"Alerted.org

Extraordinary Careers. Endless Possibilities.

With the nation’s largest home infusion provider, there is no limit to the growth of your career.

Option Care Health, Inc. is the largest independent home and alternate site infusion services provider in the United States. With over 8,000 team members including 5,000 clinicians, we work compassionately to elevate standards of care for patients with acute and chronic conditions in all 50 states. Through our clinical leadership, expertise and national scale, Option Care Health is re-imagining the infusion care experience for patients, customers and employees.

As a two-year recipient of the Gallup Exceptional Workplace Award, we recognize that part of being extraordinary is building a **thriving workforce that is as unique as the patients and communities we serve.** Join a company that is taking action to develop a culture that is inclusive, respectful, engaging and rewarding for all team members. Our organization requires extraordinary people to provide extraordinary care, so we are investing in a culture that attracts, hires and retains the best and brightest talent in healthcare.

Job Description Summary:

The Vice President, Chief Privacy Officer and Data Protection for Option Care Health (OCH), including its subsidiaries, affiliated companies, and joint ventures, will oversee the strategy, development, and continuous improvement of Option Care Health’s Privacy and Data Protection program to adhere to legal and regulatory requirements, the Company’s Code of Business Conduct and Company policies and procedures.

At the direction of the Chief Compliance Officer, this individual will build a strategic and comprehensive Privacy and Data Protection program that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of protected health information (PHI) and other sensitive information while enabling business objectives. This role will partner with key stakeholders to implement privacy compliance programs and will closely collaborate with Information Security to ensure operational alignment between information security and privacy programs.

**Job Description:** ​

Develop a vision and strategic plan that will guide the direction of the Privacy and Data Protection program and align with the overall strategic initiatives of Option Care Health. Develop and implement short- and long-term planning, outlining recommended enhancements and prioritizing steps to continuously improve the program, governance structure, and frameworks.

Ensure that the OCH Privacy and Data Protection program includes the privacy components of the Health Insurance Portability and Accountability Act (HIPAA), state privacy laws and regulations, protection of the organization’s proprietary data, employee data privacy as well as other relevant and emerging privacy requirements including but not limited to the Telphone Consumer Protection Act (TPCA).

Work effectively and collaboratively with executive leadership, Information Security, and Compliance leaders to establish and maintain effective management and governance for the Privacy and Data Protection program. Act as the Privacy and Data Protection liaison to Information Security and Information Technology functions.

Assess the current state of privacy and data protection and identify potential vulnerabilities and opportunities for enhancements within the program. Develop and coordinate ongoing privacy risk assessments and compliance monitoring to optimize the security posture of the organization, including conducting privacy audits, identifying and test existing controls to ensure they are effective and sustainable, identify potential gaps, document results and recommendations and monitor implementation of corrective actions to ensure effective future risk mitigation.

Review all system-related information security plans, risk and impact assessments to ensure alignment between security and privacy practices. Monitor systems development and operations for security and privacy compliance. Assure that the use of technologies maintains privacy protections on use, collection and disclosure of personal information.

Serve as a partner to the business (e.g., operations, commercial, clinical, research, records retention, contracting, billing) to identify, document, and mitigate privacy risks arising from key business activities and ensure new initiatives undergo applicable privacy review.

Monitor changes in healthcare laws and regulations, assess the impact on the organization, and update privacy programs and policies accordingly.

Lead and participate in privacy-related committees (e.g., Data Governance Committee), address and evaluate emerging risks, and serve as an expert resource. Review and advise on legal agreements regarding the collection, protection, de-identification, transfer, and use of regulated and/or sensitive data, offering guidance on methods to minimize privacy compliance risk.

Develop and manage procedures for vetting and auditing vendors for compliance with the privacy and data security policies and legal requirements. Participate in the implementation and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all privacy concerns, requirements and responsibilities are addressed.

Lead the privacy incident and breach response processes including performing prompt and timely investigation in partnership with appropriate stakeholders, including Information Security, Legal and Clinical Risk Management. Conduct root cause analysis, corrective action plans and reporting obligations. Serves as liaison with federal and state oversight agencies. Oversees use of our third-party incident management system (RADAR).

Lead the development of privacy policies, procedures, training materials and other communications to increase employee understanding of company privacy policies, data handling practices and legal obligations. Develop strategic role-based privacy training course content for target audience(s) as identified through Privacy audits, reviews and risk assessments.

Work cross-functionally to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms and information notices and materials reflecting current organization and legal practices and requirements.

Work with all company personnel involved with the release of protected information to ensure coordination with the organization’s policies, procedures and legal requirements. Oversee the framework and procedures to facilitate individual requests for release or disclosure of personal and/or protected information.

Manages the organization’s records retention, storage and destruction program.

Periodically revise the privacy and data protection program to address changes in laws, regulations or company policy. Coordinate with the appropriate regulating bodies to ensure that programs, policies and procedures involving civil rights, civil liberties and privacy considerations are addressed in an integrated and comprehensive manner.

