As a UW employee, you have a unique opportunity to change lives on our campuses, in our state and around the world. UW employees offer their boundless energy, creative problem solving skills and dedication to build stronger minds and a healthier world.
UW faculty and staff also enjoy outstanding benefits, professional growth opportunities and unique resources in an environment noted for diversity, intellectual excitement, artistic pursuits and natural beauty. All of which has allowed the UW to be nationally recognized as a “Great College to Work For” for five consecutive years.
UW Medicine has an outstanding opportunity for a Director of Patient Privacy.
The Director of Patient Privacy is the team lead and serves as a primary contact point and content expert for patient information compliance. The Director is responsible for overseeing the daily activities required for the operation of the team and is responsible for the team’s activities, including responding to inquiries, investigating complaints, managing projects, developing and delivering education and outreach, developing and implementing audit/monitoring plans, reporting on program activities, maintaining program records, and monitoring regulatory developments, creating, reviewing, and updating policies and codes of conduct, performing risk assessments, developing risk mitigation strategies, evaluating program effectiveness, and interfacing with other institutional officials, such as IT Services staff, UW Health Sciences risk managers, Health Information Management staff, entity patient relations managers, and the UW Medicine and UW Information Security colleagues to identify and resolve shared issues and concerns.
Duties and Responsibilities:
- Manage the development, implementation, and maintenance of HIPAA policies and procedures in accordance with applicable federal and state laws and regulations; work closely with UW Medicine leaders, IT teams, stakeholders and governance committees in the development, approval, and implementation process for HIPAA policies, procedures, and internal controls to ensure outcomes are appropriate and operating as intended
- Convene and effectively participate in UW and UW Medicine HIPAA-related committees and workgroups where data security/HIPAA are addressed to coordinate Program development and implementation
- Work closely with IT security staff, HIM teams, and other information technology personnel to ensure that the organization’s privacy protections keep pace with technological advances
- Coordinates with senior management, operational managers, IT security staff, and business support services to provide for a business continuity plan and disaster recovery service
- Reviews all system-related information security plans throughout the organization’s network(s) to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department
- Oversee efforts to assess the effectiveness of HIPAA privacy and security internal controls across UW Medicine and to develop proactive responses to emerging risks and regulatory developments
- Conduct on-going HIPAA risk assessments, including development, tracking and reporting of issue mitigation strategies. Document activities to meet current regulatory requirements (e.g., HIPAA, CMS, HITECH, and NIST).
- Address HIPAA-related inquiries, requests for consultation, and complaints and work closely with operational leadership in developing responses and mitigation strategies to address findings
- Develop and implement an annual HIPAA privacy and security auditing program that incorporates feedback and education into the process and assures timely communication of audit results to the CO, CCO/CPO and appropriate entity leadership; recommend corrective actions as necessary
- In conjunction with the CO, develop HIPAA compliance education and outreach for workforce members throughout the UW Medicine system
- Monitor developments in related rules, regulations and judicial interpretations; make recommendations to the CO as needed to maintain compliance and mitigate risk
Lead Collaborative Efforts
- Build and manage key relationships with internal and external stakeholders, colleagues, and clients by providing collaborative partnership in areas of shared interests, concerns, and risk.
- Collaborate with the information security officer to ensure alignment between security and privacy compliance programs including policies, practices, investigations, and acts as a liaison to the information systems department
- Serve as a subject matter expert on key patient information protection areas, especially information-security and technology issues related to enterprise clinical systems, electronic access issues, and security risk assessment
Develop/oversee development of projects, tasks, and schedules; monitoring and report on status to help ensure successful completion of projects within the resources and timelines allotted
- Foster a team of highly seasoned HIPAA privacy and security professionals
- Provide leadership in matters related to unit staffing, strategy, philosophy, and structure necessary to support the goals and objectives for the UW Medicine Compliance Patient Privacy Program; determine unit staffing needs in consultation with CO(s); recruit, hire, and supervise direct reports and unit staff
- Accomplishes staff results by communicating job expectations and mentoring; planning, monitoring, and appraising job results; coaching, counseling, and disciplining employees; developing, coordinating, and enforcing systems, policies, procedures, and productivity standards
- Bachelor’s degree and at least seven years of increasing responsibility or experience in a compliance-related field, of which three years of experience and expertise is in healthcare privacy and security compliance. Equivalent education and/or experience may substitute for minimum requirements.
- Technology and security related expertise, knowledge of enterprise clinical systems.
- At least five years of supervisory experience, with proven leadership, communication, organizational, team-building and critical thinking skills.
- Demonstrated record of effective skills in facilitation, creative problem solving and a team-based approach to achieving success in a highly technical environment.
- Excellent analytical, time management, organizational, and supervisory skills; and an understanding of a risk-based approach to securing institutional resources.
- Strong ability to communicate effectively, both verbally and in writing, with employees, medical staff, board members, and external parties, including active listening and presentation skills.
- Demonstrated ability to independently prioritize and organize work, basic computer knowledge, ability to lead interdisciplinary teams.
- Proven leadership, supervision, communication, team-building and problem-solving skills; demonstrated ability to work independently and effectively prioritize work.
- Demonstrated success in leading projects/initiatives, designing work processes, and implementing programs within a multifaceted, highly matrixed organization.
- Advanced degree, preferably in law, business or healthcare administration.
- Five years-experience managing a healthcare compliance content area.
- Five years experience in an academic medical center.
- Two years experience developing and managing administrative, technical, and physical controls as required by the HIPAA security rule and the HITECH act.
- Professional privacy and/or security certification such as Certified in Healthcare Privacy and Security (CHPS) and/or other healthcare industry related security credentials.
As a UW employee, you will enjoy generous benefits and work/life programs.
Instructions for Resume Submission:
Apply on the University of Washington’s web site. (This is job #158889.)