Vandalia Health Privacy Officer - Privacy Office - ...

Job SummaryThe Privacy Officer (PO) for a healthcare multi-system organization will lead the development, implementation, and oversight of comprehensive privacy strategies to ensure the confidentiality, integrity, and accessibility of patient information across multiple facilities and platforms. The PO will be responsible for establishing privacy policies, regulatory compliance, and leading the response to any data breaches or privacy concerns, ensuring adherence to HIPAA, HITECH, and other federal, state, and international regulations.Responsibilities• Develop and implement privacy programs across all healthcare system facilities. • Align privacy strategy with organizational goals to protect patient data and ensure compliance with regulations. • Oversee privacy risk assessments, audits, and ongoing monitoring activities. • Serve as a subject matter expert on privacy laws and regulations including HIPAA, HITECH, and other relevant guidelines. • Responsible for financial management of Vandalia Health Privacy. • Lead the creation and revision of privacy policies, procedures, and training programs to educate staff on best practices for handling patient information. • Collaborate with IT to ensure all data protection controls and protocols are in place to prevent unauthorized access to Protected Health Information (PHI). • Collaborate with internal stakeholders to assess the privacy implications of new technologies and business initiatives. • Ensure the healthcare system complies with all federal and state regulations concerning data privacy and protection. • Stay updated on emerging regulations and adjust internal policies and practices accordingly. • Maintain and enforce compliance with relevant privacy laws in various jurisdictions if operating internationally. • Lead the response to privacy incidents or data breaches, working closely with the IT security and legal teams to mitigate risks and manage breach notifications as required. • Oversee investigations of privacy complaints and breaches and work with internal teams to remediate the issues. • Develop and implement training programs to increase privacy awareness and ensure all employees understand their responsibilities concerning patient privacy and PHI. • Provide ongoing education and training on privacy laws, updates, and best practices. • Work closely with legal counsel, compliance teams, and IT security teams to ensure the proper implementation of privacy and data security measures. • Collaborate with IT to oversee data security measures and encryption protocols to protect sensitive health information. • Perform risk assessments of all new and existing healthcare systems, applications, and vendors to ensure privacy standards are met. • Implement corrective action plans to mitigate privacy risks and strengthen compliance. • Oversee privacy due diligence with third-party vendors and partners, ensuring contractual obligations and business associate agreements are following privacy regulations. Knowledge, Skills & AbilitiesPatient Group Knowledge (Only applies to positions with direct patient contact)The employee must possess/obtain (by the end of the orientation period) and demonstrate the knowledge and skills necessary to provide developmentally appropriate assessment, treatment or care as defined by the department's identified patient ages. Specifically the employee must be able to demonstrate competency in: 1) ability to obtain and interpret information in terms of patient needs; 2) knowledge of growth and development; and 3) understanding of the range of treatment needed by the patients.Competency StatementMust demonstrate competency through an initial orientation and ongoing competency validation to independently perform tasks and additional duties as specified in the job description and the unit/department specific competency checklist.Common Duties and Responsibilities(Essential duties common to all positions)1. Maintain and document all applicable required education.2. Demonstrate positive customer service and co-worker relations.3. Comply with the company's attendance policy.4. Participate in the continuous, quality improvement activities of the department and institution.5. Perform work in a cost effective manner.6. Perform work in accordance with all departmental pay practices and scheduling policies, including but not limited to, overtime, various shift work, and on-call situations.7. Perform work in alignment with the overall mission and strategic plan of the organization.8. Follow organizational and departmental policies and procedures, as applicable.9. Perform related duties as assigned.Education • Bachelor's DegreeCredentials • Certified in Healthcare Privacy Compliance• Certified Information Privacy Professional (CIPP), Certified in Healthcare Privacy Compliance (CHPC), or similar certification (preferred).Work Schedule: DaysStatus: Full Time Regular 1.0Location: Document Center BuildingLocation of Job: US:WV:CharlestonTalent Acquisition Specialist: Guy S. Stewart guy.stewart@

Created: 2026-04-15