Vanderbilt Health
Director, Privacy Office (Remote Eligible)
Vanderbilt Health, Nashville, Tennessee, United States, 37247
Overview
Discover Vanderbilt University Medical Center
: Located in Nashville, Tennessee, and operating at a global crossroads of teaching, discovery, and patient care, VUMC is a community of individuals who come to work each day with the simple aim of changing the world. Vanderbilt Health is committed to an environment where everyone has the chance to thrive and where your uniqueness is sought and celebrated. It is a place where employees know they are part of something bigger than themselves, take exceptional pride in their work, and never settle for what was good enough yesterday. Vanderbilt's mission is to advance health and wellness through preeminent programs in patient care, education, and research. Organization:
Privacy Office Job Summary
Vanderbilt Health - Executive Search Team is conducting a national search for a Director, Privacy Office. The Director, Privacy Office provides leadership for the Privacy Office by developing goals, objectives, policies and procedures; supervising, coordinating, and evaluating the activities; preparing operating and capital expenditure budgets; and performing personnel administration functions. Lead the work processes for the development and deployment of privacy and information security policies and processes; new hire and annual HIPAA/Privacy training materials for staff, house staff, students, and faculty; and provide consultative services to other departments regarding application of the principles and policies of privacy and information security in the way work is done across the organization. The Privacy Office is responsible for the oversight of HIPAA compliance for the Vanderbilt Affiliated Covered Entity. As VUMC grows its patient volume and expands services geographically, efforts to maintain organizational compliance with patient privacy regulations including HIPAA increase. In FY25, the team responded to over 2200 privacy matters including patient privacy rights requests, staff guidance, breach investigations and notifications, and information requests related to privacy complaints on file with the HHS Office for Civil Rights. The Director role is critical for these efforts, program oversight, and daily management of regulatory activities performed by the Privacy Office team. This role leads the development and deployment of privacy and information security policies and processes; new hire and annual HIPAA/Privacy training materials; leads complex privacy investigations and VUMC's breach incident response; provides consultative services to departments; and responds to external regulatory inquiries and investigations. Key Responsibilities
Develop goals, objectives, work plans, and priorities for the Privacy Office based on strategies defined by the Information Privacy and Security Executive Committee and the Chief Patient Experience and Service Officer. Define and secure approval for objectives and work plans to achieve institutional and departmental objectives and priorities. Ensure compliance with federal and state privacy laws and regulatory requirements related to privacy and confidentiality of patient and other sensitive information. Facilitate inter-departmental input, evaluation, and participation in developing and implementing enterprise-wide policies and processes. Initiate changes or develop new policies, procedures, and methods; analyze long-range impact of decisions and plans. Recommend and revise policies related to privacy and information security to promote compliance with laws and VUMC priorities. Lead multi-disciplinary teams across the enterprise in designing workflow processes and policy development related to privacy and information security. Ensure processes for handling patient complaints and privacy breaches are compliant and documented according to standards and policies. Lead efforts to apply the Sanctions Policy to incidents involving privacy and information security. Author policies and procedures and oversee vetting and approval through committees. Develop communication and training materials to deploy policies and processes successfully. Provide leadership to committees and teams responsible for enterprise-wide processes (e.g., ID Alert Review Team). Ensure rapid response to patient complaints, initiate service recovery, identify trends, and incorporate improvements into training to reduce recurrence. Research and implement effective patient complaint processes, track concerns, respond to issues, and manage service recovery; ensure regulatory timing requirements are met. Recommend disciplinary action per the Sanctions Policy for violations of information privacy and security; provide training and counseling as needed as part of disciplinary action. Maintain documentation to support future complaints or investigations related to privacy investigations. Provide analyses and trend reports on patient complaints and privacy/security incidents; translate findings into training modules to reduce recurrence. Ensure effective operations of the department through program development, process improvement, and coordination with other departments; design and deploy processes and services to achieve goals. Standardize services, processes, resources, and practices to improve efficiency; supervise staff and provide guidance on problems. Adjust work plans to meet emergencies or changing conditions; participate in committees to address problems and facilitate information exchange. Communicate with top management on department problems and concerns; analyze and evaluate ongoing programs for adjustments or improvements. Develop staffing plans to meet developmental objectives; establish and exceed service standards aligned with financial targets and customer expectations. Promote a culture that respects privacy and enhances patient satisfaction; lead the organization in mission, values, and collaborative leadership. Demonstrate