Manager, Privacy
3 weeks ago
The Manager, Privacy will play a key role in building, operationalizing and sustaining an effective and robust Privacy Program. Reporting to the Director, the role will ensure that the organization complies with relevant and applicable privacy laws, regulations, contractual requirements, and standards. The role will be responsible for developing and maintaining privacy-related policies and procedures, training, communications and awareness, monitoring and tracking, investigation, remediation, and corrective action planning documents, processes and protocols for the organization and all of its subsidiaries, affiliates and entities. The role will also ensure that all potential and reported privacy violations are fully investigated, including but not limited to the organizational security breach incident response protocol, partnering closely with Information Security, Legal and others. The role will additionally compile and develop relevant, timely and high-quality privacy reporting (including all relevant metrics) for both internal and external stakeholders, including but not limited to senior leadership, the Board and Audit Committee, and regulatory entities, among others. As part of the broader CCA Risk Compliance Department and set of integrated GRC programs, the role will also foster and facilitate an organizational culture of openness, trust and transparency in ensuring integrity-based dealings with all internal and external stakeholders.
What You'll Be Doing
ORGANIZATIONAL DEVELOPMENT OF PRIVACY PROGRAM
- Develops and maintains all Privacy policies and procedures, ensuring timely, relevant and high-quality work product
- Develops and maintains Privacy training, communications, education and awareness campaigns, plans and materials, ensuring timely, relevant, engaging and high-quality work product
- Develops and maintains Privacy monitoring, tracking, reporting, metrics, dashboarding, and auditing programs and protocols, ensuring timely, relevant and high-quality work product, reviews and reports
- Develops and maintains Privacy investigation and security/privacy data breach incident response protocols, reports and deliverables, partnering with all relevant cross-organizational areas, including those related to vendors, service providers, third parties and downstream entities (i.e., both internal and external incidents)
- Develops and maintains Privacy and Security-related control remediation and corrective action planning (CAP) protocols and reports, including relevant CAP issuance, guidance and closure
- Develops and maintains all Privacy-related vendor, service provider, third-party, downstream entity, and similar oversight controls and protocols, including but not limited to Business Associate Agreements and other contractual reviews, mechanisms and activities
- Develops and maintains highly effective and high-quality protocols for all internal and external Privacy reporting, including relevant and timely metrics, for senior leadership, the Board and Audit Committee, and regulatory entities, among others
- Develops and maintains highly effective and high-quality protocols for timely and promptly evaluating new Privacy laws, regulations, contractual requirements and standards, and for effectively and proactively guiding and advising all relevant business, operational and clinical areas to adequately operationalize such new requirements, activities and change management protocols
- Coordinates privacy activities overseeing the establishment, implementation, and adherence to corporate policies on individual privacy, confidentiality, and release of confidential information
- Develops and manages HIPAA project teams, including Privacy Liaisons; serves as a privacy resource for CCA departments and entities
- Provides leadership in the planning, design, and evaluation of CCA privacy-related projects
- Serves as a liaison to regulatory and accrediting bodies for matters relating to privacy
- Responsible for documenting and communicating the progress of the implementation of the HIPAA privacy and security compliance program at CCA including affiliates and related entities
- Works with legal counsel, management, operational departments, and committees to ensure CCA has and maintains appropriate confidentiality consent, authorization forms and information notices
- Works with the Legal Department to review new or revised healthcare laws and regulations (federal and state) pertaining to individual privacy, and determine whether modifications or revisions of policies and procedures are needed
- Provides direction and guidance in special investigations or special projects. Reviews results and recommends actions in coordination with key internal/external stakeholders
- Works closely with IT Security, members of the electronic medical record implementation/informatics team, and other information technology personnel to ensure that the organization's privacy and security protections keep pace with technological advances
- Coordinates with management, IT security, and others to assure physical safeguards to guard data integrity, confidentiality, and availability
- Coordinates with senior management, operational managers, the Chief Information Security Officer, IT managers, and business support services to provide for a business continuity plan and disaster recovery service. Ensure CCA's disaster recovery plan addresses relevant information privacy and security issues.
