HIPAA Privacy Officer
Fresenius Medical Care · Waltham, MA · 1 wk ago
Finance$97k–$163k/yrFull-time
PRINCIPAL DUTIES AND RESPONSIBILITIES
- Serves as the enterprise HIPAA Privacy Officer for U.S. operations, responsible for interpretation, application, and oversight of HIPAA Privacy Rule requirements across the organization.
- Provides day-to-day guidance and subject matter expertise on HIPAA compliance across operational changes, initiatives, and projects of varying size and complexity.
- Advises business, clinical, and IT teams on appropriate handling, use, and disclosure of PHI, including identification and mitigation of privacy risks.
- PARTNERS CLOSELY WITH GOVERNANCE, RISK & COMPLIANCE (GRC)
- Develop and maintain Privacy Policies, standards, and procedures that meet HIPAA requirements
- Ensure HIPAA controls are defined, implemented, and monitored
- Align privacy requirements with broader regulatory and control frameworks
- SUPPORT REVIEWS OF THIRD PARTY VENDORS FOR COMPLIANCE WITH HIPAA
- SUPPORT AUDITS, ASSESSMENTS, AND REGULATORY INQUIRIES
- COLLABORATES WITH CYBER & PRIVACY OPERATIONS DURING PRIVACY INCIDENTS TO:
- SUPPORT BREACH ASSESSMENT AND RISK ANALYSIS
- ENSURE TIMELY ESCALATION, CONTAINMENT, AND NOTIFICATION DECISIONS
- CONTRIBUTE TO POST-INCIDENT REMEDIATION AND CONTINUOUS IMPROVEMENT EFFORTS
- DEVELOP STANDARD OPERATING PROCEDURES (SOPs)
- DEVELOP AND DELIVER TRAINING ON PHI POLICIES AND PROCEDURES
- WORKS IN CLOSE PARTNERSHIP WITH U.S. PRIVACY LEGAL COUNSEL TO:
- AUDIT REGULATORY REQUIREMENTS AND ENFORCEMENT EXPECTATIONS
- SERVE AS PRIMARY POINT OF CONTACT FOR PRIVACY COMPLAINTS, INVESTIGATIONS, BREACH RISK ASSESSMENTS, AND REGULATORY INQUIRIES
- ENSURE ALIGNMENT OF OPERATIONAL PRACTICES WITH LEGAL OBLIGATIONS
- SUPPORT DEVELOPMENT AND MAINTENANCE OF PRIVACY POLICIES AND NOTICES
- REVIEWS AND PROVIDES INPUT ON PROJECT DESIGNS, SYSTEM IMPLEMENTATIONS, WORKFLOWS, AND PROCESS CHANGES TO ENSURE ALIGNMENT WITH HIPAA AND ORGANIZATIONAL PRIVACY REQUIREMENTS.
- DRIVES THE INTEGRATION OF PRIVACY-BY-DESIGN PRINCIPLES INTO CLINIC OPERATIONS AND ENTERPRISE PROCESSES, ENSURING SUSTAINABLE AND SCALABLE COMPLIANCE.
- MANTAINS DOCUMENTATION REQUIRED TO DEMONSTRATE HIPAA COMPLIANCE, INCLUDING OVERSEEING REQUESTS FOR ACCESS, AMENDMENTS, RESTRICTIONS, AND CONFIDENTIAL COMMUNICATIONS FOR PATIENT MEDICAL RECORDS; AND ENSURING TIMELY RESPONSE AND APPROPRIATE DENIALS AND APPROVALS.
- DEVELOPS PRACTICAL, SCALABLE SELF-SERVICE TOOLS, TEMPLATES, AND GUIDANCE TO ENABLE TEAMS TO INDEPENDENTLY ADDRESS ROUTINE PRIVACY REQUIREMENTS.
- PARTNERS WITH CLINICAL AND OPERATIONAL LEADERS TO ENSURE HIPAA REQUIREMENTS ARE CONSISTENTLY AND EFFECTIVELY EXECUTED IN DAY-DAY CLINIC AND PHYSICIAN PRACTICE’S OPERATIONS.
- SUPPORTS AWARENESS AND TRAINING EFFORTS TO PROMOTE UNDERSTANDING OF PRIVACY RESPONSIBILITIES ACROSS WORKFORCE MEMBERS.
- PARTICIPATES IN INTERNAL AND EXTERNAL MEETINGS, INCLUDING REGULATORY, AUDIT, AND COMPLIANCE FORUMS, REPRESENTING THE ORGANIZATION’S HIPAA PRIVACY POSTURE.