Privacy & Data Security Manager

Company Description

Privia Health™ is a national physician platform transforming the healthcare delivery experience. We provide tailored solutions for physicians and providers, creating value and securing their future. Through high-performance physician groups, accountable care organizations, and population health management programs, Privia works in partnership with health plans, health systems, and employers to better align reimbursements to quality and outcomes.

Job Description

Under the direction of the Chief Privacy Officer and in close collaboration with the Chief Information Security Officer, the Privacy & Data Security Manager will assist with maintaining an effective privacy and data security program, including, but not limited to providing consultative services on privacy and patient confidentiality issues, developing and reviewing policies and procedures, and oversee the privacy and data security program.

Primary Job Duties:

1. Initiates, facilitates, and promotes activities to foster a culture of privacy and data security compliance within Privia

1. Provides guidance and direction on HIPAA Privacy and Security rules and other applicable federal and state health care privacy laws

1. Assists in the development, implementation, and maintenance of administrative, physical, and technical safeguards for personally identifiable data, including, but not limited to managing user access, enforcing least-privilege principles, and maintaining system audit logs

1. Periodically reviews and proposes revisions to Privia’s Privacy and Security Policies and Procedures and guidance materials to facilitate compliance with new privacy or cybersecurity-related laws/regulations or changes to existing federal, state, and local privacy or cybersecurity rules and regulations

1. Collaborates with the CPO and CISO on the development of privacy and security training modules

1. Assists ongoing privacy and security compliance monitoring and auditing activities, including staff awareness programs on phishing, ransomware, and insider threats

1. In collaboration with the CPO and CISO, supports investigations of privacy and security incidents, breach risk assessments, and reporting to affected individuals and, when needed, HHS-OCR or other applicable agencies

1. Maintains rapport with all business units to facilitate spirit of collaboration

1. Collaborates with Information Security including conducting and reviewing security risk assessments to facilitate the implementation of effective mitigation of identified risks

1. Assists with the implementation and management of PCI-DSS standards and SOX controls

1. Other duties as assigned

Qualifications

• Demonstrated knowledge in HIPAA Privacy, HIPAA Security, applicable state Privacy statutes and regulations, NIST Cybersecurity framework, 405(d) Health Industry Cybersecurity Practices, PCI, and SOX

• Working knowledge of medical group operation processes

• Ability to detect deficiencies in processes and determine needs to improve outcomes

• Minimum of five years general healthcare privacy and security compliance experience with knowledge of medical group operations and physician services

• Minimum five years’ experience in regulatory research and knowledge of federal, state healthcare privacy and security requirements

• HIPAA Privacy Officer or Security Officer experience preferred

• Certified in Healthcare Privacy Compliance (CHPC) or other relevant certifications strongly preferred.

The salary range for this role is $100,000-$120,000in base pay and exclusive of any bonuses or benefits (medical, dental, vision, life, and pet insurance, 401K, paid time off, and other wellness programs). This role is also eligible for an annual bonus targeted at 15% and restricted stock units. The base pay offered will be determined based on relevant factors such as experience, education, and geographic location.

Additional Information

All your information will be kept confidential according to EEO guidelines.

Technical Requirements (for remote workers only, not applicable for onsite/in office work):

In order to successfully work remotely, supporting our patients and providers, we require a minimum of 5 MBPS for Download Speed and 3 MBPS for the Upload Speed. This should be acquired prior to the start of your employment. The best measure of your internet speed is to use online speed tests like https://www.speedtest.net/. This gives you an update as to how fast data transfer is with your internet connection and if it meets the minimum speed requirements. Work with your internet provider if you have questions about your connection. Employees who regularly work from home offices are eligible for expense reimbursement to offset this cost.

Privia Health is committed to creating and fostering a work environment that allows and encourages you to bring your whole self to work. Privia is a better company when our people are a reflection of the communities that we serve. Our goal is to encourage people to pursue all opportunities regardless of their age, color, national origin, physical or mental (dis)ability, race, religion, gender, sex, gender identity and/or expression, marital status, veteran status, or any other characteristic protected by federal, state or local law.