Chief Privacy Officer

Mass General Brigham

Somerville, MA
Permanent
Full-time

1 month ago

The Chief Privacy Officer is responsible for the Mass General Brigham system-wide privacy strategy and comprehensive privacy program, including all service lines and business units. The position is responsible for the a) planning, design, development, implementation and monitoring of the MGB privacy program and related MGB policies, b) investigation and tracking of incidents and breaches, and insuring patients' rights in compliance with federal and state laws, c) identifying risk within the system and influencing the outcomes across the organization to ensure a compliant privacy program, and d) provide regular reporting to external regulatory bodies, including the Office for Civil Rights, the Mass DPH and Attorneys General, as well as prepare and provide reporting to internal leadership and associated committees and boards.Responsibilities:Oversight and Governance· Build a strategic and comprehensive privacy program that defines, develops, and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of protected health information (PHI), paper and/or electronic, across all media types.

Lead all privacy investigations of alleged privacy violations and internal investigations of major privacy events and breaches, partnering with legal services and other relevant groups, services, and key stakeholders. Oversee, document, and ensures privacy incidents are resolved to ensure risk management for the organization. Responsible for:

o Breach risk assessment, documentation, and mitigation.o Required breach determination and notification processes performed in accordance with HIPAA/HITECH and any other state and federal breach rules as necessary.

Leads the development, implementation, and evaluation of privacy policies. Provides consultation services, guidance, and ongoing education to various stakeholders across the enterprise on privacy issues. Monitors and disseminates pertinent new laws and regulations as they pertain to privacy compliance matters, leveraging resources to ensure implementation for privacy compliance.

Collaboration

Collaborates with Government Relations to ensure Mass General Brigham values and interests related to information privacy/security are adequately represented during Federal and State rulemaking periods.
Works closely with the Cybersecurity Team and Information Security to ensure implementation of appropriate privacy and security safeguards. Collaborates with the information security officer to ensure alignment between security and privacy compliance programs including policies, practices, and investigations.
Consults with Office of General Counsel (OGC) to advise on existing international privacy and data protection issues and works closely with stakeholders to appropriately manage and mitigate risks related to new and emerging legislation.
Works directly with the Health Information Management (HIM) Director and other applicable Mass General Brigham units in overseeing patient rights to access their protected health information when appr
Work together with Human Resources to ensure consistent application of sanctions for privacy violations.
Collaborates with Research Compliance to advise on structure for use and disclosure of PHI for research that is HIPAA compliant. Reviews and advises on risk and recommends solutions for enterprise-wide research and data use and disclosure initiatives as appropriate.
· Serves as information privacy resource for all privacy related issues across MGB including but not limited to Innovation, Research, Occupational Health, Human Resources, and the Health Plan.

Functional Requirements and Compliance

Investigation of all privacy complaints, restriction requests and accounting of disclosure requests.
Oversees proactive auditing and monitoring program for incidents and patterns of unauthorized access and/or disclosure of protected health information. Establishes an ongoing process to track, investigate and report inappropriate access and disclosures.
Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation, and remediation. Conducts related ongoing compliance monitoring activities in coordination with other compliance and operational assessment functions.
Analyzes reports, data, and metrics to identify risk trends and to provide periodic reports to management and governance regarding the progress of the organization with enterprise-wide compliance related to the privacy regulations.
Oversees, develops, and assures compliance with ongoing workforce privacy training. Initiates, facilitates, and promotes activities to foster information privacy awareness within Mass General Brigham.
Participates in ongoing compliance monitoring of business associates and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
Ensures all required privacy related materials and documentation is up to date including enterprise-wide authorization forms, consents, policies, standards, procedures and notice of privacy practices.

Qualifications

Bachelor’s Degree required. Advanced degree preferred.
A minimum of 8-10 years of experience administering and overseeing privacy programs in a wide range of highly diverse environments including acute care, ambulatory, academic medical center strategic business units or health plans.
Minimum of eight (8) years progressive management experience in health care operations, health information management, regulatory compliance, risk management, law, or similar field required.
Recommended certification in health care privacy and security from AHIMA, HCCA or approved equivalent.
Extensive experience interacting with regulatory and accreditation authorities and a demonstrated history of successfully responding to investigations/inquiries from the Office for Civil Rights, Joint Commission, URAC/NCQA, MA state agencies and CMS among others.

Mass General Brigham

Apply Now