Senior Director, Privacy Office Department:
Privacy & Compliance Location:
UMass Memorial Medical Center Posting Date:
40 Shift Length:
8 Position Summary:
Manages the planning, implementation, oversight, auditing, monitoring and ongoing operation of an effective Privacy program that meets the requirements of applicable federal and state regulations. Collaborates with UMMHs Chief Information Security Officer to ensure coordination between the Privacy program and the Information Security program. Major Responsibilities:
- Functions as the UMass Memorial Health System-wide Chief Privacy Officer and the CPO for UMass Memorial Medical Center (UMMMC), UMass Memorial Medical Group (UMMMG) and UMass Memorial Accountable Care Organization (ACO)
- Researches and monitors state and national Privacy legislative and regulatory activity, and revises or creates new standards and policies/procedures to ensure continued compliance. Ensures any changes are communicated to appropriate workforce members, the Vice President and Chief Compliance Officer, UMass Memorial member entity Compliance Officers and Privacy Officers, and Privacy and Information Security committees. Subscribes to appropriate compliance literature and attends conferences as necessary to stay current on industry standards and issues. Responds to questions and issues related to privacy compliance throughout UMMH and acts as a resource to member entity hospitals for federal and state privacy-related issues.
- Facilitates and oversees the development and/or revision of standards, policies and procedures required to implement the privacy compliance program and ensures the effective communication of this information to workforce members, the Vice President and Chief Compliance Officer, UMass Memorial member entity Compliance Officers and Privacy Officers, Privacy and Information Security committees, vendors and suppliers. Ensures privacy standards, policies and procedures are aligned with system compliance standards, policies and procedures. Coordinates the implementation of the necessary privacy procedural and process changes throughout all UMMH entities.
- Oversees the Privacy and Information Security Committee in coordination and collaboration with the Chief Information Security Officer (CISO). Ensures appropriate representation of clinical and administrative disciplines for discussion and identification of potential risk areas. Ensures necessary member entity Privacy risk assessments and self audits are completed.
- Responsible for initiating and monitoring the investigation and resolution of privacy breach complaints. Develops corrective action plans to affect necessary changes. Ensures consistent application of disciplinary policies. Responsible for required reporting to state and federal agencies related to identified privacy breaches.
- Bachelors degree in Health Care administration or similar discipline
- JD. or Masters Degree in Health Care administration or similar discipline
- Certification in Healthcare Compliance or Healthcare Privacy and Security preferred upon hire and required within first year of employment.
- Six to eight years of experience with healthcare operations, regulatory compliance, or similar field.
- Strong project management skills and strong verbal and written communication skills.
- Excellent organizational skills and independent decision-making capabilities.
- Demonstrated facilitation, training and presentation skills.
- Ability to utilize a variety of computerized software applications such as word processing, spreadsheets, databases, presentation layout, etc.
- Significant supervisory privacy and/or security experience in an academic medical center/health system
- Extensive knowledge required regarding compliance with privacy regulations, OCR, Federal Sentencing Guidelines, and healthcare laws and regulations.
- Thorough technical and working understanding of all related regulations
- Significant experience with managing implementation of procedures to designed to ensure compliance with all pertinent regulations.
- Extensive experience required conducting investigations and interviews.
- Experience in overseeing the coordination, drafting and submission of responses to regulatory agencies, such as the OCR.
- Familiarity with quality improvement processes and methodologies.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.