The Manager, Privacy will play a key role in building, operationalizing and sustaining an effective and robust Privacy Program. Reporting to the Director, the role will ensure that the organization complies with relevant and applicable privacy laws, regulations, contractual requirements, and standards. The role will be responsible for developing and maintaining privacy-related policies and procedures, training, communications and awareness, monitoring and tracking, investigation, remediation, and corrective action planning documents, processes and protocols for the organization and all of its subsidiaries, affiliates and entities. The role will also ensure that all potential and reported privacy violations are fully investigated, including but not limited to the organizational security breach incident response protocol, partnering closely with Information Security, Legal and others. The role will additionally compile and develop relevant, timely and high-quality privacy reporting (including all relevant metrics) for both internal and external stakeholders, including but not limited to senior leadership, the Board and Audit Committee, and regulatory entities, among others. As part of the broader CCA Risk & Compliance Department and set of integrated GRC programs, the role will also foster and facilitate an organizational culture of openness, trust and transparency in ensuring integrity-based dealings with all internal and external stakeholders.
Develops and maintains all Privacy policies and procedures, ensuring timely, relevant and high-quality work product
Develops and maintains Privacy training, communications, education and awareness campaigns, plans and materials, ensuring timely, relevant, engaging and high-quality work product
Develops and maintains Privacy monitoring, tracking, reporting, metrics, dashboarding, and auditing programs and protocols, ensuring timely, relevant and high-quality work product, reviews and reports
Develops and maintains Privacy investigation and security/privacy data breach incident response protocols, reports and deliverables, partnering with all relevant cross-organizational areas, including those related to vendors, service providers, third parties and downstream entities (i.e., both internal and external incidents)
Develops and maintains Privacy and Security-related control remediation and corrective action planning (CAP) protocols and reports, including relevant CAP issuance, guidance and closure
Develops and maintains all Privacy-related vendor, service provider, third-party, downstream entity, and similar oversight controls and protocols, including but not limited to Business Associate Agreements and other contractual reviews, mechanisms and activities
Develops and maintains highly effective and high-quality protocols for all internal and external Privacy reporting, including relevant and timely metrics, for senior leadership, the Board and Audit Committee, and regulatory entities, among others
Develops and maintains highly effective and high-quality protocols for timely and promptly evaluating new Privacy laws, regulations, contractual requirements and standards, and for effectively and proactively guiding and advising all relevant business, operational and clinical areas to adequately operationalize such new requirements, activities and change management protocols
Coordinates privacy activities overseeing the establishment, implementation, and adherence to corporate policies on individual privacy, confidentiality, and release of confidential information
Develops and manages HIPAA project teams, including Privacy Liaisons; serves as a privacy resource for CCA departments and entities
Provides leadership in the planning, design, and evaluation of CCA privacy-related projects
Serves as a liaison to regulatory and accrediting bodies for matters relating to privacy
Responsible for documenting and communicating the progress of the implementation of the HIPAA privacy and security compliance program at CCA including affiliates and related entities
Works with legal counsel, management, operational departments, and committees to ensure CCA has and maintains appropriate confidentiality consent, authorization forms and information notices
Works with the Legal Department to review new or revised healthcare laws and regulations (federal and state) pertaining to individual privacy, and determine whether modifications or revisions of policies and procedures are needed
Provides direction and guidance in special investigations or special projects. Reviews results and recommends actions in coordination with key internal/external stakeholders
Works closely with IT Security, members of the electronic medical record implementation/informatics team, and other information technology personnel to ensure that the organization s privacy and security protections keep pace with technological advances
Coordinates with management, IT security, and others to assure physical safeguards to guard data integrity, confidentiality, and availability
Coordinates with senior management, operational managers, the Chief Information Security Officer, IT managers, and business support services to provide for a business continuity plan and disaster recovery service. Ensure CCA s disaster recovery plan addresses relevant information privacy and security issues.
Reviews all system-related information privacy and security plans throughout CCA s network to ensure alignment between security and privacy practices
Provides concise and timely summaries to senior management of complex and detailed regulatory publications and prepares operational impact statements
Assist in the development of the Compliance and Privacy Workplans through effective identification of privacy-related compliance risks
Facilitates prompt, relevant, timely and high-quality responses to regulatory inquiries, audits and requests for information, either liaising directly with regulators, as warranted and appropriate, or partnering with other CCA areas (e.g., CCA Compliance, CCA Legal, CCA Regulatory Audit Management, etc.)
Establishes an internal privacy and security compliance audit program to ensure enterprise-wide compliance with CCA privacy and security policies
Works with departmental managers to assure that there is adequate auditing and monitoring of systems access and activity and processes in place identify potential privacy and security violations
Directs or conducts independent Privacy reviews and evaluations of all operations and activities to appraise:
Compliance with current regulations of federal, state, and other regulatory bodies
Possible errors and omissions that may violate current or future compliance
Compliance with internal policies, plans or standards which could impact compliance with external regulatory bodies
Cooperates with the Office of Civil Rights (OCR), other regulatory entities, and organization officials in any compliance reviews or investigations
Participates in the development, implementation, and ongoing compliance monitoring of all business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed
Aids Legal, operational managers and staff during enforcement activities, surveys, and external investigations. Assists in the preparations of required documentation required by external agencies, corrective action plans, and future monitoring or auditing to assure compliance
Maintains communications with external regulatory or review organizations and accrediting agencies to assure proper interpretations of regulations and impacts on operations Coordinates work with others within the organization that have responsibility for process improvement, accreditation surveys or other regulatory activities
Assist with the development and preparation of corrective action plans, maintain compliance with benchmarks/deadlines and prepare written reports of audits
Prepare and coordinate regulatory filings, as required
Please note employment with CCA is contingent upon acceptable professional references, a background check (including Mass CORI, employment, education, criminal check, and driving record, (if applicable)), an OIG Report and verification of a valid MA/RN license (if applicable). Commonwealth Care Alliance is an equal opportunity employer. Applicants are considered for positions without regard to veteran status, uniformed service member status, race, color, religion, sex, national origin, age, physical or mental disability, genetic information or any other category protected by applicable federal, state or local laws.