Director of Data Privacy

Who is HealthTrackRx?

HealthTrackRx is the nation's leading PCR-based infectious disease laboratory! By delivering next morning results to healthcare providers nationwide, HealthTrackRx is the premier option for patients and healthcare professionals and in an exciting phase of growth!

Job Summary:

The Director of Data Privacy will provide leadership, oversight, and vision to build, enhance and sustain a comprehensive privacy program, ensuring organization-wide compliance with all applicable privacy laws and regulations. The Director of Data Privacy will develop, coordinate, and oversee data privacy and compliance programs, frameworks, and governance structures, partner with key stakeholders to implement privacy compliance efforts and programs, and design and integrate communications strategies for privacy compliance information and training regarding privacy policies, data-handling policies and procedures, and legal obligations.

Essential Responsibilities/Duties:

• Partner with stakeholders to identify, document, and mitigate privacy risks arising from key business activities (e.g., clinical, research, records retention, billing and client services) and implement work and monitoring planning to continuously improve the data privacy compliance program, governance structure, and frameworks.
• Author policies and procedures to support data privacy compliance and implement a continuous, comprehensive review process to assess existing data privacy policies and procedures to ensure efficacy, to identify and remediate performance gaps, and to ensure alignment with applicable relevant laws and regulations.
• Design and integrate communication strategies for privacy compliance information and training regarding company privacy policies, data-handling policies and procedures, and legal obligations. Support a mechanism for timely responses to privacy related inquiries. Develop role-specific privacy training course content for target audience(s) and monitor and report on completion of privacy-related training.
• Manage privacy incidents and breach notifications required by federal and state law, serving as liaison with federal and state oversight agencies. Perform timely investigations ensuring resolution for all privacy-related matters received. Assess metrics and leverage analytics to improve and enhance processes.
• Partner with key stakeholders to implement privacy compliance efforts and programs. Collaborate with information security to ensure operational alignment between security and privacy compliance programs. Lead and participate in privacy related committees to support privacy-related initiatives, address and evaluate emerging risks.
• Collaborate with the Legal Team on the review of legal agreements regarding the collection, protection, transfer, and use of regulated and/or sensitive data, offering guidance on methods to minimize privacy compliance risk.
• In collaboration with Information Security and business partners, coordinate due diligence reviews of vendors that will handle personally identifiable data on behalf of the company to ensure their data protection compliance programs are robust, ensure appropriate data protection agreements are in place, and conduct periodic monitoring of the vendors.
• Maintain current and operational knowledge of applicable federal and state privacy laws in a laboratory environment and serve as a subject matter expert.
• Manage, develop and mentor staff both onsite and at remote locations to ensure completion of annual work plans and goals.

Qualifications:

Education -

• Bachelor's degree required (preferably in a healthcare related field) or 5+ years.
• Master's degree preferred.

Competencies/Skills -

• Knowledge and progressive operational experience with U.S. privacy and data protection compliance laws in a healthcare setting (HIPAA, CCPA, state privacy and data breach laws, etc.).
• Ability to foster strong relationships and use a collaborative approach to conducting compliance activities.
• Strong research, analytical, and problem-solving skills.
• Strong aptitude for compliance, project management and training software solutions to include configuration, analytical and reporting skills
• Ability to manage multiple priorities, projects, as well as adapt to changing business needs in a fast-paced and flexible environment.
• Strong communication skills to facilitate interaction with representatives across the organization, including executives, department directors/managers, Legal Department, staff, and external organizations and agencies. Ability to present complex issues and concepts to audiences of varying expertise in the subject matter (both orally and in writing).
• Ability to maintain the confidentiality of sensitive or private matters while performing job duties and interacting with colleagues.
• Ability to participate in team projects and fill various roles such as team member, facilitator, or leader as needed.

Experience -

• Minimum 5 years' experience and skill managing privacy compliance programs, writing policies and guidance documents supporting various business activities, developing training, conducting investigations, and interacting with internal and external auditors.

Certifications/Licenses -

• Professional privacy specialist certification (e.g., CHPC, CIPP, CIPM), or similar strongly preferred.

Travel -

• Up to 25%