Posted on Apr 5, 2021 by Duke University
The Privacy Director works with the Chief Compliance & Privacy Officer across DUHS, Duke University Schools of Medicine and Nursing and their affiliates (Duke Health) to develop, operate and monitor an effective privacy program. The Privacy Director will develop and monitor compliance with federal and state privacy regulations, as well as general industry privacy standards related to protected health information and other restricted or sensitive information collected, used, and/or retained. Assumes management responsibilities of a team of Privacy professionals.
Duties and Responsibilities of Privacy Director
The Privacy Director will specifically serve as healthcare privacy subject matter expert for Duke Health and its Affiliated Covered Entity, working closely with clinical and research faculty and staff to create compliance with healthcare and research privacy laws and regulations.
Lead privacy evaluation and collaborate with staff to maintain data uses are in compliance with agreements including business associate agreements and other contractual restrictions, and applicable laws, regulations, and policies.
Collaborate with Procurement, IT Security and business with the review and negotiation of business associate agreements and privacy language as needed, particularly for HIPAA and privacy issues.
Complete audits, risk assessment activities, analysis, and corrective actions.
Continuously learn about new regulatory requirements and industry trends and incorporate within the privacy program.
Manages and oversees privacy-related investigations and complaints and the resolutions in collaboration with other compliance leaders, team members, and counsel, as appropriate.
Assists with the development and implementation of privacy policies and procedures.
Assists with the creation of, and conducts as appropriate, system-wide compliance training and education programs and outreach to continuously build relationships and awareness around importance of privacy.
Prepares and reviews privacy related tracking reports, incidents, and data analytics to identify opportunities for educational opportunities and policies, procedures and process improvement.
Oversee the breach notification process, including any follow-up with affected individuals (eg, call teams in response to reported breach) and external agencies' investigations, including drafting responses and remediation and implementing corrective action.
Maintains knowledge of rules and regulations (HIPAA, HITECH, state privacy laws and Identity Theft laws) that impact specific ministries and the organization and acts as a subject matter expert to support and provide guidance to workforce members.
Preferred Qualifications at this Level
Work requires organizational, analytical and communication skills acquired through the completion of a bachelors degree program in Business Administration or Health Administration. A Juris Doctor degree, CPA, Masters degree in Hospital Administration, Business Administration or a related field is preferred.
Privacy Director Specific: Advanced Degree or Juris Doctor degree and privacy certifications including IAPP's CIPP or CIPM, preferred.
Required Qualifications at this Level
Education: Work requires organizational, analytical and communication skills acquired through the completion of a bachelors degree program.
Work requires a minimum of four years' experience in compliance within the healthcare industry, to include leadership experience in project management and process improvement.
OR AN EQUIVALENT COMBINATION OF RELEVANT EDUCATION AND/OR EXPERIENCE.
Degrees, Licensure, and/or Certification: N/A
Distinguishing Characteristics of this Level N/A