Director - Privacy Office Job Listing at HCSC in Richardson, TX (Job ID R0031700-TX - Richardson)

Description

At HCSC, we consider our employees the cornerstone of our business and the foundation to our success. We enable employees to craft their career with curated development plans that set their learning path to a rewarding and fulfilling career.

Come join us and be part of a purpose driven company who is  invested in your future!

Job Summary This position oversees organizational compliance with legislation, regulations and mandates with a focus on privacy laws and regulations. This includes developing and maintaining HCSC's privacy compliance program to support acceptable business practices and contracts, developing and implementing HCSC's privacy policies and procedures, managing HIPAA Security investigations, managing government complaints and supporting contract templates and negotiations.

This position oversees and monitors business area's mitigation and corrective action plans for ongoing compliance of regulatory issues. Oversight includes all ongoing activities related to the development, implementation, maintenance of, and access to, protected health information and sensitive personal information in compliance with federal including the Affordable Care Act and American Recovery and Reinvestment Act (ARRA) HITECH, state privacy, security and consumer notification laws, contractual obligations, and HCSC's information privacy policies.

Please note, this is a hybrid role which requires in-office hours, 3 days week.

Responsibilities include:

Development and implementation of corporate regulatory policies and procedures

* Develop and maintain HCSC's strong regulatory compliance architecture, with a focus on privacy, to ensure compliance is met and to sustain compliance is an increasingly regulated industry. Establish consistent regulatory policies and procedures.
* Provides development, guidance and assistance in the identification, implementation and maintenance of HCSC's information privacy policies and procedures in coordination with HCSC's management and administration, the Privacy Advisory Committee and legal counsel.
* Responsible for managing privacy, security and regulatory complaints from individuals and the government including Office for Civil Rights, Attorney General Office, DOI and CMS.
* Responsible for overseeing Privacy Office contracting processes for HCSC including customer and vendor agreements and papers, negotiations, annual template updates, and ad hoc updates as applicable.
* Business lead for new federal privacy laws and regulations including ARRA HITECH regulations; business associate agreements, enforcement, and breach notification.
* Oversee mitigation and corrective action plans for federal and state regulatory compliance issues in order to sustain compliance.
* Guide ongoing compliance to laws and regulations including privacy, security and confidentiality laws and regulations.
* Establish relationships with BCBSA and other Blue Cross and Blue Shield Plans to obtain perspectives of pending privacy laws and regulations.
* Collaborate with corporate security officer on cyber privacy and security policies and procedures.
* Lead an enterprise Privacy Workgroup for adopting corporate-wide privacy standards, policies and procedures.
* Provide leadership to HCSC's HIPAA and GLB privacy risk assessment and implementation initiatives.
* Ensure compliance with regulatory practices and condition application of sanctions for failure to comply with regulatory policies for all individuals in HCSC's workforce, extended workforce, and for all business associates, in cooperation with the Human Resource department, the information security officer, administrative and legal counsel as appropriate.
* Work with HCSC personnel involved with any aspect of release of Protected Health Information (PHI), and Sensitive Personal Information (SPI) to ensure full coordination and cooperation between HCSC's policies, procedures and legal requirements.
* Develop, and direct, deliver or ensure delivery of the HCSC Regulatory Training Program, which consists of initial and ongoing privacy orientation and training to all employees, contractors, and other appropriate third parties. This program is developed and implemented in conjunction with the Information Security Department and Compliance Department.
* Initiates, facilitates and promotes activities to foster awareness of regulatory compliance within HCSC and its related entities.

Audit/Administer Regulatory Program Reviews

* Coordinate with Internal Audit to ensure systems development and operations are monitored for security and privacy compliance.
* In conjunction with HCSC management and Human Resource area, resolve allegations of non-compliance with HCSC's regulatory policies including privacy policies and the notice of privacy practices.
* Report on a periodic basis regarding the status of the privacy program to the Corporate Compliance Committee or other responsible individuals or committees.
* Coordinate with the Corporate Compliance Officer and the Corporate Privacy Officer regarding procedures for documenting and reporting voluntary or self-reporting as appropriate of regulatory violations. Ensure the appropriate action, including reporting, program revisions, discipline or other corrective actions are taken.
* Perform initial and periodic information privacy risk and other regulatory risk assessments and conduct related ongoing compliance monitoring activities in coordination with HCSC's other compliance and operational assessment functions.
* Establish, with management and operations, a mechanism to track access to PHI, within the purview of HCSC and as required by law, and to allow qualified individuals to review or receive a report on such activity.
* Coordinate and cooperates with the Office of Civil Rights, other legal entities, and HCSC officers in any compliance review or investigation.

Leadership of the Regulatory Program

* In conjunction with the Information Security team, provide leadership in the planning design and evaluation privacy related projects.
* Provide effective leadership and direct the work of subordinates. Select staff, coach performance, trains and provides development opportunities. Supervisory responsibilities cover multiple states.
* Work with HCSC senior management, the Corporate Compliance Officer and Corporate Privacy Officer to support the various enterprise-wide Privacy committees.
* Serve in a leadership role for the Privacy committees' activities.
* Serve as information privacy consultant to HCSC for all departments and appropriate entities.
* Work with legal counsel and management, key departments and committees to ensure HCSC has and maintains appropriate privacy and confidentiality authorization forms, information notices and materials reflecting the current organizational and legal practices and requirements.
* Participate in the development, implementation and ongoing compliance monitoring of trading partners and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
* Review all system-related information security plans throughout HCSC's network to ensure alignment between security and privacy practices, and act as a liaison to the information systems department.
* Manage HIPAA Security Incidents.
* Maintain compliance with state and federal laws. Assist the Corporate Compliance Officer with liaison responsibilities to regulatory and accrediting bodies.
* Maintain current knowledge of applicable federal and state privacy laws and other regulations that affect HCSC's business and monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.
* Provide support to HCSC's legal counsel or other designated parties to represent HCSC's information privacy interests with external parties (federal, state or local government bodies) who undertake to adopt or amend privacy legislation, regulation or standards.
* Communicate and interact effectively and professionally with co-workers, management, customers, etc.
* Comply with HIPAA, Diversity Principles, State Privacy regulations, Privacy Policies and Procedures, Corporate Compliance Program and Policies and Procedures.
* Maintain complete confidentiality of company related business.
* Maintain effective communication with management regarding developments within areas of assigned responsibilities and perform special projects as required or requested.

JOB REQUIREMENTS:

* Bachelor's degree in a business or legal field and 10 years related experience OR 14 years of related experience
* Knowledge of the health insurance industry
* Conceptual understanding of technology systems and applications
* Ability to work with unclear and/or complex regulations and situations
* Verbal and written communication skills.
* Personal integrity, team orientation, entrepreneurial, resourceful and results oriented.
* Organization, facilitation and presentation skills.

PREFERRED JOB REQUIREMENTS:

* MBA

* JD preferred
* Knowledge of HCSC's various functional areas and departments
* Experience in management of multiple off-site locations

#LI - AZ1

#LI - Hybrid

Are you being referred to one of our roles? If so, ask your connection at HCSC about our Employee Referral process!

HCSC Employment Statement:

HCSC is committed to diversity in the workplace and to providing equal opportunity and affirmative action to employees and applicants. We are an Equal Opportunity Employment / Affirmative Action employer dedicated to workforce diversity and a drug-free and smoke-free workplace. Drug screening and background investigation are required, as allowed by law. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

 Apply on company website