Director-Privacy Officer and Health Information Protection

General Summary

Oversees all activities related to the development, implementation, and maintenance of the privacy program for WellSpan Health (WSH) in accordance with applicable federal and state laws, and in coordination with health system leadership and legal counsel. Proactively anticipates and directs program changes to support continued compliance with privacy, confidentiality, and information security-related laws, regulations, and WSH policies and objectives. Serves as the designated Privacy Officer for WSH.

Essential Functions:

• Provides direct supervision of the Regional Privacy Officers, Privacy/Security Analysts, Manager-Release of Information, and the Administrative Secretary.
• Provides subject matter expertise and guidance in the identification, implementation, and maintenance of WSH information governance, privacy, and confidentiality policies and procedures in coordination with the Privacy and Security Steering Committee, WellSpan leadership, and legal counsel.
• Serves as Chairperson of the Health Information Protection Steering Committee, assuring commitment to the established goals and objectives of that committee. Develops and when requested presents committee reports and data to the Audit and Compliance Committee of the Board.
• Maintains current knowledge of industry standards and monitors the information governance, privacy, and information security landscape to support best practices with the evolving information governance and data protection landscape.
• Collaborates with the Information Security Officer to ensure alignment between security and privacy compliance programs including policies, practices, investigations, and acts as a liaison in regards to privacy to WSH departments including compliance, information technology, and others as appropriate.
• Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation, remediation, and collaborates with the Information Security Officer in regards to any security risk assessments as appropriate.
• Establishes, with the Information Security Officer, an ongoing process to track, investigate, and report inappropriate access and disclosure of Patient Health Information (PHI). Monitors patterns of inappropriate access and/or disclosure of PHI.
• Provides management oversight of required breach determination and notification processes under federal and applicable State breach rules and requirements.
• Develops and oversees a comprehensive education, training, and awareness program that meets the needs of a diverse workforce, and encourages a culture that clearly understands the importance of maintaining the privacy and security of WSH PHI.
• Cooperates with the Office for Civil Rights and/or other investigative agencies in coordination with WSH leadership in responding to external compliance reviews or investigations.
• Participates in the development, implementation and ongoing compliance monitoring of all business associates and business associate agreements, to ensure that all privacy concerns, requirements, and responsibilities are addressed. - Serves as privacy and health information management subject expert to WSH management and staff. - Provides oversight for EMR Access Management for non-WSH clinical users and others as appropriate.

Travel Requirements:

• Estimated Amount: 5% - Travel within assigned region.

Qualifications

Minimum Education:

• Bachelors Degree In a related field. Required
• Masters Degree In a related field. Preferred

Work Experience:

• 3 years In Health Information Management or Privacy related areas/experience in an integrated health system setting. Required

Licenses:

• Certified Information Privacy Professional within 3 years Required or
• Certified Information Privacy Manager (CIPM) within 3 years Required or
• Certified Information Systems Security Professional (CISSP) within 3 years Required

Knowledge, Skills, and Abilities:

• Excellent interpersonal and written communication skills.