HEALTH & HOSPITAL CORPORATION PRIVACY OFFICER (50080470)

Job Role Summary

Implements, manages, and continuously improves HHC’s privacy program and aligns privacy programs across HHC divisions (MCPHD, IEMS, Eskenazi Health). Serves as the organization’s subject matter expert on privacy matters (including information blocking), leads privacy governance, and ensures compliance with privacy regulations through policy development, training, monitoring, and incident response.

Day in Life:

Provides day-to-day privacy leadership through advising leaders and staff, coordinating privacy governance activities, monitoring compliance risks, delivering training, and investigating/responding to privacy complaints or potential breaches.

Essential Duties

1) Privacy Program Leadership & Governance — 30%

• Develops, implements, monitors, trains on, and reports on the privacy program for HHC and alignment across divisions.
• Leads the organization-wide Data Privacy Committee and participates in privacy-related committees as a subject matter expert.
• Monitors and educates stakeholders on changes in privacy regulations and emerging privacy risks.

2) Compliance Monitoring, Risk Assessment & Controls — 25%

• Performs information privacy risk assessments and conducts ongoing privacy compliance monitoring activities.
• Ensures compliant privacy/confidentiality consents, authorizations, notices, and related materials are maintained.
• Establishes mechanisms to track access to protected health information and enable qualified individuals to review/report such activity.

3) Training, Consultation & Stakeholder Support — 20%

• Provides and/or directs privacy training for employees, volunteers, contractors, business associates, and others.
• Serves as the subject matter expert for the organization in privacy matters, including information blocking.
• Works cooperatively with HIM/Medical Records and others to oversee patient rights related to protected health information (inspect, amend, restrict as appropriate).
•  

Associated Job Duties

4) Incident Response, Investigations & External Reporting — 15%

• Investigates and responds to privacy complaints and possible breaches.
• Leads identification and external reporting of privacy-related noncompliance to regulatory/governmental authorities in coordination with strategic guidance from the Chief Compliance Officer; oversees corrective action plans to remediate issues and prevent recurrence.
• Collaborates with Human Resources in determining sanctions for noncompliance.

5) Contracts, Agreements & Cross-Functional Alignment — 10%

• Reviews, negotiates, and monitors business associate agreements, non-disclosure agreements, and data sharing agreements; reviews/approves privacy-related contracts to ensure regulatory compliance.
• Collaborates with Information Security to review system-related security plans to ensure alignment and consistency with security and privacy practices.
• Monitors advancements in privacy technologies to support organizational adaptation and compliance.

• This job description reflects management’s assignment of essential functions; it does not prescribe or restrict the tasks that may be assigned. The employee may be asked to perform other duties as needed to support departmental and organizational goals.

Qualifications

Education

• Required: Bachelor of Science in healthcare or a related field.
• Preferred: Juris Doctor (ABA-accredited law school) strongly preferred.

Experience

• Required: Eight (8) years of relevant experience working in health care privacy.

Licenses/Certifications Required

• Required: Admitted to the practice of law in the State of Indiana or comparable state.
• Preferred: Certification in Health Care Privacy, Information Privacy, or Healthcare Compliance (CHPC, CIPP/US, CIPM, CHC, or equivalent) strongly preferred.

Knowledge, Skills & Abilities

1) Privacy/Regulatory Knowledge

• Knowledge of public health industry and regulatory requirements.
• Knowledge of local, state, and federal health care regulations and legislation, especially privacy/confidentiality.

2) Leadership, Communication & Relationship Management

• Excellent interpersonal skills, leadership, and problem-solving capabilities.
• Professional and effective verbal/written communication; ability to establish positive working relationships across departments and with external partners.

3) Analytical Judgment & Operating Effectiveness

• Ability to work in a high-volume, rapidly changing environment; exercises discretion with sensitive/confidential matters.
• Analytical skills to understand operational processes and technology concepts; customer-focused operations; effective critical thinking/decision-making.

Working Environment

• Primary work environment includes standard office settings, internal/external business locations, and patient care areas.
• May be required to walk/stand/sit for extended periods; minimal lifting.
• May work remotely and/or attend meetings outside primary locations; intermittent work-related travel may be required.