Director, Privacy

Company Description

The University of Maryland Medical System is a 14-hospital system with academic, community and specialty medical services reaching every part of Maryland and beyond. UMMS is a national and regional referral center for trauma, cancer care, Neurocare, cardiac care, women’s and children’s health and physical rehabilitation. UMMS is the fourth largest private employer in the Baltimore metropolitan area and one of the top 20 employers in the state of Maryland. No organization will give you the clinical variety, the support, or the opportunities for professional growth that you’ll enjoy as a member of our team. 

Job Description

The Director, Privacy and Data Protection is a key system shared services role that is responsible for leading and overseeing UMMS privacy and data protection program development, implementation, and maintenance. This includes facilitating adherence to all relevant UMMS privacy and data protection policies and procedures, as well as privacy and data protection related laws and regulations. The seasoned, innovative leader in this position ensures a transparent, measurable and compliant data management processes and related activities within UMMS. This process reflects thoughtful design to ensure that privacy and data protection is baked into world class patient care and related business operations and includes metrics. This position also directs and develops the organization’s privacy and data protection strategy and work plan and works in coordination with other compliance leaders in a shared services model to inspire others in privacy awareness and to enhance the culture of compliance around privacy and data protection. II. Principal Responsibilities and Tasks The following statements describe the general nature of work performed by the individual assigned to this classification.

This is not an exhaustive list of all job duties. Principal responsibilities of the Director, Privacy and Data Protection include:

• Building a strategic and comprehensive privacy and data protection program that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of protected health information (PHI), paper and/or electronic, across all media types.
• Ensuring that the UMMS privacy and data protection program includes the privacy components of the Health Insurance Portability and Accountability Act (HIPAA), state privacy laws and regulations, protection of the organization’s proprietary data, employee data privacy as well as other relevant and emerging privacy requirements including but not limited to the General Data Protection Regulation (GDPR).
• Ensuring that all privacy and data protection related forms, policies, standards, and procedures within the UMMS organization are up to date.
• Working effectively and collaboratively with executive leadership, Information Security, and compliance leaders to establish and maintain effective management and governance for the privacy and data security program.
• Collaborating effectively with Information Security and Technology to ensure alignment between information security and privacy and data protection compliance programs including policies, practices, investigations, and acting as the compliance liaison to the UMMS Information Security and Technology Department.
• Working effectively with compliance leaders, organization administration, legal counsel, and other related parties to represent UMMS information privacy interests with external parties (state or local government bodies) that adopt or amend privacy legislation, regulations, or related expectations.
  • Working effectively with representatives of the U.S. Department of Health and Human Service's Office for Civil Rights (OCR), state regulators and/or other legal entities as well as appropriate internal partners during government initiated privacy or data security related reviews, audits or investigations.
  • Building, mentoring, and developing a world class privacy team. Managing, hiring and retaining staff and being accountable for the performance of the team.
  • Collaboratively developing and implementing strategic vision and plans for the privacy and data protection program in accordance with best practices; setting long-range direction and making high-level decisions in coordination with leadership; proposing and managing the implementation of complex and significant programmatic change as determined necessary.
  • Perform other duties as assigned.

Qualifications

Education and Experience:

• Bachelor’s degree in business or health care administration or similar field required. An advanced degree in law (JD), privacy, or a related field preferred.
• One or more of the following existing and current certifications or obtaining an approved privacy or data security related certification within the first year of employment is required: CIPP, CIPM, HCISPP, PECB-CDPO, CDP or CHPC.
• Five or more years of privacy, data security or IT security program leadership or related experience required.
• Demonstrated successful and collaborative experience in a large academic medical center, integrated care delivery system or similarly complex organization preferred.
• Success operationalizing a transparent, measurable privacy and or data protection program preferred.
• A strong track record of timely, active and appropriate responses to privacy violation allegations, inquiries, incidents and investigations, including working effectively with legal counsel and stakeholders is desired.
• Experience with privacy and data protection issues related to academic and medical research and health information preferred.
• Experience navigating and coordinating activities between a university and health facilities preferred.
• Membership and leadership in national privacy or data security organizations preferred.
• HIPPA experience preferred. 

Knowledge, Skills and Abilities

• Demonstrated strength as a collaborative team leader in hiring, developing, and managing a high-producing team of privacy experts; experience in effectively managing staff and providing leadership to achieve the goals and vision of UMMS Compliance and the organization.
• Demonstrated ability to build successful relationships with a wide range of staff while maintaining the ability to be transparent, decisive and forthright in a consensus-driven environment.
• Demonstrated success in collaboratively engaging and educating a range of stakeholders on a comprehensive privacy and data protection plan as well as leading and facilitating appropriate responses to a variety of privacy and data security related incidents and investigations.
• Demonstrated current working knowledge of relevant and emerging privacy and data protection laws and regulations. 
• Skilled at listening, collaborating, and executing measurable program components in a consensus driven organization.
• Able to synthesize complex laws and regulations into communications that are meaningful, effective, and easy to understand as well as meaningfully partner with team members to edit and inspire their communication as well.

Additional Information

All your information will be kept confidential according to EEO guidelines.