Thank you for considering a career at Bon Secours Mercy Health!
Scheduled Weekly Hours:
40Work Shift:
Days (United States of America)PRIVACY DIRECTOR | Work From Home/Remote
WFH/Remote anywhere in the US (Eastern/Central Time Zone Preferred)
*We operate in the Eastern Time Zone*
Reports to: System Director, Compliance - Privacy
# of Direct Reports: 2
Primary Function/General Purpose of Position
As directed by the System Director, Compliance, oversees all ongoing activities across defined service areas within the group related to the development, implementation, maintenance of, and adherence to the organization's policies and procedures covering the privacy of, disclosure of and access to, patient Protected Health Information (PHI) in compliance with federal and state laws and the healthcare organization's information privacy practices.
Essential Job Functions
Assists in building a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and procedures that enable consistent, effective privacy practices. Such practices shall minimize risk and ensure the confidentiality of PHI as well as ensure privacy forms, notices, policies, standards and procedures are current.
Collaborates with IT Security Directors and Information Services Directors, or their designee, to ensure alignment between security and privacy programs including policies, practices and investigations.
Collaborates with IT, Security, Legal, and Business partners for privacy impact assessments and incident response.
Guide business in assessing and mitigating privacy risks by providing recommendations and controls for AI, machine learning, and digital health technologies.
Develop and enhance formal processes for privacy risk assessments with vendors, contractors, and business associates, including data management and data destruction.
Public-facing responsibilities such as supporting responses to consumer, government, and media inquiries about privacy incidents or policies.
Regularly benchmark privacy program maturity against industry standards
Conducts ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.
Reviews role-based access controls; conducts and oversees audits of access to PHI; recommends appropriate action necessary as a result of audit activities.
Takes a lead role to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organization and legal practices and requirements.
Conducts Risk Assessments to identify, evaluate, and mitigate potential threats to PHI.
Oversees, develops and delivers advanced privacy training modules, including scenario-based learning and regular refreshers. Participates in the development, implementation and ongoing compliance monitoring of business associates and business associate agreements to ensure all privacy concerns, requirements and responsibilities are addressed.
Establishes, with management and operations, a mechanism to track access to PHI, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
Contributes to the establishment and administration of a process for receiving, documenting, tracking, investigating, and taking action on all types of complaints concerning the organization's privacy policies and procedures in coordination and collaboration with other Directors, managers of other functional areas, and when appropriate, risk managers and legal counsel.
Provides leadership, support and supervision to Privacy program staff in performing day to day privacy-related functions.
Licensing/Certification
Certified in Healthcare Privacy Compliance – Health Care Compliance Association (required); or
Certified in Healthcare Compliance - Health Care Compliance Association (required); or
Certified Information Privacy Manager – International Association of Privacy Professionals (required)
Education
Bachelors, Healthcare, regulatory, business administration, business ethics (required)
Masters (preferred)
Work Experience
6 to 10 years Healthcare Regulatory experience including HIPAA (required)
Skills:
Hard/Tech/Clinical Skills:
Deep knowledge of Privacy, Security, and Breach Notification Laws
Incident and Breach Response
Research of Regulations
Risk Assessment Skills
Auditing, Monitoring
Investigation Processes & Techniques
Policy Development and Implementation
Education Development and Training
Data Analytics and Reporting
Microsoft Office & CoPilot Proficiency
Familiarity with privacy & compliance applications (e.g., Symplr, Protenus, EPIC)
Soft/Interpersonal Skills:
Strategic Leadership
Communication
Collaboration & Stakeholder Management
Problem-Solving
Adaptability
Change Management
Conflict Resolution
Analytical Thinking
Team Development
Integrity in Everything
Bon Secours Mercy Health is an equal opportunity employer.
As a Bon Secours Mercy Health associate, you’re part of a Mission that matters. We support your well-being – personally and professionally. Our benefits are built to grow with you and meet your unique needs, every step of the way.
What we offer
- Competitive pay, incentives, referral bonuses and 403(b) with employer contributions (when eligible)
- Medical, dental, vision, prescription coverage, HSA/FSA options, life insurances, mental health resources and discounts
- Paid time off, parental and FMLA leave, shot- and long-term disability, backup care for children and elders
- Tuition assistance, professional development and continuing education support
Benefits may vary based on the market and employment status.
Department:
SS Enterprise Risk - Corp ResponsibilityIt is our policy to abide by all Federal and State laws, as well as, the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). Accordingly, all applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, age, genetic information, or protected veteran status, and will not be discriminated against on the basis of disability. If you’d like to view a copy of the affirmative action plan or policy statement for Mercy Health– Youngstown, Ohio or Bon Secours – Franklin, Virginia; Petersburg, Virginia; and Emporia, Virginia, which are Affirmative Action and Equal Opportunity Employer, please email [email protected]. If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact The Talent Acquisition Team at [email protected].
Similar Jobs
What We Do
At Mercy Health, we understand that every family is a universe. A network of people who love, and support, and count on one other to be there. Everybody means the world to someone and we are committed to care for others so they can be there for the ones they love. With nearly 35,000 employees across regions of Ohio and Kentucky, we’re one of the largest health care systems in the country. At each of our more than 600 points of care, we deliver high-quality, compassionate care with one united purpose: to help our patients be well in mind, body and spirit.
