Bon Secours Mercy Health
Privacy Director
Bon Secours Mercy Health, Richmond, Virginia, United States, 23214
At Bon Secours Mercy Health, we are dedicated to continually improving health care quality, safety and cost effectiveness. Our hospitals, care sites and clinicians are recognized for clinical and operational excellence.
PRIVACY DIRECTOR | Work from Home - Nationwide
WFH role with 10% travel - onsite to hospitals, ministry-wide
We are seeking a dynamic and collaborative leader to operate as a subject matter expert in privacy, develop and conduct privacy education and investigations across the organization. This role will emphasize privacy subject matter expertise within digital technology including cybersecurity, artificial intelligence and health information systems. We are looking for a candidate who has researched regulatory law, has expert knowledge in HIPAA, has at least 5-7 years of experience in healthcare law (regulatory and transactional), and has experience with privacy-related artificial intelligence or cybersecurity issues.
Summary
Oversees all ongoing activities across the group related to the development, implementation, maintenance of, and adherence to the organization's policies and procedures covering the privacy of, disclosure of, and access to, patient health information in compliance with federal and state laws and the healthcare organization's information privacy practices.
Essential Functions
Builds a strategic and comprehensive privacy program that defines, develops, maintains, and implements policies and procedures that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of protected health information (PHI); ensure privacy forms, notices, policies, standards, and procedures are up to date.
Works with organization senior management, to establish a group-wide Privacy Oversight Committee and serve in a leadership role for the Privacy Oversight Committee's activities
Collaborates with IT Security Director and Information Services Director to ensure alignment between security and privacy programs including policies, practices, and investigations.
Conducts related ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.
Reviews role-based access controls; oversees audits of access to Protected Health Information (PHI); recommends appropriate action necessary as a result of audit activities.
Takes a lead role to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
Oversees, develops, and delivers ongoing privacy training to the workforce.
Participates in the development, implementation, and ongoing compliance monitoring of business associates and business associate agreements to ensure all privacy concerns, requirements and responsibilities are addressed.
Establishes, with management and operations, a mechanism to track access to protected health information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization's privacy policies and procedures in coordination and collaboration with other similar functions, when necessary, legal counsel.
Monitors compliance risk strategies and independently troubleshoots problems while providing sound advice.
Education Qualifications
Bachelor Degree (required)
Bachelor of Computer Science (preferred)
Bachelor of Cybersecurity (preferred)
Bachelor of Health Information Management (preferred)
Bachelor of Science in Health Informatics (preferred)
Master in healthcare administration or informatics, computer science, law, business or related field (preferred)
Juris Doctor (preferred)
Licensing/Certification
Licensure/Certification Preferred: Certified Healthcare Privacy Compliance (CHPC) or Certified Information Privacy Manager (CIPM)
Certified Information Systems Security Professional
HITRUST Certified CSF Practitioner (preferred)
Registered Health Information Administrator (preferred)
Certified Artificial Intelligence Governance Professional (preferred)
Certified in Healthcare Privacy Compliance (CHPC) certification (preferred - must be obtained within 1 year of hire)
Certified in Healthcare Compliance (preferred)
Minimum Qualifications
Minimum Years and Type of Experience: 5-7 years’ experience in privacy compliance preferably in a healthcare setting
Experience overseeing and managing privacy-related investigations and key privacy compliance areas
Motivated self-starter with the ability to excel at multi-tasking in a fast-paced environment;
Ability to identify problems, analyze data, and present conclusions effectively; Strong communication
Many of our opportunities reward* your hard work with:
Comprehensive, affordable medical, dental and vision plans
Prescription drug coverage
Flexible spending accounts
Life insurance w/AD&D
Employer contributions to retirement savings plan when eligible
Paid time off
Educational Assistance
And much more
*Benefits offerings vary according to employment status
All applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, age, genetic information, or protected veteran status, and will not be discriminated against on the basis of disability. If you'd like to view a copy of the affirmative action plan or policy statement for Mercy Health – Youngstown, Ohio or Bon Secours – Franklin, Virginia; Petersburg, Virginia; and Emporia, Virginia, which are Affirmative Action and Equal Opportunity Employers, please email recruitment@mercy.com . If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact The Talent Acquisition Team at recruitment@mercy.com
PRIVACY DIRECTOR | Work from Home - Nationwide
WFH role with 10% travel - onsite to hospitals, ministry-wide
We are seeking a dynamic and collaborative leader to operate as a subject matter expert in privacy, develop and conduct privacy education and investigations across the organization. This role will emphasize privacy subject matter expertise within digital technology including cybersecurity, artificial intelligence and health information systems. We are looking for a candidate who has researched regulatory law, has expert knowledge in HIPAA, has at least 5-7 years of experience in healthcare law (regulatory and transactional), and has experience with privacy-related artificial intelligence or cybersecurity issues.