- Reviews all system-related information privacy and security plans throughout CCA's network to ensure alignment between security and privacy practices
- Provides concise and timely summaries to senior management of complex and detailed regulatory publications and prepares operational impact statements
- Assist in the development of the Compliance and Privacy Workplans through effective identification of privacy-related compliance risks
- Facilitates prompt, relevant, timely and high-quality responses to regulatory inquiries, audits and requests for information, either liaising directly with regulators, as warranted and appropriate, or partnering with other CCA areas (e.g., CCA Compliance, CCA Legal, CCA Regulatory Audit Management, etc.)
- Maintains current knowledge of applicable federal and state privacy and security laws, regulations, contractual requirements and standards, and monitors advancements in information privacy and security technologies to ensure organizational adaptation and compliance
- Participates in outside healthcare organizations to keep updated on privacy developments and "best practices"
- Maintains regulatory library ("register") for Privacy Security laws, regulations and requirements pertaining to the organization
- Maintains documentation of Privacy Program
- Communicates changes in regulatory issues to senior management and to the appropriate operational managers
- Establishes and administers, as appropriate, a corporate process for receiving, documenting, tracking, investigating, and acting on all complaints concerning CCA's privacy compliance policies and procedures
- Responds effectively to incidents and violations to reduce the risks to the organization
- Accurately and effectively reports privacy compliance risks and trends to internal stakeholders and through compliance committee governance
- Oversees the development, delivery, and ongoing improvement of privacy and security compliance training and awareness to include CCA staff and other entities, as required
- Develops and implements a system-wide privacy training program and, in conjunction with the security official or other individuals charged with security oversight, a cyber security awareness and training program that includes the following components:
- Initial training of all employees related to the privacy program
- Privacy training to all members of the workforce, including all employees, volunteers, trainees, and other persons under the direct control of the entity on an unpaid basis, who are not business partners but are likely to have contact with PHI and/or PII
- Upon changes in corporate privacy policy or procedure, retraining of directly affected employees
- Mandated privacy retraining for all employees at on-boarding and annually thereafter
- Works with senior management to develop and consistently apply appropriate discipline for employees who fail to comply with the organization's privacy and security policies and procedures
- In cooperation with Human Resources, the Privacy Security Officials, administration, and legal counsel, as applicable, ensures consistent application of disciplinary action for failure to comply with privacy and security policies for all individuals in the organization's workforce, extended workforce, and for all business associates
- Coordinates with HR to ensure no intimidating, discriminatory, or other retaliatory actions occur against a person who files, testifies, assists, or participates in any investigation, compliance review, proceeding, or hearing related to a privacy violation, or opposes any unlawful act or practice
- Establishes an internal privacy and security compliance audit program to ensure enterprise-wide compliance with CCA privacy and security policies
- Works with departmental managers to assure that there is adequate auditing and monitoring of systems' access and activity and processes in place identify potential privacy and security violations
- Directs or conducts independent Privacy reviews and evaluations of all operations and activities to appraise:
- Compliance with current regulations of federal, state, and other regulatory bodies
- Possible errors and omissions that may violate current or future compliance
- Compliance with internal policies, plans or standards which could impact compliance with external regulatory bodies
- Cooperates with the Office of Civil Rights (OCR), other regulatory entities, and organization officials in any compliance reviews or investigations
- Participates in the development, implementation, and ongoing compliance monitoring of all business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed
- Aids Legal, operational managers and staff during enforcement activities, surveys, and external investigations. Assists in the preparations of required documentation required by external agencies, corrective action plans, and future monitoring or auditing to assure compliance
- Maintains communications with external regulatory or review organizations and accrediting agencies to assure proper interpretations of regulations and impacts on operations Coordinates work with others within the organization that have responsibility for process improvement, accreditation surveys or other regulatory activities
- Assist with the development and preparation of corrective action plans, maintain compliance with benchmarks/deadlines and prepare written reports of audits
- Prepare and coordinate regulatory filings, as required
Education Required:
- Bachelor's Degree
- Relevant graduate degree (e.g., Juris Doctor, MBA, Masters, etc.) in a relevant field
- Privacy Security certifications such as Certified in Healthcare Privacy Compliance (CHPC), Certified in Healthcare Privacy and Security (CHPS), Certified Information Privacy Professional (CIPP), and/or other Privacy-related credentials.
