Chief Privacy Officer
Mass General Brigham
Somerville, MA
See who Mass General Brigham has hired for this role
The Chief Privacy Officer is responsible for the Mass General Brigham system-wide privacy strategy and comprehensive privacy program, including all service lines and business units.The position is responsible for the a) planning, design, development, implementation and monitoring of the MGB privacy program and related MGB policies, b) investigation and tracking of incidents and breaches, and insuring patients' rights in compliance with federal and state laws, c) identifying risk within the system and influencing the outcomes across the organization to ensure a compliant privacy program, and d) provide regular reporting to external regulatory bodies, including the Office for Civil Rights, the Mass DPH and Attorneys General, as well as prepare and provide reporting to internal leadership and associated committees and boards.
Responsibilities
Oversight and Governance
MA-Somerville-MGB Assembly Row
Work Locations
MGB Assembly Row
Job
Medical Records/Coding/HIM - Management
Organization
Mass General Brigham
Schedule
Full-time
Standard Hours
40
Shift
Day Job
Employee Status
Regular
Recruiting Department
MGB Compliance
Job Posting
May 24, 2024
Responsibilities
Oversight and Governance
- Build a strategic and comprehensive privacy program that defines, develops, and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of protected health information (PHI), paper and/or electronic, across all media types.
- Lead all privacy investigations of alleged privacy violations and internal investigations of major privacy events and breaches, partnering with legal services and other relevant groups, services, and key stakeholders. Oversee, document, and ensures privacy incidents are resolved to ensure risk management for the organization. Responsible for:
- Breach risk assessment, documentation, and mitigation.
- Required breach determination and notification processes performed in accordance with HIPAA/HITECH and any other state and federal breach rules as necessary.
- Leads the development, implementation, and evaluation of privacy policies. Provides consultation services, guidance, and ongoing education to various stakeholders across the enterprise on privacy issues.Monitors and disseminates pertinent new laws and regulations as they pertain to privacy compliance matters, leveraging resources to ensure implementation for privacy compliance.
- Collaborates with Government Relations to ensure Mass General Brigham values and interests related to information privacy/security are adequately represented during Federal and State rulemaking periods.
- Works closely with the Cybersecurity Team and Information Security to ensure implementation of appropriate privacy and security safeguards.Collaborates with the information security officer to ensure alignment between security and privacy compliance programs including policies, practices, and investigations.
- Consults with Office of General Counsel (OGC) to advise on existing international privacy and data protection issues and works closely with stakeholders to appropriately manage and mitigate risks related to new and emerging legislation.
- Works directly with the Health Information Management (HIM) Director and other applicable Mass General Brigham units in overseeing patient rights to access their protected health information when appr
- Work together with Human Resources to ensure consistent application of sanctions for privacy violations.
- Collaborates with Research Compliance to advise on structure for use and disclosure of PHI for research that is HIPAA compliant. Reviews and advises on risk and recommends solutions for enterprise-wide research and data use and disclosure initiatives as appropriate.
- Serves as information privacy resource for all privacy related issues across MGB including but not limited to Innovation, Research, Occupational Health, Human Resources, and the Health Plan.
- Investigation of all privacy complaints, restriction requests and accounting of disclosure requests.
- Oversees proactive auditing and monitoring program for incidents and patterns of unauthorized access and/or disclosure of protected health information. Establishes an ongoing process to track, investigate and report inappropriate access and disclosures.
- Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation, and remediation. Conducts related ongoing compliance monitoring activities in coordination with other compliance and operational assessment functions.
- Analyzes reports, data, and metrics to identify risk trends and to provide periodic reports to management and governance regarding the progress of the organization with enterprise-wide compliance related to the privacy regulations.
- Oversees, develops, and assures compliance with ongoing workforce privacy training.Initiates, facilitates, and promotes activities to foster information privacy awareness within Mass General Brigham.
- Participates in ongoing compliance monitoring of business associates and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
- Ensures all required privacy related materials and documentation is up to date including enterprise-wide authorization forms, consents, policies, standards, procedures and notice of privacy practices.
- Bachelor’s Degree required. Advanced degree preferred.
- A minimum of 8-10 years of experience administering and overseeing privacy programs in a wide range of highly diverse environments including acute care, ambulatory, academic medical center strategic business units or health plans.
- Minimum of eight (8) years progressive management experience in health care operations, health information management, regulatory compliance, risk management, law, or similar field required.
- Recommended certification in health care privacy and security from AHIMA, HCCA or approved equivalent.
- Extensive experience interacting with regulatory and accreditation authorities and a demonstrated history of successfully responding to investigations/inquiries from the Office for Civil Rights, Joint Commission, URAC/NCQA, MA state agencies and CMS among others.
MA-Somerville-MGB Assembly Row
Work Locations
MGB Assembly Row
Job
Medical Records/Coding/HIM - Management
Organization
Mass General Brigham
Schedule
Full-time
Standard Hours
40
Shift
Day Job
Employee Status
Regular
Recruiting Department
MGB Compliance
Job Posting
May 24, 2024
-
Seniority level
Executive -
Employment type
Full-time -
Job function
Finance and Sales -
Industries
Hospitals and Health Care
Referrals increase your chances of interviewing at Mass General Brigham by 2x
See who you knowGet notified about new Chief Privacy Officer jobs in Somerville, MA.
Sign in to create job alertSimilar jobs
People also viewed
-
Virtual CISO
Virtual CISO
-
Deputy CISO
Deputy CISO
-
Chief Legal Officer
Chief Legal Officer
-
Chief Legal Officer - Prominent Private Real Estate Investor
Chief Legal Officer - Prominent Private Real Estate Investor
-
Deputy Chief Information Security Officer #402
Deputy Chief Information Security Officer #402
-
Threat Hunt - IBM CISO
Threat Hunt - IBM CISO
-
EVP Chief Legal Officer & Corporate Secretary-General Administration
EVP Chief Legal Officer & Corporate Secretary-General Administration
-
CISO Strategy, Program & GRC Intern
CISO Strategy, Program & GRC Intern
-
Chief Information Security Officer
Chief Information Security Officer
-
Deputy Chief Information Security Officer
Deputy Chief Information Security Officer
Looking for a job?
Visit the Career Advice Hub to see tips on interviewing and resume writing.
View Career Advice Hub