a leadership style that emphasizes facilitation and collaboration; ensure HR policies are followed; define qualifications and performance expectations for staff; support staff development through orientation, training, and competency assessment. Identify and evaluate quality assurance standards, programs, and procedures; ensure compliance with federal, state, and local regulatory standards including OCR and HHS. Establish and evaluate performance standards for safe, effective, and efficient operation of the department; ensure standards support clinical enterprise accreditation/licensure. Define and achieve financial targets; prepare an annual operating budget for the Privacy Office and justify operating and capital expenditures. Evaluate organizational structures and resource utilization; analyze budget variances and provide cost containment alternatives; project future budgets based on current operations. Basic Qualifications
Bachelor's Degree 7 years of experience Preferred Qualifications
2-3 years of leadership Advanced Degree (MBA, MHA, JD) CHPC or IAPP/US certification Prior privacy program leadership experience in an academic medical center Our professional administrative functions include critical supporting roles in information technology and informatics, finance, administration, legal and community affairs, human resources, communications and marketing, development, facilities, and many more. At our growing health system, we support each other and encourage excellence among all who are part of our workforce. High-achieving employees stay at Vanderbilt Health for professional growth, appreciation of benefits, and a sense of community and purpose. Core Accountabilities
Organizational Impact: Establishes key tactical and operational plans of a sub-function or multiple departments with long-term effects on results. Problem Solving/Complexity: Integrates knowledge and analysis to resolve complex technical and operational problems. Breadth of Knowledge: Applies comprehensive knowledge of professional/technical areas and broader management knowledge to achieve objectives. Team Interaction: Leads multiple departments within a function. Core Capabilities
Supporting Colleagues: Develops self and others; builds relationships; communicates effectively across audiences. Delivering Excellent Services: Serves others with compassion; solves complex problems; provides meaningful advice and support. Ensuring High Quality: Demonstrates excellent work; pursues continuous improvement; ensures safety and regulatory compliance. Managing Resources Effectively: Demonstrates accountability; manages resources; makes data-driven decisions. Fostering Innovation: Generates new ideas; applies technology; adapts to change. Position Qualifications
Responsibilities
Relevant work experience required. Experience Level: 7 years Education
Bachelor's degree Vanderbilt Health is committed to fostering an environment where everyone has the chance to thrive and is committed to the principles of equal opportunity. EOE/Vets/Disabled. #J-18808-Ljbffr
Discover Vanderbilt University Medical Center
: Located in Nashville, Tennessee, and operating at a global crossroads of teaching, discovery, and patient care, VUMC is a community of individuals who come to work each day with the simple aim of changing the world. Vanderbilt Health is committed to an environment where everyone has the chance to thrive and where your uniqueness is sought and celebrated. It is a place where employees know they are part of something bigger than themselves, take exceptional pride in their work, and never settle for what was good enough yesterday. Vanderbilt's mission is to advance health and wellness through preeminent programs in patient care, education, and research. Organization:
Privacy Office Job Summary
Vanderbilt Health - Executive Search Team is conducting a national search for a Director, Privacy Office. The Director, Privacy Office provides leadership for the Privacy Office by developing goals, objectives, policies and procedures; supervising, coordinating, and evaluating the activities; preparing operating and capital expenditure budgets; and performing personnel administration functions. Lead the work processes for the development and deployment of privacy and information security policies and processes; new hire and annual HIPAA/Privacy training materials for staff, house staff, students, and faculty; and provide consultative services to other departments regarding application of the principles and policies of privacy and information security in the way work is done across the organization. The Privacy Office is responsible for the oversight of HIPAA compliance for the Vanderbilt Affiliated Covered Entity. As VUMC grows its patient volume and expands services geographically, efforts to maintain organizational compliance with patient privacy regulations including HIPAA increase. In FY25, the team responded to over 2200 privacy matters including patient privacy rights requests, staff guidance, breach investigations and notifications, and information requests related to privacy complaints on file with the HHS Office for Civil Rights. The Director role is critical for these efforts, program oversight, and daily management of regulatory activities performed by the Privacy Office team. This role leads the development and deployment of privacy and information security policies and processes; new hire and annual HIPAA/Privacy training materials; leads complex privacy investigations and VUMC's breach incident response; provides consultative services to departments; and responds to external regulatory inquiries and investigations. Key Responsibilities