Summary
Oversees all ongoing activities across the group related to the development, implementation, maintenance of, and adherence to the organization's policies and procedures covering the privacy of, disclosure of, and access to, patient health information in compliance with federal and state laws and the healthcare organization's information privacy practices.
Essential Functions
Builds a strategic and comprehensive privacy program that defines, develops, maintains, and implements policies and procedures that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of protected health information (PHI); ensure privacy forms, notices, policies, standards, and procedures are up to date.
Works with organization senior management, to establish a group-wide Privacy Oversight Committee and serve in a leadership role for the Privacy Oversight Committee's activities
Collaborates with IT Security Director and Information Services Director to ensure alignment between security and privacy programs including policies, practices, and investigations.
Conducts related ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.
Reviews role-based access controls; oversees audits of access to Protected Health Information (PHI); recommends appropriate action necessary as a result of audit activities.
Takes a lead role to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
Oversees, develops, and delivers ongoing privacy training to the workforce.
Participates in the development, implementation, and ongoing compliance monitoring of business associates and business associate agreements to ensure all privacy concerns, requirements and responsibilities are addressed.
Establishes, with management and operations, a mechanism to track access to protected health information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization's privacy policies and procedures in coordination and collaboration with other similar functions, when necessary, legal counsel.
Monitors compliance risk strategies and independently troubleshoots problems while providing sound advice.
Education Qualifications
Bachelor Degree (required)
Bachelor of Computer Science (preferred)
Bachelor of Cybersecurity (preferred)
Bachelor of Health Information Management (preferred)
Bachelor of Science in Health Informatics (preferred)
Master in healthcare administration or informatics, computer science, law, business or related field (preferred)
Juris Doctor (preferred)
Licensing/Certification
Licensure/Certification Preferred: Certified Healthcare Privacy Compliance (CHPC) or Certified Information Privacy Manager (CIPM)
Certified Information Systems Security Professional
HITRUST Certified CSF Practitioner (preferred)
Registered Health Information Administrator (preferred)
Certified Artificial Intelligence Governance Professional (preferred)
Certified in Healthcare Privacy Compliance (CHPC) certification (preferred - must be obtained within 1 year of hire)
Certified in Healthcare Compliance (preferred)
Minimum Qualifications
Minimum Years and Type of Experience: 5-7 years’ experience in privacy compliance preferably in a healthcare setting
Experience overseeing and managing privacy-related investigations and key privacy compliance areas
Motivated self-starter with the ability to excel at multi-tasking in a fast-paced environment;
Ability to identify problems, analyze data, and present conclusions effectively; Strong communication
Many of our opportunities reward* your hard work with:
Comprehensive, affordable medical, dental and vision plans
Prescription drug coverage
Flexible spending accounts
Life insurance w/AD&D
Employer contributions to retirement savings plan when eligible
Paid time off
Educational Assistance
And much more
*Benefits offerings vary according to employment status
All applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, age, genetic information, or protected veteran status, and will not be discriminated against on the basis of disability. If you'd like to view a copy of the affirmative action plan or policy statement for Mercy Health – Youngstown, Ohio or Bon Secours – Franklin, Virginia; Petersburg, Virginia; and Emporia, Virginia, which are Affirmative Action and Equal Opportunity Employers, please email recruitment@mercy.com . If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact The Talent Acquisition Team at recruitment@mercy.com