• Privacy Director

    St Croix Hospice (Mendota Heights, MN)


    Position Type Full Time

    Description

    Work Where You Matter! At St. Croix Hospice we guide patients and families through the end-of-life journey. Through compassionate care, we focus on our patient’s quality of life, empowering them to make the most of their time with dignity, comfort and respect. If you are ready to be part of an extraordinary team of caregivers, then come work where you matter.

     

    Privacy Director

     

    Position Overview The Privacy Director is responsible for assisting with the development, implementation, and management of St. Croix Hospice’s privacy program. This role ensures that patient privacy and confidentiality are maintained in accordance with all relevant laws, including the Health Insurance Portability and Accountability Act (HIPAA), state-specific privacy regulations, and the organization’s internal privacy policies. The Privacy Director will work closely with the compliance, legal, and IT teams to safeguard sensitive health information and mitigate privacy risks.

     

    The Privacy Director will play a pivotal role in promoting a culture of privacy, accountability, and transparency throughout the organization while ensuring compliance with both federal and state privacy regulations.

     

    Essential Functions and Skills

     

    + Leadership and Strategic Oversight

    + Governance and Advisory

    + Assist with the organization's privacy program and policies, providing guidance and recommendations to the Chief Compliance Officer senior leadership, including the CEO and Board of Directors.

    + Report regularly on privacy risks, trends, breaches, and compliance metrics to the Chief Compliance Officer, Board, and other stakeholders as needed.

    + Collaborate with other departments, including IT, HR, and legal, to ensure privacy practices are embedded throughout the organization.

    + Privacy Program Development and Oversight

    + Assist with the development and implementation, of a comprehensive privacy program that protects patient information, complies with applicable privacy regulations, and addresses emerging privacy risks.

    + Ensure that privacy policies, procedures, and controls are up to date and in compliance with relevant laws, including HIPAA, HITECH, and state-specific regulations.

    + Lead the creation of a privacy governance framework and ensure effective privacy risk management strategies are in place.

    + Privacy Risk Management and Monitoring

    + Risk Assessment and Mitigation

    + Conduct regular privacy risk assessments and audits to identify vulnerabilities in patient data protection practices and develop strategies to mitigate identified risks.

    + Assess privacy-related threats and vulnerabilities, working with IT and other departments to strengthen data security measures and ensure compliance with privacy regulations.

    + Develop and maintain an incident response plan for privacy breaches, ensuring that all potential privacy incidents are addressed promptly and in compliance with regulations.

    + Privacy Auditing and Compliance Monitoring

    + Lead privacy audits and compliance reviews to assess adherence to privacy policies and regulations across the organization.

    + Monitor internal systems and processes to ensure compliance with federal and state privacy laws, including appropriate handling, storage, and disposal of protected health information (PHI).

    + Oversee third-party vendor relationships and ensure that privacy requirements are met through contractual agreements, assessments, and ongoing monitoring.

    + Privacy Training and Awareness

    + Employee Training

    + Develop, implement, and oversee a comprehensive privacy training program for all employees to ensure they understand their role in protecting patient privacy and complying with applicable laws.

    + Ensure that training is updated regularly to reflect changes in privacy regulations, organizational policies, and emerging threats to privacy.

    + Provide guidance to leadership and employees regarding privacy-related best practices and the handling of PHI.

    + Privacy Culture

    + Foster a culture of privacy within the organization by promoting awareness and accountability for privacy-related matters at all levels of the organization.

    + Promote privacy as a core value within the organization, helping to ensure patient trust and safeguarding sensitive information.

    + Privacy Incident Response and Breach Management

    + Breach Management and Reporting

    + Assist with the identification, investigation, and management of privacy incidents or breaches, ensuring prompt reporting to regulatory authorities as

    + required by law. o Work with internal teams, including IT, legal, and communications, to manage breach notifications and communicate effectively with impacted individuals in compliance with applicable laws.

    + Conduct root cause analysis for privacy breaches and recommend corrective actions to prevent recurrence.

    + Regulatory Compliance and Reporting

    + Regulatory Compliance

    + Stay abreast of changes in privacy laws, regulations, and industry standards to ensure ongoing compliance with all applicable privacy requirements, including HIPAA, HITECH, and state privacy laws.

    + Lead efforts to prepare for external audits and regulatory reviews, ensuring that the organization is fully compliant with privacy regulations.

    + External Communication and Reporting

    + Serve as the primary point of contact with regulatory agencies, including the Department of Health and Human Services (HHS), Office for Civil Rights (OCR), and state health departments regarding privacy matters.

    + Assist with the timely and accurate submission of required privacy-related reports and disclosures to regulatory bodies.

    + Cross-Departmental Collaboration

    + Collaborate with the legal, compliance, IT, and operational teams to implement and refine privacy-related policies and procedures across the organization.

    + Work with IT teams to ensure appropriate data security measures are implemented and maintain alignment with privacy goals.

    + Partner with human resources to ensure that employee records are maintained in compliance with privacy regulations.

     

    Additional Duties • Performs other duties as assigned.

    Qualifications

    Requirements/Qualifications

    + 2+ years of experience in privacy management within the healthcare industry.

    + In-depth knowledge and experience with healthcare privacy laws, including HIPAA, HITECH, and state-specific privacy regulations.

    + Experience working with cross-functional teams, including IT, legal, compliance, and human resources, to develop and enforce privacy policies and practices.

    + At least one of the preferred certifications or the ability to obtain certification within 1 year of employment is required.

    + Additional certifications in healthcare compliance, law, privacy, data security, or information management are a plus.

    + Ability to pass DHS background study.

    Skills:

    + Expertise in healthcare privacy regulations, including HIPAA, HITECH, and state-level privacy laws.

    + Knowledge of emerging privacy risks, trends, and technologies affecting healthcare organizations, including cybersecurity threats, data breaches, and cloud computing.

    + Strategic thinking with the ability to align privacy initiatives with the organization’s business objectives while safeguarding patient privacy.

    + Excellent analytical and problem-solving skills, with the ability to assess complex privacy issues and develop effective solutions.

    + Ability to navigate complex regulatory environments and provide clear guidance on privacy issues.

    + Excellent written and verbal communication skills, with the ability to effectively communicate privacy-related matters to all levels of the organization and external stakeholders.

    + Strong interpersonal skills, with the ability to build relationships and foster a culture of privacy across the organization.

     

    Preferred

     

    + Associate’s degree in Healthcare Administration, Law, Information Security, or a related field.

    + Preferred Certifications:

    + Certified Information Privacy Professional (CIPP),

    + Certified Information Privacy Manager (CIPM)

    + Certified in Healthcare Compliance (CHC)

    + Certified Compliance and Ethics Professional (CCEP)

    + Registered Health Information Technician (RHIT)

     

    Physical Requirements The physical requirements described are representative of those that must be met to successfully perform the essential responsibilities of this position. Reasonable accommodation may be made.

     

    + Prolonged periods sitting at a desk and working on a computer.

    + Pushing/Pulling and Lifting/carrying up to 10 pounds.

     

    The annual salary range for this role is $110,000 - $130,000/annually. An employee’s actual annual salary will be based on but not limited to: geographic location, relevant education, applicable certifications, depth of experience, and special skillsets. The total compensation package for this position may also include the opportunity to participate in employee benefits including our medical/dental/vision/pet insurance, disability and life insurance, paid time off, and 401(k) retirement plans, subject to applicable plan terms, and/or eligibility for other compensation.