E00867 – Director of Privacy
Position Overview: The Director of Privacy serves as the organization’s Privacy Officer and is responsible for the Privacy Program including but not limited to daily operations of the program, development, implementation, and maintenance of policies and procedures, monitoring program compliance, investigation and tracking of incidents and breaches and ensuring patients’ and consumers’ rights in compliance with federal and state laws. The Director of Privacy shall oversee all ongoing activities related to the development, implementation and maintenance of the privacy policies in accordance with applicable federal and state laws inclusive of HIPAA, HITECH and Omnibus requirements, and Part 2. The Director of Privacy also is responsible for implementing and managing compliance with federal and state laws relating to online data privacy such as CCPA and to communications, including TCPA and CANSPAM.
- Builds a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of protected health information (PHI), paper and/or electronic, across all media types. Ensures privacy forms, policies, standards, and procedures are up-to-date. Oversees compliance with federal and state laws regarding consumer data processing and disclosure.
- Works with organization senior management, security, and corporate compliance officer to establish governance for the privacy program.
- Serves in a leadership role for privacy compliance
- Acts as a liaison to the information technology department to ensure alignment between security and privacy compliance programs including policies, practices, and investigations.
- Establishes an ongoing process to track, investigate and report inappropriate access and disclosure of protected health information. Monitor patterns of inappropriate access and/or disclosure of protected health information.
- Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation and remediation.
- Conducts related ongoing compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions.
- Takes a lead role, to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organization and legal practices and requirements.
- Oversees, develops and delivers initial and ongoing privacy training to the workforce.
- Participates in the development, implementation, and ongoing compliance monitoring of all business associates and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
- Works cooperatively with the Health Information Management (HIM) Director and other applicable organization units in overseeing patient rights to inspect, amend, and restrict access to protected health information when appropriate.
- Manages all required breach determination and notification processes under HIPAA and applicable State breach rules and requirements.
- Measures compliance by conducting routine and/or focused internal audits of policy/procedure adherence.
- Establishes and administers a process for investigating and acting on privacy and security complaints
- Performs required breach risk assessment, documentation, and mitigation. Works with Human Resources to ensure consistent application of sanctions for privacy violations
- Initiates, facilitates and promotes activities to foster information privacy awareness within the organization and related entities.
- Maintains current knowledge of applicable federal and state privacy laws and accreditation standards.
- Works with organization administration, legal counsel, and other related parties to represent the organization’s information privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standard.
- Cooperates with the U.S. Department of Health and Human Service’s Office for Civil Rights, State regulators and/or other legal entities in any compliance reviews or investigations.
- Serves as information privacy resource to the organization regarding release of information and to all departments for all privacy related issues.
- Establishes and administers a process for responding and complying with consumer requests related to personal data use, disclosure or sale. Ensures compliance with consumer opt-in and opt-outs to data use and disclosure, including auditing and measuring program performance.
- Baccalaureate degree in health information management or a related healthcare field.
- Knowledge and experience in state and federal information privacy laws, including but not limited to HIPAA. Understanding of state and federal data privacy and online privacy requirements as well as familiarity with TCPA, CANSPAM and similar laws is desirable.
- Demonstrated organization, facilitation, written and oral communication, and presentation skills.
- Recommended privacy certification such as Certified in Healthcare Privacy and Security (CHPS) and/or other healthcare industry related credential, e.g. RHIA, RHIT.
- Demonstrated skills in collaboration, teamwork, and problem-solving to achieve goals
- Demonstrated skills in verbal communication and listening
- Demonstrated skills in providing excellent service to customers
- Excellent writing skills
- A high level of integrity and trust
- Extensive familiarity with health care relevant legislation and standards for the protection of health information and patient privacy
- Health care legal, operational, and or financial skills.