Develop goals, objectives, work plans, and priorities for the Privacy Office based on strategies defined by the Information Privacy and Security Executive Committee and the Chief Patient Experience and Service Officer. Define and secure approval for objectives and work plans to achieve institutional and departmental objectives and priorities. Ensure compliance with federal and state privacy laws and regulatory requirements related to privacy and confidentiality of patient and other sensitive information. Facilitate inter-departmental input, evaluation, and participation in developing and implementing enterprise-wide policies and processes. Initiate changes or develop new policies, procedures, and methods; analyze long-range impact of decisions and plans. Recommend and revise policies related to privacy and information security to promote compliance with laws and VUMC priorities. Lead multi-disciplinary teams across the enterprise in designing workflow processes and policy development related to privacy and information security. Ensure processes for handling patient complaints and privacy breaches are compliant and documented according to standards and policies. Lead efforts to apply the Sanctions Policy to incidents involving privacy and information security. Author policies and procedures and oversee vetting and approval through committees. Develop communication and training materials to deploy policies and processes successfully. Provide leadership to committees and teams responsible for enterprise-wide processes (e.g., ID Alert Review Team). Ensure rapid response to patient complaints, initiate service recovery, identify trends, and incorporate improvements into training to reduce recurrence. Research and implement effective patient complaint processes, track concerns, respond to issues, and manage service recovery; ensure regulatory timing requirements are met. Recommend disciplinary action per the Sanctions Policy for violations of information privacy and security; provide training and counseling as needed as part of disciplinary action. Maintain documentation to support future complaints or investigations related to privacy investigations. Provide analyses and trend reports on patient complaints and privacy/security incidents; translate findings into training modules to reduce recurrence. Ensure effective operations of the department through program development, process improvement, and coordination with other departments; design and deploy processes and services to achieve goals. Standardize services, processes, resources, and practices to improve efficiency; supervise staff and provide guidance on problems. Adjust work plans to meet emergencies or changing conditions; participate in committees to address problems and facilitate information exchange. Communicate with top management on department problems and concerns; analyze and evaluate ongoing programs for adjustments or improvements. Develop staffing plans to meet developmental objectives; establish and exceed service standards aligned with financial targets and customer expectations. Promote a culture that respects privacy and enhances patient satisfaction; lead the organization in mission, values, and collaborative leadership. Demonstrate a leadership style that emphasizes facilitation and collaboration; ensure HR policies are followed; define qualifications and performance expectations for staff; support staff development through orientation, training, and competency assessment. Identify and evaluate quality assurance standards, programs, and procedures; ensure compliance with federal, state, and local regulatory standards including OCR and HHS. Establish and evaluate performance standards for safe, effective, and efficient operation of the department; ensure standards support clinical enterprise accreditation/licensure. Define and achieve financial targets; prepare an annual operating budget for the Privacy Office and justify operating and capital expenditures. Evaluate organizational structures and resource utilization; analyze budget variances and provide cost containment alternatives; project future budgets based on current operations. Basic Qualifications
Bachelor's Degree 7 years of experience Preferred Qualifications
2-3 years of leadership Advanced Degree (MBA, MHA, JD) CHPC or IAPP/US certification Prior privacy program leadership experience in an academic medical center Our professional administrative functions include critical supporting roles in information technology and informatics, finance, administration, legal and community affairs, human resources, communications and marketing, development, facilities, and many more. At our growing health system, we support each other and encourage excellence among all who are part of our workforce. High-achieving employees stay at Vanderbilt Health for professional growth, appreciation of benefits, and a sense of community and purpose. Core Accountabilities
Organizational Impact: Establishes key tactical and operational plans of a sub-function or multiple departments with long-term effects on results. Problem Solving/Complexity: Integrates knowledge and analysis to resolve complex technical and operational problems. Breadth of Knowledge: Applies comprehensive knowledge of professional/technical areas and broader management knowledge to achieve objectives. Team Interaction: Leads multiple departments within a function. Core Capabilities
Supporting Colleagues: Develops self and others; builds relationships; communicates effectively across audiences. Delivering Excellent Services: Serves others with compassion; solves complex problems; provides meaningful advice and support. Ensuring High Quality: Demonstrates excellent work; pursues continuous improvement; ensures safety and regulatory compliance. Managing Resources Effectively: Demonstrates accountability; manages resources; makes data-driven decisions. Fostering Innovation: Generates new ideas; applies technology; adapts to change. Position Qualifications
Responsibilities
Relevant work experience required. Experience Level: 7 years Education
Bachelor's degree Vanderbilt Health is committed to fostering an environment where everyone has the chance to thrive and is committed to the principles of equal opportunity. EOE/Vets/Disabled. #J-18808-Ljbffr