Healthcare HIPAA Privacy Office - Director of Privacy Program - Hybrid
Job Summary:
The Director of Privacy Program is responsible for managing the daily operations of the WMC Health Network's Privacy Assurance Program, ensuring consistent execution of privacy initiatives across the organization. This position reports directly to the Deputy Chief Privacy Officer (DCPO), who retains primary oversight of the Privacy Assurance Program. Under the DCPO's direction, the Director carries out operational responsibilities, manages Privacy Team activities, and supports strategic initiatives. The Director serves as a key partner to the DCPO, ensuring that privacy goals are met and that program activities are executed effectively and in alignment with regulatory expectations and organizational priorities.
Responsibilities:
• * Manage daily operations of the Privacy Assurance Program under the direction of the DCPO, including staff supervision and workflow coordination.
• Execute network-wide privacy initiatives in alignment with DCPO directives.
• Maintain and ensure consistent application of privacy policies, HIPAA manuals, and governance documents, ensuring consistent application across the network.
• Collaborate with the DCPO to draft, revise, and update privacy policies, Code of Conduct materials, and related documentation in alignment with evolving regulations.
• Design and deliver privacy training programs for staff, faculty, medical staff, and new employees.
• Promote privacy awareness in accordance with the DCPO's strategic goals.
• Conduct preliminary investigations into privacy incidents and breaches.
• Maintain incident logs, prepare summaries, and assist with breach notification and corrective action planning.
• Execute privacy risk assessments and targeted audits under DCPO oversight.
• Partner with the DCPO to identify high-risk areas, propose mitigation strategies, and support reporting to leadership and regulatory agencies.
• Monitor privacy compliance trends and assist in evaluating internal practices.
• Prepare documentation and reports for submission to regulatory authorities during audits and investigations.
• Collaborate with Legal, IT, and cybersecurity teams to implement privacy controls and monitor HIPAA Security Rule compliance.
• Participate in IT system design and implementation planning, with final decisions guided by the DCPO.
• Partner with compliance leads, department heads, and senior management to implement privacy initiatives under the DCPO's leadership.
• Represent the Privacy Program in internal committees and cross-functional projects as delegated by the DCPO.
• Ensure privacy protections are embedded within technological systems in collaboration with IT and Information Systems teams.
• Track program performance metrics, analyze trends in privacy incidents and training outcomes.
• Recommend operational improvements for DCPO review and approval.
Qualifications/Requirements:
Experience:
• 7 years of experience in privacy compliance or regulatory management in hospital or healthcare facility, required.
Education:
• Bachelor's degree in Business, Accounting, Finance, Healthcare Administration, or a related field, required.
• Master's degree in Business, Accounting, Finance, Healthcare Administration, or a related field, preferred.
Licenses / Certifications:
• Certified in Healthcare Privacy Compliance (CHCP), Certified in Healthcare Compliance (CHC) or comparable certification, required.
Other:
• Confidentiality: It is an expectation that all employees at Westchester Medical Center Health Network will protect the confidentiality of all patient care, personnel, and business/financial information.
• Compliance: Employees will complete required competencies, annual mandatory training requirements and adhere to the code of conduct as described in the Westchester Medical Center Health Network Compliance Plan and brochure.
• Disclaimer: The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.
Special Requirements:
• Knowledgeable in HIPAA, and Federal and State regulations for hospitals & physician practices.
• Planning and conducting effective, confidential investigations.
Apply Now
Apply Now
The Director of Privacy Program is responsible for managing the daily operations of the WMC Health Network's Privacy Assurance Program, ensuring consistent execution of privacy initiatives across the organization. This position reports directly to the Deputy Chief Privacy Officer (DCPO), who retains primary oversight of the Privacy Assurance Program. Under the DCPO's direction, the Director carries out operational responsibilities, manages Privacy Team activities, and supports strategic initiatives. The Director serves as a key partner to the DCPO, ensuring that privacy goals are met and that program activities are executed effectively and in alignment with regulatory expectations and organizational priorities.
Responsibilities:
• * Manage daily operations of the Privacy Assurance Program under the direction of the DCPO, including staff supervision and workflow coordination.
• Execute network-wide privacy initiatives in alignment with DCPO directives.
• Maintain and ensure consistent application of privacy policies, HIPAA manuals, and governance documents, ensuring consistent application across the network.
• Collaborate with the DCPO to draft, revise, and update privacy policies, Code of Conduct materials, and related documentation in alignment with evolving regulations.
• Design and deliver privacy training programs for staff, faculty, medical staff, and new employees.
• Promote privacy awareness in accordance with the DCPO's strategic goals.
• Conduct preliminary investigations into privacy incidents and breaches.
• Maintain incident logs, prepare summaries, and assist with breach notification and corrective action planning.
• Execute privacy risk assessments and targeted audits under DCPO oversight.
• Partner with the DCPO to identify high-risk areas, propose mitigation strategies, and support reporting to leadership and regulatory agencies.
• Monitor privacy compliance trends and assist in evaluating internal practices.
• Prepare documentation and reports for submission to regulatory authorities during audits and investigations.
• Collaborate with Legal, IT, and cybersecurity teams to implement privacy controls and monitor HIPAA Security Rule compliance.
• Participate in IT system design and implementation planning, with final decisions guided by the DCPO.
• Partner with compliance leads, department heads, and senior management to implement privacy initiatives under the DCPO's leadership.
• Represent the Privacy Program in internal committees and cross-functional projects as delegated by the DCPO.
• Ensure privacy protections are embedded within technological systems in collaboration with IT and Information Systems teams.
• Track program performance metrics, analyze trends in privacy incidents and training outcomes.
• Recommend operational improvements for DCPO review and approval.
Qualifications/Requirements:
Experience:
• 7 years of experience in privacy compliance or regulatory management in hospital or healthcare facility, required.
Education:
• Bachelor's degree in Business, Accounting, Finance, Healthcare Administration, or a related field, required.
• Master's degree in Business, Accounting, Finance, Healthcare Administration, or a related field, preferred.
Licenses / Certifications:
• Certified in Healthcare Privacy Compliance (CHCP), Certified in Healthcare Compliance (CHC) or comparable certification, required.
Other:
• Confidentiality: It is an expectation that all employees at Westchester Medical Center Health Network will protect the confidentiality of all patient care, personnel, and business/financial information.
• Compliance: Employees will complete required competencies, annual mandatory training requirements and adhere to the code of conduct as described in the Westchester Medical Center Health Network Compliance Plan and brochure.
• Disclaimer: The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.
Special Requirements:
• Knowledgeable in HIPAA, and Federal and State regulations for hospitals & physician practices.
• Planning and conducting effective, confidential investigations.
Apply Now
Apply Now