HIPAA Privacy Officer

09-Sep-2022

Health Affairs – HIPAA

76370BR

University Job Title

HIPAA Privacy Officer

Bargaining Unit

None – Not included in the union (Yale Union Group)

Compensation Grade

Administration & Operations

Compensation Grade Profile

Senior Manager; Senior Program Leader (27)

Wage Ranges

Click here to see our Wage Ranges

Work Location

Central Campus

Worksite Address

2 Whitney Avenue
New Haven, CT 06510

Work Week

Standard (M-F equal number of hours per day)

Searchable Job Family

Legal and Regulatory Affairs

Total # of hours to be worked:

37.5

Position Focus:

Reporting to the chief privacy officer, the HIPAA privacy officer is charged with collaboratively developing, implementing, and administering a unified HIPAA Privacy and Security compliance program.  The HIPAA privacy officer affects organizational change within the university context of shared governance, mission, and values, and a complex information technology infrastructure and operations.

In collaboration with the chief privacy officer, the HIPAA privacy officer oversees all activities related to the development, implementation, maintenance, and enforcement of the university’s policies and procedures covering the privacy of protected health information (PHI).  The HIPAA privacy officer directs the deputy privacy officers assigned to the School of Medicine, School of Nursing, Yale Health, Benefits Office, Psychology Department clinics and Human Research Protection Program.  The deputy privacy officers have day-to-day responsibility for implementing and enforcing the university’s health information policies and procedures within their assigned areas; the HIPAA privacy officer has overarching institutional responsibility for health information privacy and breach notification compliance.  The HIPAA privacy officer also supervises a small staff responsible for centralized HIPAA compliance activities.  In collaboration with the chief information security officer and the chief privacy officer, the HIPAA privacy officer ensures university security policies and procedures meet HIPAA standards for protecting the confidentiality, integrity and availability of electronic PHI.

Dept/Section URL

https://privacy.yale.edu/

Essential Duties

1. Develops and implements a comprehensive health information privacy program governing university-wide teaching, research and patient-care operations. 2. Manages the HIPAA privacy office staff. Provides oversight and guidance to deputy HIPAA privacy officers and departmental HIPAA contacts to ensure a consistent compliance program across the university. 3. In collaboration with the chief privacy officer, develops university-wide policies, procedures and practices governing the privacy and security of health information through the sophisticated analysis of data, operations, and regulatory requirements. 4. Promotes a culture of respect for patient privacy and HIPAA compliance in alignment with Yale’s teaching, research and patient care missions. 5. Directs the identification, implementation, and maintenance of PHI privacy and breach notification policies and procedures in coordination with senior leaders from the university’s health care and health plan components, the chief privacy officer, and university attorneys. Assesses, benchmarks, and revises policies and procedures related to appropriate access to PHI in accordance with legal standards and industry best practices. 6. Collaborates with strategic partners to assess the security of health-related IT systems, to manage IT-related risk, to ensure regulatory compliance, to align security and privacy practices, and to adapt policies, approaches, and standards to evolving technological challenges. 7. Establishes the parameters and standards for ongoing compliance monitoring activities in coordination with the university’s other compliance and operational assessment functions. 8. Ensures the university’s IRBs’ compliance with HIPAA privacy policies and procedures. 9. Develops and implements a robust privacy and security training and awareness program for diverse university stakeholders, including students, faculty, and medical and professional staff. 10. Analyzes university and industry data to identify incident trends related to risks to the privacy of PHI and develops strategies to manage and mitigate those risks. 11. Drives HIPAA privacy compliance efforts with affiliated entities and entities participating in an Organized Health Care Arrangement with the university. 12. Develops, implements, and monitors business associate agreements to ensure all privacy requirements are addressed. 13. Establishes and administers a process for receiving, documenting, tracking, investigating and acting on complaints concerning the university’s HIPAA privacy practices, in consultation with the chief privacy officer. Ensures HIPAA investigations are conducted in accordance with university disciplinary policies and are documented in keeping with HIPAA record retention requirements. 14. Ensures the consistent application of sanctions for failure to comply with HIPAA privacy policies, in coordination with human resources, the information security officer, the chief privacy officer, and university attorneys. 15. Other tasks as assigned.

Required Education and Experience

Bachelor’s degree and a minimum of 7 years of experience or equivalent combination of education and experience.

Required Skill/Ability 1:

Comprehensive knowledge of (i) health information privacy laws, including HIPAA, HITECH, and OCR guidance; (ii) use of health information in clinical research; and (iii) medical records management, including access, release and tracking techniques.

Required Skill/Ability 2:

Ability to work independently and leverage networks to advance programmatic goals in a decentralized environment.

Required Skill/Ability 3:

Ability to promote privacy compliance across a diverse workforce.

Required Skill/Ability 4:

Excellent leadership, project management, organizational, and communication skills.

Preferred Education, Experience and Skills:

Advanced degree in relevant area such as healthcare, healthcare administration, or law and five years of experience in managing privacy compliance, preferably at an academic medical center, or an equivalent combination of training and experience.

Background Check Requirements

All candidates for employment will be subject to pre-employment background screening for this position, which may include motor vehicle, DOT certification, drug testing and credit checks based on the position description and job requirements. All offers are contingent upon the successful completion of the background check. For additional information on the background check requirements and process visit “Learn about background checks” under the Applicant Support Resources section of Careers on the It’s Your Yale website.

COVID-19 Vaccine Requirement

Thank you for your interest in employment at Yale University. Please also note that the university has a COVID-19 vaccination and booster requirement for all students, staff & faculty which is described in the COVID-19 Vaccine Program. As you search our open positions, you will see that all postings list their on-site addresses which gives more detail on the on-campus work location of the role.

Posting Disclaimer

The intent of this job description is to provide a representative summary of the essential functions that will be required of the position and should not be construed as a declaration of specific duties and responsibilities of the particular position. Employees will be assigned specific job-related duties through their hiring departments.

EEO Statement:

University policy is committed to affirmative action under law in employment of women, minority group members, individuals with disabilities, and protected veterans. Additionally, in accordance with Yale’s Policy Against Discrimination and Harassment, and as delineated by federal and Connecticut law, Yale does not discriminate in admissions, educational programs, or employment against any individual on account of that individual’s sex, sexual orientation, gender identity or expression, race, color, national or ethnic origin, religion, age, disability, status as a special disabled veteran, veteran of the Vietnam era or other covered veteran.

Inquiries concerning Yale’s Policy Against Discrimination and Harassment may be referred to the Office of Institutional Equity and Accessibility (OIEA).

W.L. Harkness Hall, 3rd Floor, Room 303

100 Wall Street, New Haven CT 06511

203-432-0849

equity@yale.edu<mailto:equity@yale.edu>

Note

Yale University is a tobacco-free campus