, and industry best practices
Leads all privacy components of mergers, acquisitions, joint ventures, affiliations, and clinical partnerships
Oversees development and delivery of system‑wide privacy training, orientation, and education programs for employees, volunteers, providers, and affiliated workforce
Maintains expert knowledge of federal and state privacy requirements, accreditation standards, and evolving industry trends
Oversees the enterprise Privacy‑by‑Design framework to ensure privacy considerations are embedded into new technologies, digital health solutions, AI models, clinical innovation projects, and operational workflows prior to implementation
Oversees enterprise privacy elements of the vendor and third‑party risk management program ensuring business associates, technology vendors, cloud solutions, and data‑sharing partners meet organizational privacy requirements and comply with contractual and regulatory obligations