Director, Privacy

About The Position

Requirements

• Ability to manage, prioritize and multi-task various responsibilities.
• Strong technical skills in Microsoft Office Suite, compliance/legal tracking, and research systems (e.g., Ethico, HealthStream, etc.).
• Detail-oriented, ability to handle complex problems, maintain a high level of confidentiality, and requires minimal direction and work within a team environment.
• In-depth knowledge of U.S. privacy laws and regulations required.
• Strong analytical, problem-solving, and organizational skills.
• Excellent communication and interpersonal skills with the ability to influence across levels.
• Minimum of 7 years of experience in privacy, with at least 3 years in a leadership role.
• Certified Healthcare Privacy Compliance (CHPC) or equivalent certification required.
• Up to 20% travel, at a minimum, is required.

Nice To Haves

• Juris Doctor a plus; certifications in the health care field and experience can be substituted for educational requirements.

Responsibilities

• Develop, implement, and maintain comprehensive privacy policies and procedures.
• Ensure compliance with HIPAA, HITECH, and other applicable privacy laws and regulations.
• Oversee the response to privacy incidents and breaches, including investigation, mitigation, and notification for OneOncology owned and affiliated practices.
• Serve as the primary point of contact for privacy-related inquiries and complaints from patients, employees, and regulatory bodies.
• Conduct regular privacy risk assessments and audits to identify and mitigate potential vulnerabilities.
• Design and deliver privacy training programs for staff across all departments.
• Collaborate with legal, information security, and other departments to ensure aligned and integrated privacy practices.
• Monitor regulatory developments and industry best practices to proactively update the privacy program.
• Maintain documentation of the organization's privacy practices and decisions.
• Report regularly to executive leadership on the status of the privacy program and significant risks.
• Collaborate with the information security team to ensure the enterprise is compliant with applicable data protection regulations.
• Monitor evolving privacy laws and advise leadership on potential impact.
• Lead organizational readiness and responses to new privacy regulations.
• Coordinate and support audits, regulatory inquiries, and investigations.
• Identify, document, and mitigate privacy risks across business units.
• Maintain incident response protocols and coordinate with legal and security teams on breach investigations and notifications.
• Develop and deliver privacy training and awareness programs for employees and stakeholders.
• Promote a privacy-aware culture across the organization.
• Partner with product, engineering, and security teams to ensure privacy is built into the design and development of products and services.
• Serve as the main point of contact for internal and external privacy-related queries.
• Oversee data subject rights processes for responding to access requests (DSARs) and other rights under privacy laws.
• Oversee vendor approval process and ensure adherence to data protection and privacy compliance.
• Conduct vendor assessments to ensure adherence to applicable data protection regulations.
• Collaborate with information security to assess and ensure appropriate data exchange, access controls, and responsible access and use of systems and data (e.g., AI).
• Assist on other duties as assigned to further develop the privacy program and meet organizational goals.