Director, Privacy

Job Description
The Director, Privacy and Data Protection is a key system shared services role that is responsible for leading and overseeing UMMS privacy and data protection program development, implementation, and maintenance. This includes facilitating adherence to all relevant UMMS privacy and data protection policies and procedures, as well as privacy and data protection related laws and regulations. The seasoned, innovative leader in this position ensures a transparent, measurable and compliant data management processes and related activities within UMMS. This process reflects thoughtful design to ensure that privacy and data protection is baked into world class patient care and related business operations and includes metrics. This position also directs and develops the organization’s privacy and data protection strategy and work plan and works in coordination with other compliance leaders in a shared services model to inspire others in privacy awareness and to enhance the culture of compliance around privacy and data protection. II. Principal Responsibilities and Tasks The following statements describe the general nature of work performed by the individual assigned to this classification.
This is not an exhaustive list of all job duties. Principal responsibilities of the Director, Privacy and Data Protection include:
Building a strategic and comprehensive privacy and data protection program that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of protected health information (PHI), paper and/or electronic, across all media types.
Ensuring that the UMMS privacy and data protection program includes the privacy components of the Health Insurance Portability and Accountability Act (HIPAA), state privacy laws and regulations, protection of the organization’s proprietary data, employee data privacy as well as other relevant and emerging privacy requirements including but not limited to the General Data Protection Regulation (GDPR).
Ensuring that all privacy and data protection related forms, policies, standards, and procedures within the UMMS organization are up to date.
Working effectively and collaboratively with executive leadership, Information Security, and compliance leaders to establish and maintain effective management and governance for the privacy and data security program.
Collaborating effectively with Information Security and Technology to ensure alignment between information security and privacy and data protection compliance programs including policies, practices, investigations, and acting as the compliance liaison to the UMMS Information Security and Technology Department.
Working effectively with compliance leaders, organization administration, legal counsel, and other related parties to represent UMMS information privacy interests with external parties (state or local government bodies) that adopt or amend privacy legislation, regulations, or related expectations.
• Working effectively with representatives of the U.S. Department of Health and Human Service's Office for Civil Rights (OCR), state regulators and/or other legal entities as well as appropriate internal partners during government initiated privacy or data security related reviews, audits or investigations.
• Building, mentoring, and developing a world class privacy team. Managing, hiring and retaining staff and being accountable for the performance of the team.
• Collaboratively developing and implementing strategic vision and plans for the privacy and data protection program in accordance with best practices; setting long-range direction and making high-level decisions in coordination with leadership; proposing and managing the implementation of complex and significant programmatic change as determined necessary.
• Perform other duties as assigned.