Our mission is to deliver high-quality primary care that is accessible, convenient and affordable for all. Every single day you’ll be working on challenging problems with an exceptional team to profoundly transform primary care and improve people’s quality of life.
Your role and impact
As the leader of the privacy function, you will play a pivotal role in defining, implementing and maintaining our privacy posture. Ensuring the security of PHI in transit and at rest is your responsibility. You will work cross-functionally to evolve privacy at 98point6 by driving the design and delivery of privacy initiatives. This role reports directly to the General Counsel and will start as an individual contributor with the expectation of building out a privacy team over time.
Responsibilities
- Serve as the HIPAA Privacy Officer, leading the continuous management of privacy policies, processes, procedures and training in order to maintain the confidentiality, security, integrity and availability of organizational information systems
- Establish, manage and continuously improve privacy strategies and policies based on new or changed regulations, business priorities and privacy considerations
- Oversee audits, both internal and third-party, including leading and serving as the main point of contact for privacy and HIPAA-related audits
- Own privacy incident and breach evaluation, risk assessment, investigation and resolution, and oversee the completion of corrective and preventive actions
- Act as the contact person (face of the organization, principal point of contact) when interfacing with external parties and external reporting of a privacy incident is required
- Ensure compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the practice’s workforce, vendors and for all business associates (BAs)
- Coordinate with management and operations to establish a mechanism to conduct data mapping for PHI access within the practice, as required by state and federal regulations, and allow qualified individuals to review or receive a report on access activity
- Maintain current knowledge of federal and state privacy laws and accreditation standards, healthcare technology industry’s threat landscape and the security industry’s strategies for mitigating such threats
- Evaluate budget and expenses associated with privacy and security initiatives and programs
- Monitor privacy compliance and provide periodic executive management reports on performance of security programs to executive management
Qualifications
- 7–12+ years within privacy; experience working for covered entities under HIPAA and CCPA preferred
- 3+ years managing and building teams
- Strong problem-solving skills and creativity to add value and diversity of thought to our team
- Skilled at defining, documenting, implementing and maintaining privacy management systems
- Familiarity or experience working with SOC 2, ISO 27001, HITRUST, NIST or similar standards preferred
- Familiar with risk management techniques when developing privacy management systems and investigating privacy incidents, e.g., the AHIMA privacy incident risk management techniques
- Professional certifications in privacy (CIPP, CIPM), auditing (CPMA) or equivalent preferred
98point6 provides equal employment opportunities to all without regard to race, color, religion, sex (including sexual orientation or gender identity), national origin, age, disability, genetic information or other protected status.