Chief Privacy Officer
Mass General Brigham
- Somerville, MA
- Permanent
- Full-time
- Lead all privacy investigations of alleged privacy violations and internal investigations of major privacy events and breaches, partnering with legal services and other relevant groups, services, and key stakeholders. Oversee, document, and ensures privacy incidents are resolved to ensure risk management for the organization. Responsible for:
- Leads the development, implementation, and evaluation of privacy policies. Provides consultation services, guidance, and ongoing education to various stakeholders across the enterprise on privacy issues. Monitors and disseminates pertinent new laws and regulations as they pertain to privacy compliance matters, leveraging resources to ensure implementation for privacy compliance.
- Collaborates with Government Relations to ensure Mass General Brigham values and interests related to information privacy/security are adequately represented during Federal and State rulemaking periods.
- Works closely with the Cybersecurity Team and Information Security to ensure implementation of appropriate privacy and security safeguards. Collaborates with the information security officer to ensure alignment between security and privacy compliance programs including policies, practices, and investigations.
- Consults with Office of General Counsel (OGC) to advise on existing international privacy and data protection issues and works closely with stakeholders to appropriately manage and mitigate risks related to new and emerging legislation.
- Works directly with the Health Information Management (HIM) Director and other applicable Mass General Brigham units in overseeing patient rights to access their protected health information when appr
- Work together with Human Resources to ensure consistent application of sanctions for privacy violations.
- Collaborates with Research Compliance to advise on structure for use and disclosure of PHI for research that is HIPAA compliant. Reviews and advises on risk and recommends solutions for enterprise-wide research and data use and disclosure initiatives as appropriate.
- · Serves as information privacy resource for all privacy related issues across MGB including but not limited to Innovation, Research, Occupational Health, Human Resources, and the Health Plan.
- Investigation of all privacy complaints, restriction requests and accounting of disclosure requests.
- Oversees proactive auditing and monitoring program for incidents and patterns of unauthorized access and/or disclosure of protected health information. Establishes an ongoing process to track, investigate and report inappropriate access and disclosures.
- Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation, and remediation. Conducts related ongoing compliance monitoring activities in coordination with other compliance and operational assessment functions.
- Analyzes reports, data, and metrics to identify risk trends and to provide periodic reports to management and governance regarding the progress of the organization with enterprise-wide compliance related to the privacy regulations.
- Oversees, develops, and assures compliance with ongoing workforce privacy training. Initiates, facilitates, and promotes activities to foster information privacy awareness within Mass General Brigham.
- Participates in ongoing compliance monitoring of business associates and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
- Ensures all required privacy related materials and documentation is up to date including enterprise-wide authorization forms, consents, policies, standards, procedures and notice of privacy practices.
- Bachelor’s Degree required. Advanced degree preferred.
- A minimum of 8-10 years of experience administering and overseeing privacy programs in a wide range of highly diverse environments including acute care, ambulatory, academic medical center strategic business units or health plans.
- Minimum of eight (8) years progressive management experience in health care operations, health information management, regulatory compliance, risk management, law, or similar field required.
- Recommended certification in health care privacy and security from AHIMA, HCCA or approved equivalent.
- Extensive experience interacting with regulatory and accreditation authorities and a demonstrated history of successfully responding to investigations/inquiries from the Office for Civil Rights, Joint Commission, URAC/NCQA, MA state agencies and CMS among others.