Hennepin Healthcare is an integrated system of care that includes HCMC, a nationally recognized Level I Adult and Pediatric Trauma Center and acute care hospital. The comprehensive healthcare system includes a 484 bed academic medical center, a large outpatient Clinic & Specialty Center, and a network of primary and specialty care clinics in Minneapolis and in suburban communities. Hennepin Healthcare has a large psychiatric program, home care and hospice, and operates a research institute, innovation center and philanthropic foundation.

SUMMARY

We are seeking an Information Privacy Director to join our team. This full time role will primarily work remote (around 90%) with requirement to come onsite, as needed (training sessions in person, investigations, or department meetings).

This position oversees, creates, and maintains the HHS information privacy compliance program, and manages the operations of Information Privacy Department. This position functions as the HHS HIPAA Privacy Officer and the MN Data Practices Act Responsible Authority.

Required COVID-19 Vaccinations for Employees
Hennepin Healthcare requires employees to be fully vaccinated against COVID-19. This includes all employees, volunteers, students, and contracted staff, with limited exemptions for medical or religious reasons.

RESPONSIBILITIES

• Responsible for development, implementation, and maintenance of an effective privacy program that prevents and detects privacy violations
• Serves as subject matter expert including, but not limited to HIPAA, HITECH, Minnesota Government Data Practices Act, state privacy laws, and related healthcare privacy laws
• Creates and maintains a strategic and comprehensive information privacy program that includes: policies and processes that ensure the confidentiality of protected health information (PHI) in accordance with federal and state laws, training for all team members, investigation of privacy concerns, auditing and monitoring of systems and processes that impact information privacy, reporting of privacy metrics to leadership, and ongoing privacy risk assessments
• Provides advice and works closely with the Chief Compliance Officer, Legal, Health Information Technology, Research/IRB/HHRI, other senior leadership, and covered entities in various matters dealing with privacy compliance
• Works closely with the Information Security Official, members of the electronic medical record implementation team, and other information technology personnel to ensure that the organization’s privacy protections keep pace with technological advances
• Establishes and maintains effective governance of the information privacy program
• Serves as the HIPAA Privacy Official pursuant to the administrative requirements of 45 Code of Federal Regulation, Standards for Privacy of Individually Identifiable Health Information (HIPAA Privacy Rule) and MN Government Data Practices Act Responsible Authority
• Authors and maintains information privacy policies, procedures, and organizational privacy documents (e.g., Notice of Privacy Practices, internal guidance documents)
• Develops and conducts information privacy training and education for all HHS team members
• Provides privacy guidance to team members and management throughout the organization
• Establishes an ongoing process to track, investigate, and report inappropriate access and disclosure of protected health information, including oversight of corrective action plans that mitigate noncompliance
• Manages required breach determination and notification processes under applicable law
• Ensures the development and implementation of business associate processes, including the ongoing compliance monitoring of business associates to ensure compliance with regulatory expectations
• Performs information privacy risk assessment/analysis and develops corresponding work plans and corrective action plans
• Works collaboratively with Hennepin County departments and other business partners, as needed, to ensure appropriate data sharing between the parties

QUALIFICATIONS

Minimum Qualifications:

• Bachelor’s degree in business or health administration, health information management or a related field

-OR-

• An approved equivalent combination of education and experience

Preferred Qualifications:

• Juris Doctor preferred
• Master’s degree in Business Administration, Information Technology, Healthcare or related field
• Experience in auditing/monitoring
• Experience with MN Government Data Practices Act

Knowledge/Skills/Abilities:

• Knowledge and experience in state and federal information privacy laws and best operational practices
• Demonstrated organization, facilitation, written and oral communication, and presentation skills
• Demonstrated skills in collaboration, teamwork, and problem-solving to achieve goals
• Demonstrated skills in verbal communication and listening
• Demonstrated skills in providing excellent service to customers
• Excellent writing skills
• Extensive familiarity with health care relevant legislation and standards for the protection of health information and patient privacy
• Health care legal, operational, and or financial skills
• Knowledge and experience in administering programs to address HIPAA and related regulations, MN Health Records Act, MN Government Data Practices Act, and other applicable laws & regulations
• Ability to effectively manage company resources (i.e. budget & personnel)
• Skilled in overseeing the efforts of high-level department individuals
• Ability to provide strategic leadership by prioritizing work based on risk and resource availability
• Superb ability to motivate employees and inspire positive change within department
• Ability to contribute new ideas that support organizational goals
• Skilled in managerial duties (i.e. hiring, firing, performance appraisals, pay, reviews)
• Skilled in modeling company values through daily interactions within the department, particularly with regards to health and safety
• Capable of supporting the work of the department
• Skilled in fostering a positive workplace culture and building inclusive workplace teams

License/Certifications:

• Certification in Health Care Privacy, Information Privacy, or Healthcare Compliance (CHPC, CIPP/US, CIPM, CHC, or equivalent) or the ability to obtain within 12 (twelve) months of date of hire

You've made the right choice in considering Hennepin Healthcare for your employment. We offer a wealth of opportunities for individuals who want to make an impact in our patients' lives. We are dedicated to providing Equal Employment Opportunities to both current and prospective employees. We are driven to connect talented individuals with life-changing career opportunities, enabling you to provide exceptional care without exception. Thank you for considering Hennepin Healthcare as a future employer.

Please Note: Offers of employment from Hennepin Healthcare are conditional and contingent upon successful clearance of all background checks and pre-employment requirements.