Wellframe is seeking an individual experienced in risk and compliance issues in healthcare to lead our privacy compliance efforts. This role provides direction and expertise on all aspects of information privacy, privacy compliance, and confidentiality. This position is a part of the Privacy team, which also includes our legal counsel and the Security Officer.
- Develop and implement privacy policies and processes.
- Investigate, document and track privacy-related events. Develop and implement corrective action plans (including ensuring consistent application of sanctions/disciplinary action) in response to such events.
- If necessary, report to state and federal authorities and communicate with patients when their PHI or PII has been used or disclosed in violation of the privacy program.
- Cooperate with U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) and other federal, state and international entities, in any privacy program audits, inquiries or investigations.
- Identify training needs; administer and log yearly HIPAA training and send weekly HIPAA newsletter to employees.
- Monitor of privacy related complaints, incidents, and issues related to unauthorized disclosure of PHI.
- Work with counsel on tasks including approving and complying with all BAAs, DPAs, risk assessments, etc
- Provide guidance on business associate and data processing agreements; monitor contracts to determine appropriate inclusion of such agreements; and assist departments to analyze privacy obligations under business associate and data processing agreements.
- Work with the Security Officer/Privacy team on tasks including risk assessments
- Work with the Product team to ensure compliance is maintained as new product features are developed.
- Possible opportunity to take on broader team leadership, depending on experience
- Bachelor’s degree required.
- Three (3) to five (5) years of full-time experience with privacy and confidentiality, health information risk management, or information security.
- Knowledge of and demonstrated experience with compliance, HIPAA/HITECH, PII and other varieties of protected information.
- Strong written and oral communication skills.
- Project management experience.
- Experience with privacy and compliance in both US and international markets, particularly in Europe, and familiarity with Privacy Shield compliance
- IT experience specifically in the area of Information Security.
- Experience working in healthcare IT.
- Experience working in a start-up.
- Compliance certifications are a bonus (e.g., CRISC CRMA, CHPS, CHRC, and/or CCCP).
- SCRUM/Agile experience a plus.