• Privacy Director

    Bon Secours Mercy Health (Cincinnati, OH)


    At Bon Secours Mercy Health, we are dedicated to continually improving health care quality, safety and cost effectiveness. Our hospitals, care sites and clinicians are recognized for clinical and operational excellence.

     

    PRIVACY DIRECTOR | Work From Home/Remote

    WFH/Remote anywhere in the US (Eastern/Central Time Zone Preferred)

    *We operate in the Eastern Time Zone*

     

    Reports to: System Director, Compliance - Privacy

     

    \# of Direct Reports: 2

     

    Primary Function/General Purpose of Position

     

    As directed by the System Director, Compliance, oversees all ongoing activities across defined service areas within the group related to the development, implementation, maintenance of, and adherence to the organization's policies and procedures covering the privacy of, disclosure of and access to, patient Protected Health Information (PHI) in compliance with federal and state laws and the healthcare organization's information privacy practices.

    Essential Job Functions

    + Assists in building a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and procedures that enable consistent, effective privacy practices. Such practices shall minimize risk and ensure the confidentiality of PHI as well as ensure privacy forms, notices, policies, standards and procedures are current.

    + Collaborates with IT Security Directors and Information Services Directors, or their designee, to ensure alignment between security and privacy programs including policies, practices and investigations.

    + Collaborates with IT, Security, Legal, and Business partners for privacy impact assessments and incident response.

    + Guide business in assessing and mitigating privacy risks by providing recommendations and controls for AI, machine learning, and digital health technologies.

    + Develop and enhance formal processes for privacy risk assessments with vendors, contractors, and business associates, including data management and data destruction.

    + Public-facing responsibilities such as supporting responses to consumer, government, and media inquiries about privacy incidents or policies.

    + Regularly benchmark privacy program maturity against industry standards

    + Conducts ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.

    + Reviews role-based access controls; conducts and oversees audits of access to PHI; recommends appropriate action necessary as a result of audit activities.

    + Takes a lead role to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organization and legal practices and requirements.

    + Conducts Risk Assessments to identify, evaluate, and mitigate potential threats to PHI.

    + Oversees, develops and delivers advanced privacy training modules, including scenario-based learning and regular refreshers. Participates in the development, implementation and ongoing compliance monitoring of business associates and business associate agreements to ensure all privacy concerns, requirements and responsibilities are addressed.

    + Establishes, with management and operations, a mechanism to track access to PHI, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.

    + Contributes to the establishment and administration of a process for receiving, documenting, tracking, investigating, and taking action on all types of complaints concerning the organization's privacy policies and procedures in coordination and collaboration with other Directors, managers of other functional areas, and when appropriate, risk managers and legal counsel.

    + Provides leadership, support and supervision to Privacy program staff in performing day to day privacy-related functions.

     

    Licensing/Certification

     

    Certified in Healthcare Privacy Compliance – Health Care Compliance Association (required); or

     

    Certified in Healthcare Compliance - Health Care Compliance Association (required); or

     

    Certified Information Privacy Manager – International Association of Privacy Professionals (required)

    Education

    Bachelors, Healthcare, regulatory, business administration, business ethics (required)

     

    Masters (preferred)

    Work Experience

    6 to 10 years Healthcare Regulatory experience including HIPAA (required)

    Skills** **:

    Hard/Tech/Clinical Skills** **:

    Deep knowledge of Privacy, Security, and Breach Notification Laws

     

    Incident and Breach Response

     

    Research of Regulations

     

    Risk Assessment Skills

     

    Auditing, Monitoring

     

    Investigation Processes & Techniques

     

    Policy Development and Implementation

     

    Education Development and Training

     

    Data Analytics and Reporting

     

    Microsoft Office & CoPilot Proficiency

     

    Familiarity with privacy & compliance applications (e.g., Symplr, Protenus, EPIC)

    Soft/Interpersonal Skills:

    Strategic Leadership

     

    Communication

     

    Collaboration & Stakeholder Management

     

    Problem-Solving

     

    Adaptability

     

    Change Management

     

    Conflict Resolution

     

    Analytical Thinking

     

    Team Development

     

    Integrity in Everything

     

    As a Bon Secours Mercy Health associate, you're part of a Mission that matters. We support your well-being—personally and professionally. Our benefits are built to grow with you and meet your unique needs, every step of the way.

    What we offer

    + Competitive pay, incentives, referral bonuses and 403(b) with employer contributions (when eligible)

    + Medical, dental, vision, prescription coverage, HSA/FSA options, life insurance, mental health resources and discounts

    + Paid time off, parental and FMLA leave, short- and long-term disability, backup care for children and elders

    + Tuition assistance, professional development and continuing education support

     

    _Benefits may vary based on the market and employment status._

     

    All applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, age, genetic information, or protected veteran status, and will not be discriminated against on the basis of disability. If you'd like to view a copy of the affirmative action plan or policy statement for Bon secours Mercy Health – Youngstown, Ohio or Bon Secours – Franklin, Virginia; Petersburg, Virginia; and Emporia, Virginia, which are Affirmative Action and Equal Opportunity Employers, please email [email protected] . If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact The Talent Acquisition Team at [email protected]