Director - Privacy Privacy Officer

Luminis Health

Title:  Director – Privacy and Compliance Operations

Reports to:  Chief Compliance Officer

Job Code: 001614

FLSA Status: Exempt

The Director of Privacy and Compliance Operations is responsible for the organization's Privacy Program and related compliance operations functions including, but not limited to, daily operations of the program, development, implementation and maintenance of policies and procedures, education, monitoring program compliance, investigation and tracking of incidents and breaches and insuring patients' rights in compliance with federal and state laws across Luminis Health. The Director reports directly to the Chief Compliance Officer (CCO).

1. Governance and structure:  Works with CCO to establish governance for the privacy program.  Serves as the Privacy Officer for Luminis Health and co-chairs the Compliance and Privacy Committee with the Director of Corporate Compliance.  Performs or oversees initial and periodic privacy risk assessment/analysis, mitigation and remediation.  Conducts ongoing compliance monitoring activities in coordination with other compliance and operational assessment functions across Luminis Health.  Maintains current knowledge of applicable federal and state privacy rules, laws and accreditation standards to ensure confidentiality of protected health information (PHI). Conducts periodic audits of the System's privacy program and compliance with applicable federal and state privacy rules, laws, and accreditation standards
2. Collaboration:  Collaborates with the Chief Information Security Officer, or designee, to ensure alignment between privacy and security compliance programs including policies, practices, investigations, and acts as a liaison to the information systems department and the Cybersecurity team.  Co-lead incident response teams for data breaches and security events involving PHI or sensitive personal information.  Ensure privacy considerations are integrated into IT security governance, vendor assessments, and digital health initiatives.  Works with the Director of Corporate Compliance and Human Resources to ensure consistent application of sanctions for privacy violations.  Works with leadership across all departments of Luminis Health including legal counsel to follow up on investigations, provide education, and ensure compliance with privacy policies and procedures.
3. Investigations and complaints:  Establishes and administers a process for intake, investigation, action, and reporting of privacy and security complaints.  Conducts high level or sensitive investigations and interviews as needed.  Manages all required breach determination and notification processes under HIPAA and applicable State breach rules and requirements.  Completes timely reporting of breaches to and cooperates with the U.S. Department of Health and Human Service's Office for Civil Rights, State regulators and/or other legal entities in any compliance reviews or investigations. 
4. Data breach and security event responsibilities:  Serves as the incident command leader for any large scale event involving exposure of PHI, coordinates with contracted resources including Breach Coach, establishes Incident Response Team structure and communication, concludes investigation, completes notification and reporting, and ensures capture of all event documentation.
5. Security Access Audits:  Establishes an ongoing process to track, investigate and report inappropriate access to systems that contain PHI. Monitor patterns of inappropriate access and/or disclosure of protected health information.  Takes ownership of software and vendor relationship for security access monitoring tools.
6. Policies and Forms related to Privacy:  Ensures the organization has and maintains appropriate privacy and confidentiality references for patients, consents, authorization forms and information notices and materials reflecting current federal and state laws and regulatory requirements.
7. Education:  Develops, delivers, and maintains initial and ongoing privacy training to the workforce.  Owns, updates, and tailors education materials including Privacy Office intranet site, storyboards, and presentations to meet revised requirements and educational needs. Serve as subject matter expert and strategic advisor to leadership.
8. Metrics:  Establishes and maintains best practice tracking of metrics for all aspects of privacy office activity and reports metrics to committees and leadership as appropriate across Luminis Health.
9. Performs special projects and other duties as assigned.

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Required Minimum Education. The minimum level of education for this position includes:

• Bachelor’s degree required
• Master’s degree, preferred in related field

:

• Four years’ experience in Health Compliance or Privacy Role