- 5-6+ years of health insurance Privacy legal and regulatory experience required
- 3+ years of managerial and leadership experience required
- An individual with a combination of the following: medical records/health information management background, information systems/technology background; compliance, legal or performance improvement experience
- Health Plan Experience
-
Privacy Manager
13 hours ago
Boston, United States Validity Full timeJob DescriptionJob DescriptionAbout the RoleThe Privacy Program Manager will be responsible for managing the company-wide privacy program. In this role you will consult with internal stakeholders to gain various perspectives on critical privacy issues and take a strategic approach to establish effective goals, milestones, and metrics of the Company’s...
-
Associate Counsel – Information Technology
2 days ago
Boston, United States InsideHigherEd Full timeJob no: 523448Position type: Staff Full TimeCampus: UMass President's OfficeCampus Location: Beacon Street-BostonDepartment: PO-General CounselCategories: Legal AffairsAdvertised: May 14 2024 Eastern Daylight TimeApplications close:Primary Work Location:Westborough or Boston, Massachusetts; hybrid schedule as directed by the General Counsel.Job Summary:As a...
-
Project Manager Construction
1 day ago
Boston, United States Brigham and Women's Hospital Full timeJob Description - Project Manager Construction (3289605) POSITION SUMMARY: The Project Manager oversees the development, design, and construction of MEEI capital construction projects. Develops and coordinates planning and design documents and administers construction projects and interior moves to completion. Responsible for developing and implementing the...
-
Information Technology Security Manager
19 hours ago
Boston, United States Robert Half Full timeAs the Security Manager, you'll take the helm of our security program, leading initiatives to safeguard our organization's data and systems. You'll wear multiple hats, including:Security Strategist: Develop, implement, and manage a comprehensive security program aligned with industry best practices and regulatory requirements.Vendor Management Expert:...
-
Manager, Category Management III
1 day ago
Boston, United States Chewy Full timeOur Opportunity: Chewy is seeking a dynamic and analytical Senior Category Manager to join our growing and fast-paced merchandising team in Fort Lauderdale, Seattle, or Boston. We have very ambitious plans at Chewy and building our Merchandising teams and businesses are the top priority. Our Sr. Category Managers are passionate, entrepreneurial minded...
-
Manager, Category Management III
10 hours ago
Boston, United States Chewy Full timeOur Opportunity: Chewy is seeking a dynamic and analytical Senior Category Manager to join our growing and fast-paced merchandising team in Fort Lauderdale, Seattle, or Boston. We have very ambitious plans at Chewy and building our Merchandising teams and businesses are the top priority. Our Sr. Category Managers are passionate, entrepreneurial minded...
-
Manager, Category Management III
10 hours ago
Boston, United States Chewy Full timeOur Opportunity: Chewy is seeking a dynamic and analytical Senior Category Manager to join our growing and fast-paced merchandising team in Fort Lauderdale, Seattle, or Boston. We have very ambitious plans at Chewy and building our Merchandising teams and businesses are the top priority. Our Sr. Category Managers are passionate, entrepreneurial minded...
-
Executive Compensation Manager
4 weeks ago
Boston, United States Chewy Full time**Our Opportunity**: Chewy is hiring an** Executive** **Compensation Manager **to join our Executive Compensation Team, responsible for the strategic direction and operational execution of Chewy's executive compensation programs. In this individual contributor role reporting to the Senior Manager of Executive Compensation, you will collaborate with...
-
Project Manager
19 hours ago
Boston, United States Hexaware Technologies Full timeWhat Working at Hexaware offers:Hexaware is a dynamic and innovative IT organization committed to delivering cutting-edge solutions to our clients worldwide. We pride ourselves on fostering a collaborative and inclusive work environment where every team member is valued and empowered to succeed.Hexaware provides access to a vast array of tools that enhance,...
