We are recruiting a Director, Head of Privacyto join our Compliance team.While Louisville or Nashville are preferred locations, remote candidates will be considered.
Summary:
The Director, Head of Privacy drives efforts to effectively manage privacy risk across the enterprise. The Director functions as one of the organization?s lead subject-matter experts in compliance with federal and state privacy laws and regulations designed to safeguard patient and other confidential information alike.The Director will collaboratively support local Facility Privacy Officers, Community and Specialty facilities, Support Center stakeholders, and fellow compliance team members with the goal of preventing, detecting, and correcting potential privacy compliance risks.
Essential Functions:
An individual must perform each essential function satisfactorily with or without a reasonable accommodation.
·Builds and manages a privacy compliance program that effectively addresses privacy risks to comply with applicable federal and state privacy laws that includes, but is not limited to:risk assessments, policies, procedures, education, awareness, and monitoring and testing.
·Leads moderate to high complexity privacy investigations of identified concerns and partners with support center and facility stakeholders to ensure appropriate remediation plans are implemented. Documents investigations contemporaneously and comprehensively and adheres to investigation plans as closely as possible.
·Collaborates with the Chief Information Security Officer to manage privacy risks and requirements associated with information security incidents.
·Leads, develops, and supports Facility Privacy Officers to serve as local resources for privacy-related investigations and risk management.
·Serves as the primary point of contact during government audits or investigations related to privacy practices and works collaboratively with applicable facility leadership to develop corrective action plans responsive to audit or investigation findings.
·Leverages strong critical thinking and reasoning skills to partner with operations, Government Affairs, Legal, Human Resources, Facility Privacy Officers, Information Technology, Information Security, and other relevant support center stakeholders to identify, assess, and remediate existing and emerging privacy risks.
·Advises compliance program team on privacy- and security- related regulatory risks identified within the field to further enhance ScionHealth?s culture of compliance.
·As part of ScionHealth?s third party oversight efforts, identifies and manages vendors who have access to protected health information and individually identifiable information to ensure compliance with applicable federal and state privacy laws.
·Works collaboratively with Government Affairs, Legal, Human Resources, Facility Privacy Officers, Information Technology, Information Security, and other stakeholders to monitor the regulatory landscape as it relates to privacy and ensure organizational compliance with emerging and new requirements.
·Leads privacy risk assessment efforts in business development activities (e.g., service line additions, acquisitions, etc.).
Exhibits a general understanding of healthcare regulatory and compliance, particularly as it relates to privacy laws and regulations (e.g., HIPAA, Breach Notification Rule, 21st Century Cures Act, CCPA, CPRA, etc.).
Knowledge/Skills/Abilities:
·A privacy guru who is aware of the various federal and state laws relevant to our business, understands how they may impact the way we do our work each day, and who stays current with emerging risks in the area of data privacy to ensure our program is dynamically designed.
·A clear and dynamic communicator who knows his or her audience: Consistently communicates complex information both verbally and in writing. Interacts with individuals at all levels of the organization and can adapt communication for the intended audience. Communicates in a manner that encourages collaboration and open dialogue; Appropriately identifies and escalates higher risk privacy matters.
·A well-organized, highly motivated project manager: Sets personal goals and determines how to achieve results with limited direction; prioritizes and leads multiple complex projects and/or investigations simultaneously including task delegation and oversight.
·A savvy and well-informed risk mitigator: Can identify and collaboratively solve complex problems with functional impact by recognizing risks using data insights and other observed trends, developing, and evaluating potential options to mitigate risks, and leveraging organizational synergies to achieve solutions.
·A strong, solution-oriented critical thinker: Demonstrates ability to thoroughly analyze situations to develop investigation plans, resources required to fully address a concern, and appropriate next steps. As privacy concerns are raised, must analyze the scenario, and leverage technical expertise, relationships with stakeholders, process documentation, and historical precedents to drive toward remediation plans. Identifies innovative ways to effectively address privacy risks within the business.
·A natural born leader skilled at exercising the power of influence: Ability to lead effective team initiatives; motivates team members to achieve objectives; and provides clear direction and support to stakeholders. Also works effectively as an individual contributor on a team.
·A positive, high-energy entrepreneurial spirit with a focus on customer service: Consistently operates as a team player who demonstrates empathetic reasoning in interactions with the business. Is comfortable with ambiguity that may accompany a transformational business.
·Travel of up to 20% may be required.
Qualifications
Education:
Bachelor's Degree or equivalent years of relevant experience required; Master's Degree in Healthcare of Business Administration, healthcare services, or other related field or a Juris Doctorate is strongly preferred.
Licenses/Certification:
Certified in Healthcare Privacy Compliance (CHPC) or Certified Information Privacy Professional (CIPP-US) strongly preferred.
Certified Compliance and Ethics Professional (CCEP), Certified in Healthcare Compliance (CHC), or other compliance-related certification preferred.
Experience:
5+ years of experience in compliance or a related area such as legal, risk, quality, health care operations, ideally in a provider setting; demonstrated experience building compliance programs in a complex healthcare delivery system; detailed understanding of regulatory and health care compliance risk areas; understanding of business operations, objectives, and challenges.
Depending on a candidate's qualifications, this role may be filled at a different level.