Title: Privacy Officer
Organization: The Massachusetts Department of Public Health
Brief Summary of Position:
The Massachusetts Department of Public Health (DPH) is seeking a self-motivated and strategic professional to oversee the ongoing re-engineering of the agency’s business processes to encourage an emphasis on data protection/security, and to factor data privacy into its long-term planning efforts including the day-to-day business practices. The incumbent will be responsible for regularly assessing the agency’s compliance with state and federal privacy law, including HIPAA and the Massachusetts Fair Information Practices Act, and with the agency’s Confidentiality Policy and Procedures. Additionally, the Privacy Officer will develop and implements appropriate remediation steps if those assessments determine that such steps are necessary.
This position works closely with the Information Security Officer, the Director and attorneys in the Privacy and Data Compliance Office, and the Executive Office of Health and Human Services (EOHHS). This role is one of a data strategist, adviser, and risk manager as well as a steward for protection of confidential information. The ideal candidate should possess a combination of business knowledge, technical skills, people skills, and the ability to guide data strategy and control standards. The Privacy Officer will report directly to the First Deputy General Counsel/Director of the Privacy and Compliance Office.
Duties and Responsibilities:
- Develop and maintain a compliance program with state and federal privacy law as well as the agency’s Confidentiality Policy and Procedures.
- Participate in risk management activities, including conducting analyses of current practices (program audits), and reporting level of compliance to senior agency management.
- Draft and maintain agency-wide policies and procedures to ensure the workforce uses and accesses only the minimum necessary data and discloses the data within legal authority.
- Maintain data privacy, enforcing specific privacy requirements as it relates to agency mandates, HIPAA and other legal requirements.
- Collaborate with agency staff including IT, Legal, Institutional Review Board (IRB), Human Resources, and other EOHHS agencies in fostering information privacy awareness relevant to all programs and services.
- Develop and oversee the implementation of corrective action plans that result from auditing and monitoring activities.
- Design and implement training of agency staff on privacy issues.
Provide ongoing assessment of programs and services to ensure that the agency discloses to contractors only the minimum amount of data necessary to perform the contracted functions.
- Serve as an external relations point of contact for other state and federal entities, as well as individuals who wish to exercise their administrative rights under state and federal law.
- Knowledge of the principles and practices of management including business writing, strategy, organizing, collaboration, and decision making.
- General understanding of HIPAA, state and federal guidelines regarding privacy, and concepts of healthcare privacy laws/standards.
- Excellent written and oral communication skills, with demonstrated ability to distill and translate complex concepts into actionable information for a variety of audiences.
- Experience working in the healthcare field or other highly regulated environment.
- Experience implementing compliance requirements in a matrixed environment utilizing complex information systems.
- Comfortable in effectively presenting information one-on-one and in large groups.
Leadership skills and ability to coordinate and influence cross-functional teams.
- Proven record of success in project management, with a particular focus on strategic planning.
- Competence in resolving problems/conflicts in a diplomatic and tactful manner; exercising discretion in handling confidential information.
- Proficient usage of Microsoft Office products including Word, Excel, PowerPoint and Outlook.
- Technically savvy utilizing a variety of electronic data platforms.
To view full job posting or to apply please, click here