Duke University Health System (DUHS) Job Descriptions

SR PRIVACY DIRECTOR

Job Title: SR PRIVACY DIRECTOR
Job Code: 5618
FLSA: E
Job Level: K1
Revised Date: 10/01/2022
Supervisory Responsibility: Yes

~ Printer-Friendly Version ~

General Description of the Job Class

The Senior Privacy Director reports to the Chief Compliance & Privacy Officer and administers an effective clinical research and clinical privacy program across Duke University Health System, Duke University Schools of Medicine and Nursing and their affiliates (collectively "Duke Health"). The Sr. Privacy Director will develop policies and processes to monitor compliance with federal and state privacy regulations, as well as general industry privacy standards related to protected health information and other restricted or sensitive information collected, used, and/or retained. Assumes management responsibilities of a team of Privacy professionals.

Duties and Responsibilities of this Level

The Sr. Privacy Director will specifically serve as the healthcare privacy subject matter expert for Duke Health, managing the effectiveness of the privacy program, working closely with clinical and clinical research faculty and staff to create compliance with healthcare and research privacy laws and regulations.

??? Advise Duke Health Chief Privacy Officer and Duke Health leadership regarding privacy compliance.

??? Direct and coordinate activities of privacy staff, including team lead and privacy analysts to manage an effective privacy program.

??? Manage personnel functions including but not limited to hiring, performance reviews, assigning work, promotions, transfers, vacation scheduling and retention efforts

??? Monitor systems development and operations for privacy compliances

??? Proactively create and revise privacy policies and corresponding guidance to assure consistency and currency with privacy-related best practices and evolving external regulations and policies.

??? Perform negotiation, implementation and ongoing monitoring of business associate agreements and other data use contractual restrictions to ensure privacy requirements and applicable laws, regulations, and policies. Negotiate with external parties.

??? Collaborate with operational management, clinical researchers, security and Chief Compliance and Privacy Officer to address data governance and privacy concerns

??? Lead risk assessment activities, analysis and in collaboration with leaders develop corrective actions. Conduct ongoing compliance monitoring activities in coordination with operational assessment functions.

??? Create and conduct system-wide privacy training and education programs and outreach to continuously build relationships and awareness.

??? Develop and analyze privacy related tracking tools and data analytics to trend and identify opportunities for educational opportunities and policies, procedures and process improvement.

??? Perform breach risk assessment and mitigation, coordinate investigation with operational staff and work with Human Resources to ensure consistent application of sanctions for privacy violations.

??? Act as liaison and cooperate with US Department of Health and Human Services, Office of Civil Rights, state regulators and other external agencies in any investigations, including drafting responses and remediation and implementing corrective action.

??? Perform compliance with routine and non-routine reporting to governmental agencies, including Office of Civil Rights and NC Attorney General.

??? Continuously learn about new regulatory requirements and industry trends and incorporate within the privacy program.

??? Lead and/or participate on committees to address privacy concerns.

??? Perform other related duties incidental to the work described herein.

Required Qualifications at this Level

Education

Work requires organizational, analytical and communication skills acquired through the completion of a Master's degree program in Business Administration or Health Administration. Juris Doctor degree, or a related field is preferred.

Experience

Work requires a minimum of five years' experience in compliance within the healthcare industry, to include leadership experience in project management and process improvement.

Degrees, Licensure, and/or Certification

Privacy certifications including IAPP's CIPP or CIPM, preferred.

Knowledge, Skills, and Abilities

N/A

Distinguishing Characteristics of this Level

N/A

---

The intent of this job description is to provide a representative and level of the types of duties and responsibilities that will be required of positions given this title and shall not be construed as a declaration of the total of the specific duties and responsibilities of any particular position. Employees may be directed to perform job-related tasks other than those specifically presented in this description.

---

Duke University is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status.

Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas-an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.

---

Essential Physical Job Functions

Certain jobs at Duke University and Duke University Health System may include essential job functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.