Privacy Officer

Eskenazi Health serves as the public hospital division of the Health & Hospital Corporation of Marion County. Physicians provide a comprehensive range of primary and specialty care services at the 327-bed hospital and outpatient facilities both on and off of the Eskenazi Health downtown campus as well as at 10 Eskenazi Health Center sites located throughout Indianapolis.

Job Role Summary

The Privacy Officer is a member of the Office of Corporate Compliance and reports directly to the Chief Compliance Officer. This position is responsible for privacy matters impacting the organization and works in collaboration with the Chief Information Security Officer. As Privacy Officer, this position oversees HHC/MCPHD’s privacy program, including develop and implementation, maintenance and compliance with information privacy policies and procedures. This position works with various senior leaders, directors, and managers as well as Information Security (“IS”), IT, Human Resources, Finance, Legal and Operations.

Essential Functions and Responsibilities

• Responsible for developing, implementing, monitoring, training, reporting and oversight of the privacy program for HHC/MCPHD. This position works in collaboration with those departments responsible for maintaining privacy and security of medical, proprietary, confidential information consistent with regulatory requirements. The position also collaborates with Human Resources in determining sanctions for noncompliance.
• Leads an organization-wide HIPAA Steering Committee.
• Performs information privacy risk assessments and conducts related ongoing privacy compliance monitoring activities.
• Ensures the organization has and maintains compliant privacy and confidentiality consents, authorization forms, information notices and other materials.
• Provides and/or directs privacy training for employees, volunteers, contractors, business associates and others.
• Reviews, negotiates and monitors business associate agreements, non-disclosure agreements, and data sharing agreements.
• Establishes a mechanism to track access to protected health information and to allow qualified individuals to review or receive a report on such activity.
• Works cooperatively with HIM and others to oversee patient rights to inspect, amend and restrict access to their electronic health record when appropriate.
• Responsible for investigating and responding to privacy complaints.
• Collaborates with Information Security to review HHC/MCPHD/IEMS/Eskenazi Health’s system-related information security plans to ensure alignment and consistency with security and privacy practices.
• Monitors advancements in information privacy technologies to ensure organizational adaptation and compliance.
• Reporting noncompliance to external agencies with assistance and guidance from the chief compliance officer including implementing action necessary to address problems and prevent re-occurrence.
• Monitors and educates on changes in privacy regulations.
• Serves as the subject matter expert for the organization in privacy matters including information blocking

Job Requirements

• Master’s in Health Care Administration, Business, or closely related field
• Juris Doctor from ABA-accredited law school preferred
• Eight years of relevant experience working in health care privacy
• Certification in Health Care Privacy, Information Privacy, or Healthcare Compliance (CHPC, CIPP/US, CIPM, CHC, or equivalent) strongly preferred

Job Type: Full-time

Work Location: In person