Support PDF,DOC,DOCX,TXT,XLS,WPD,HTM,HTML fils up to 5MB
Years of Experience
Date Last Verified
ProfileChief Privacy Officer The candidate leads the regulatory and compliance related activities for privacy matters for the organization, including developing policies, processes, and a program covering the privacy of, and access to, protected health information (PHI), personally identifiable information, and sensitive personal data in compliance with US federal and state laws, the EU Privacy Shield and GDPR, PIPEDA, and other relevant international privacy protection laws and regulations. Responsibilities: Building a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of PHI, paper and/or electronic, across all media types. Working with Senior Management, Senior Counsel for Information Security, Chief Information Security Officer, and the Chief Compliance and Ethics Officer to establish governance for the organization’s privacy program covering the requirements of HIPAA, PCI, GLBA, other federal and state, EU and other applicable international privacy protection laws and regulations. Creating and overseeing the implementation of a contractual data rights and data lifecycle program with the applicable business units and sales contracting organizations to ensure the organization has the rights to de-identify and/or aggregate PHI in compliance with customer contracts, HIPAA and other applicable laws. Representing the privacy program with the Compliance Committee of the Board of Directors, including reporting of privacy metrics, investigations, trends, privacy incidents and strategy/recommendations to mitigate privacy risks. Collaborating with the Senior Counsel for Information Security and the Chief Information Security Officer, ensure alignment between security and privacy compliance programs including policies, practices and investigations for security and privacy risks. Collaborating with Public Affairs, and others in Legal & Compliance, represent the organization’s information privacy interests with external parties (federal or state government bodies) which undertake to adopt or amend privacy legislation, regulations, or standards. Assisting the Business Units in assessing and balancing privacy needs and developing practical solutions to help ensure business unit compliance with privacy laws, regulations and standards. Leading the Business Associate Program regarding drafting and negotiating Business Associate Agreements, and participating on customer or vendor calls when necessary to deal with escalated privacy issues in contract negotiations. Managing the organization’s data de-identification program, including the selection and monitoring of external statisticians, and working with compliance and others in Legal & Compliance to establish consistent and compliant de-identification standards, policies and procedures. Leading privacy related due diligence in M&A transactions. Maintaining current knowledge of federal, state and international privacy protection laws and regulations, and monitoring advancements in information privacy technologies to ensure organizational adaptation and compliance . Developing and delivering ongoing privacy training to team members and management. Initiating, facilitating and promoting activities to foster information privacy awareness within the organization and related entities. Serving as information privacy consultant to the Business Unit Attorneys, Business Unit Management and others in Legal & Compliance. Leading the organization’s compliance efforts for the EU Privacy Shield, GDPR, PIPEDA, and other applicable international privacy protection laws and regulations. Establishing and administering a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s privacy program and policies and procedures in coordination and collaboration with other similar functions. Drafting and updating the organization’s website, mobile application and other policies impacting privacy. Ensuring the organization’s privacy program and related privacy forms, policies, processes, standards, and procedures are up-to-date. Leading HIPAA risk assessments in coordination with Senior Counsel for Information Security. Leading regular information privacy risk assessment/analysis, mitigation and remediation efforts in coordination with Senior Counsel for Information Security. Developing metrics and reporting on the effectiveness of the organization’s privacy program. Participating in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed. Performing initial and periodic information privacy risk assessments and conducting related ongoing compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions. Working with Senior Counsel for Information Security, review all system-related information security plans throughout the organization’s network to ensure alignment between security and privacy practices. Leading and executing information lifecycle inventory projects for high risk business processes. Managing, with the Business Unit compliance resources and others in Legal & Compliance, all required breach determination and notification processes under HIPAA and applicable state breach rules and requirements. Leading any compliance reviews or investigations of the organization by the Office of Civil Rights, other federal or state regulators, and other regulatory agencies. Performing required breach risk assessment, documentation, and mitigation; and working with Human Resources to ensure consistent application of sanctions for privacy violations. Leading and responding to client privacy audits and inquiries. Other duties as assigned.
Qualification and Experience
The candidate should have recommended privacy certification such as International Associate of Privacy Professionals (IAPP), Healthcare Privacy and Security (CHPS) and/or other healthcare industry related credential. Juris Doctor Degree from an ABA accredited law school with excellent academic credentials; admission to practice in good standing as a member of a jurisdiction is required. Should have experience and expertise in leading a large and complex organization through transformation from one of a largely independent stand-alone business units to a more fully integrated and strategically aligned organization. Must have 10 years of experience providing legal counsel to clients on complex privacy matters within a large company, not-for-profit organization, law firm, or government agency. Should have experience managing a team of at least 3 plus in-direct staff across multiple geographies. Must have ability to navigate and work across multiple constituents to develop, communicate, and support a company’s short-term and long-term business objectives. Functional and industry experience is required. Should have exceptional business acumen and solid financial skills. A demonstrated track record active as an innovative thought leader and business partner to executives across multiple business units is required. Must understands and utilizes work force analytics. Should have deep knowledge of and experience in HIPAA and other federal, state, and international privacy protection laws and regulations dealing with privacy incidents. Must have expertise in drafting and negotiating Business Associate Agreements. Should have excellent interpersonal skills with an ability to provide sound, clear legal advice to clients. Must be capable of providing clear, balanced advice/counsel on a broad range of strategic and complex healthcare privacy and related policy issues. Organizational savvy and notable business acumen dealing with risk management and compliance is needed.
Requisition Number 18-0697
13010 Morris Road
Alpharetta, GA 30004