-
Project Manager
2 days ago
Boston, United States Hexaware Technologies Full timeWhat Working at Hexaware offers:Hexaware is a dynamic and innovative IT organization committed to delivering cutting-edge solutions to our clients worldwide. We pride ourselves on fostering a collaborative and inclusive work environment where every team member is valued and empowered to succeed.Hexaware provides access to a vast array of tools that enhance,...
-
AD Product Manager
1 day ago
Boston, Massachusetts, United States Chewy Full timeOur OpportunityChewy's mission is to be the most trusted and convenient destination for pet parents and partners everywhere. We view pets (and pet parents) as family and are obsessed with meeting their needs and exceeding customer expectations through every interaction. At Chewy, the Payments team is dedicated to enhancing the customer experience by...
-
AD Product Manager
1 day ago
Boston, Massachusetts, United States Chewy Full timeOur OpportunityChewy's mission is to be the most trusted and convenient destination for pet parents and partners everywhere. We view pets (and pet parents) as family and are obsessed with meeting their needs and exceeding customer expectations through every interaction. At Chewy, the Payments and Fraud team safeguards Pet Parents and Chewy from risk while...
-
Senior Technical Success Manager
1 week ago
Boston, United States Snyk Ltd. Full timeEvery day, the world gets more digital thanks to tens of millions of developers building the future faster than ever. But with exponential growth comes exponential risk, as outnumbered security teams struggle to secure mountains of code. This is where Snyk (pronounced “sneak”) comes in. Snyk is a developer security platform that makes it easy for...
-
Senior Product Manager
1 day ago
Boston, Massachusetts, United States Chewy Full timeOpportunity:Chewy's mission is to be the most trusted and convenient destination for pet parents and partners everywhere. We view pets (and pet parents) as family and are obsessed with meeting their needs and exceeding customer expectations through every interaction. The Chewy Health team is focused on redefining how vets and pet parents care for their pets,...
-
Marketing Manager-Acrisure Cyber Services
13 hours ago
Boston, United States Acrisure LLC Full timeMarketing Manager: Acrisure Cyber Services Location: Hybrid: 3 days per week on-site, 2 days remote in Boston, MA office At Acrisure Cyber Services we protect and grow the businesses that our clients have worked so hard to build. We create total cyber resiliency for our clients through industry-leading Cybersecurity solutions, award-winning managed IT...
-
Associate Director, Category Management
1 day ago
Boston, Massachusetts, United States Chewy Full timeOur Opportunity:Chewy is hiring an Associate Director of Category Management for our Replenishables business. The successful candidate will be a self-starter and will focus on accelerating growth. To drive growth, this person will expand selection with new and existing vendors, drive new product launches on site, develop Chewy's offering to better support...
-
Senior Technical Product Manager
11 hours ago
Boston, United States Chewy Full timeOur Opportunity:We are looking for a Senior Technical Product Manager at our facility in Boston, MA, to own the production support, and migration of legacy implementations to our latest offering.What You'll Do: Set priorities and own the roadmap for our 3rd party Customer Service CRM applications.Coordinate with business stakeholders and continuously make...
-
Field Marketing Manager
3 weeks ago
Boston, United States Chronos Consulting Full timeField Marketing Manager – Neurosurgery Medical Device Field Marketing Manager – Neurosurgery Medical Device Our client is a global leader in non-invasive image-guided neurosurgical treatments. They are looking for an outstanding Field Marketing Manager to be based in Boston. Critical Skills Required: Bachelor’s degree in Marketing or Business a must,...
-
Sales Account Manager
1 week ago
Boston, United States American Fidelity Sales Careers Full timeAmerican Fidelity Assurance is now looking for an Account Manager in your area.Our salaried, career Account Managers are responsible for selling worksite insurance products and services in a defined sales territory with an existing customer base. You will build strong, long-term relationships with businesses and develop specific, needs-based recommendations...
-
Sales Account Manager
1 week ago
Boston, United States American Fidelity Sales Careers Full timeAmerican Fidelity Assurance is now looking for an Account Manager in your area.Our salaried, career Account Managers are responsible for selling worksite insurance products and services in a defined sales territory with an existing customer base. You will build strong, long-term relationships with businesses and develop specific, needs-based recommendations...