Collaborate effectively with representatives of the U.S. Department of Health and Human Service's Office for Civil Rights (OCR), state regulators and/or other legal entities as well as appropriate internal partners and outside counsel during privacy incident response or government-initiated privacy or data security related reviews, audits or investigations.

Work effectively with compliance leaders, information security, legal counsel, and other related parties to represent OCH information privacy interests with external parties (state or local government bodies) that adopt or amend privacy legislation, regulations, or related expectations.

Monitor advancements in emerging technologies, including but not limited to Artificial Intelligence (AI), to ensure that the use of such technologies maximizes value for the organization while complying with applicable privacy and data security obligations.

Lead and/or serve as subject matter expert with privacy due diligence and integration initiatives with new business models and M&A activity.

Build, mentor, and develop a best-in- class privacy team. Manage, hire and retain staff and be accountable for the performance of the team.

Supervisory Responsibilities

Does this position have supervisory responsibilities?

(i.e. hiring, recommending/approving promotions and pay increases, scheduling, performance reviews, discipline, etc.)

No

Yes

Basic Education and/or Experience Requirements

At least 12 years of professional experience in privacy, data protection or related experience required. Professionally licensed or certified as an attorney or privacy professional.

Bachelor’s degree in business, health care administration or relevant field required.

Proven experience designing and operating healthcare related privacy programs, including expertise with HIPAA.

Beyond HIPAA, demonstrated current working knowledge of other relevant and emerging privacy and data protection laws and regulation, including but not limited to, TCPA.

Knowledge of data processing operations within healthcare. Familiarity with computer security system infrastructure.

Demonstrated expertise acting as a representative of the company and interacting with senior level management, board members, and federal and state regulators on compliance and privacy matters.

Experience at a fast-paced company, and successful management of projects.

Experienced and supportive people leader to manage, develop and mentor teams and work cross-functionally with other key stakeholders.

Basic Qualifications

Ethical, with the ability to handle confidential information, remain impartial and report noncompliance.

Experience as a privacy leader with knowledge of privacy protection laws and data breach laws and their history.

High level of integrity, confidentiality and dependability with a strong sense of urgency and results-orientation.

Expertise in evaluating information to determine compliance with standards, laws, regulations and advisory guidance with proven ability to plan and execute responsive actions.

Excellent critical thinking and strong analytical skills; experience interpreting a strategic vision into an operational model.

Clearly understand business priorities and objectives and focus efforts to achieve practical and effective solutions.

Excellent communication (written and verbal) and presentation skills, with the ability to present information and clearly articulate risks tailored to audiences from front line staff, clinicians to executive leadership team.

Proven ability to lead, motivate, influence and guide cross functional teams and direct reports; gains consensus and commitments from others; is viewed as a trusted advisor.

Fosters a culture of belonging that enables everyone to contribute to their full potential in pursuit of organizational objectives.

Experience supporting leadership with development of annual workplans, budgets and resource planning and reporting.

Proven experience managing third parties, including outside counsel and other vendor partners, and corresponding with regulatory agencies, law enforcement, patients or business partners.

Strong interpersonal skills.

Demonstrates a commitment to Option Care Health’s vision, mission and values.

Physical Demand Requirements

Ability to sit and work on a computer for extended periods of time.

Travel Requirements: (if required)

Willing to travel up to 10% of the time for business purposes (within state and out of state).

Preferred Qualifications & Interests (PQIs)

One or more of the following privacy or data protection related certification is preferred: CIPP, CIPM, HCISPP, CDP or CHPC.

Preference for direct experience in home infusion services, pharmacy, provider settings and/or nursing.

Experience with privacy incident management tools, such as RADAR or other governance, risk and compliance (GRC) software.

Due to state pay transparency laws, the full range for the position is below:

Salary to be determined by the applicant's education, experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data.

Pay Range is $180,599.08-$301,005.81

Benefits:

-401k

-Dental Insurance

-Disability Insurance

-Health Insurance

-Life Insurance

-Paid Time off

-Vision Insurance

_Option Care Health subscribes to a policy of equal employment opportunity, making employment available without regard to race, color, religion, national origin, citizenship status according to the Immigration Reform and Control Act of 1986, sex, sexual orientation, gender identity, age, disability, veteran status, or genetic information._

​

For over 40 years, Option Care Health has provided adult and pediatric patients with an alternative to hospital infusion therapy. With more than 2,900 clinical experts, Option Care Health is able to provide high-quality infusion services for nearly all patients with acute and chronic conditions across the United States, resulting in high quality outcomes at a significantly reduced cost. Option Care Health has more than 70 infusion pharmacies and 100 alternate treatment sites. We are guided by our purpose to provide extraordinary care that changes lives through a comprehensive approach to care along every step of the infusion therapy process including: intake coordination, insurance authorization, resources for financial assistance, education and customized treatments.