NAELA's CareerCenter

---

1. Develops and implements a comprehensive health information privacy program governing university-wide teaching, research and patient-care operations. 2. Manages the HIPAA privacy office staff. Provides oversight and guidance to deputy HIPAA privacy officers and departmental HIPAA contacts to ensure a consistent compliance program across the university. 3. In collaboration with the chief privacy officer, develops university-wide policies, procedures and practices governing the privacy and security of health information through the sophisticated analysis of data, operations, and regulatory requirements. 4. Promotes a culture of respect for patient privacy and HIPAA compliance in alignment with Yale's teaching, research and patient care missions. 5. Directs the identification, implementation, and maintenance of PHI privacy and breach notification policies and procedures in coordination with senior leaders from the university's health care and health plan components, the chief privacy officer, and university attorneys. Assesses, benchmarks, and revises policies and procedures related to appropriate access to PHI in accordance with legal standards and industry best practices. 6. Collaborates with strategic partners to assess the security of health-related IT systems, to manage IT-related risk, to ensure regulatory compliance, to align security and privacy practices, and to adapt policies, approaches, and standards to evolving technological challenges. 7. Establishes the parameters and standards for ongoing compliance monitoring activities in coordination with the university's other compliance and operational assessment functions. 8. Ensures the university's IRBs' compliance with HIPAA privacy policies and procedures. 9. Develops and implements a robust privacy and security training and awareness program for diverse university stakeholders, including students, faculty, and medical and professional staff. 10. Analyzes university and industry data to identify incident trends related to risks to the privacy of PHI and develops strategies to manage and mitigate those risks. 11. Drives HIPAA privacy compliance efforts with affiliated entities and entities participating in an Organized Health Care Arrangement with the university. 12. Develops, implements, and monitors business associate agreements to ensure all privacy requirements are addressed. 13. Establishes and administers a process for receiving, documenting, tracking, investigating and acting on complaints concerning the university's HIPAA privacy practices, in consultation with the chief privacy officer. Ensures HIPAA investigations are conducted in accordance with university disciplinary policies and are documented in keeping with HIPAA record retention requirements. 14. Ensures the consistent application of sanctions for failure to comply with HIPAA privacy policies, in coordination with human resources, the information security officer, the chief privacy officer, and university attorneys. 15. Other tasks as assigned.

Preferred Education:  Advanced degree in relevant area such as healthcare, healthcare administration, or law and five years of experience in managing privacy compliance, preferably at an academic medical center, or an equivalent combination of training and experience.

Preferred Education, Experience and Skills:  Advanced degree in relevant area such as healthcare, healthcare administration, or law and five years of experience in managing privacy compliance, preferably at an academic medical center, or an equivalent combination of training and experience.

Posting Position Title:  HIPAA Privacy Officer

Required Skill/ability 3:  Ability to promote privacy compliance across a diverse workforce.

Work Week:  Standard (M-F equal number of hours per day)

University Job Title:  HIPAA Privacy Officer

Required Skill/ability 1:  Comprehensive knowledge of (i) health information privacy laws, including HIPAA, HITECH, and OCR guidance; (ii) use of health information in clinical research; and/or (iii) medical records management, including access, release and tracking techniques.

Required Skill/ability 4:  Excellent leadership, project management, organizational, and communication skills.

Required Skill/ability 2:  Ability to work independently and leverage networks to advance programmatic goals in a decentralized environment.

Bachelor's degree and a minimum of 7 years of experience or equivalent combination of education and experience.