Senior Compliance Officer - Information Governance/HIPAA Privacy

Nuvance Health
135000.00 - 175000.00 USD Annual
Feb 01, 2023
Feb 07, 2023
Trademark Agent
Contract Type
Nuvance Health has a network of convenient hospital and outpatient locations – Danbury Hospital, New Milford Hospital, Norwalk Hospital and Sharon Hospital in Connecticut, and Northern Dutchess Hospital, Putnam Hospital Center and Vassar Brothers Medical Center in New York – plus multiple primary and specialty care physician practices locations, including The Heart Center, a leading provider of cardiology care, and two urgent care offices. Non–acute care is offered through various affiliates, including the Thompson House for rehabilitation and skilled nursing services, and the Home Care organizations.
Consistent with the requirements found under HIPAA, information governance best practices, and applicable workforce member confidentiality laws, the Senior Compliance Officer – Information Governance/HIPAA Privacy and Security position is necessary to ensure: (i) integrity and compliance with Federal, State of New York, and State of Connecticut privacy and confidentiality laws; and (ii) the appropriate implementation of physical, administrative, and technical safeguards to reduce or mitigate the impact of risks that may affect the confidentiality, availability, and integrity of confidential patient and workforce member information. Will directly supervise at least one subordinate compliance officer.
1. Preparing written memoranda, PowerPoint presentations, and dashboards and other compliance metrics that, with regard to patient and workforce member confidentiality, information security, privacy incident response and management, and record management: (i) outline compliance efforts related thereto; and (ii) document the level of effectiveness of corresponding compliance initiatives.
2. Serve as Nuvance's: (i) HIPAA Privacy Officer and HIPAA Security Officer and fulfill all corresponding functions and duties these roles carry under the HIPAA Privacy Rule at 45 CFR 164.530 a 1 i , and HIPAA Security Rule at 45 CFR 164.308 a 2 , respectively; (ii) the designated individual to receive HIPAA–related complaints and provide information related to the Nuvance Health's HIPAA Notice of Privacy Practices as set forth under the HIPAA Privacy Rule at 45 CFR 164.530 a 1 ii and 45 CFR 164.520, respectively (ii) lead compliance officer on privacy and information governance–related compliance issues.
3. Developing and implementing HIPAA policies and procedures related to administrative, physical, and technical safeguards.
4. Develop applicable patient and workforce member privacy and confidentiality policies and procedures consistent with Federal, State of Connecticut, and State of New York Law.
5. Carryout additional tasks and duties as assigned by the Deputy CCO or CCAPO.
6. Fulfill all compliance responsibilities related to the position.
7. Performs other duties as assigned.
Other information:
Required: Bachelor's degree with at least five (5) years of job–related experience or a master's degree with at least four (4) years of job–related experience is required. A Bachelor, Master or Doctorate Degree in asset management, public health or health services administration, public administration, business administration, organizational effectiveness or management is a plus. A Bachelor, Master or Doctorate degree in data security, cybersecurity, record management, information systems, computer science, data management, internal controls or information governance is desired. A Juris Doctor degree ("J.D.") or Master of Laws degree ("LL.M") from an American Bar Association accredited law school with experience in providing counsel on privacy, data security or information technology (or intellectual property concerning information technology) matters is a plus.
Certification in at least one of the following at the time of appointment to the position: (i) certified as an auditor of information systems ("CISA" designation) from ISACA; (ii) certified in risk and information systems control ("CRISC" designation) from ISACA; (iii) certified as a manager in information security ("CISM" designation) from ISACA; (iv) certified in the governance of enterprise information technology ("CGEIT" designation) from ISACA; or (v) certified as a cybersecurity practitioner ("CSX–P" designation) from ISACA; or (vi) certified as a professional in information systems security ("CISSP") designation) from (ISC).
Certification in at least one of the following within six (6) months of appointment (must be eligible to take the examination at the time of appointment) (i) certified information privacy professional ("CIPP–US" designation) from the International Association of Privacy Professionals ("IAPP); or (ii) information privacy management ("CIPM" designation) from IAPP or; (iii) information privacy technology ("CIPT" designation) from IAPP; or (iv) a Privacy Law Specialist ("PLS" designation) from IAPP. Candidates holding a CIPP–US designation or a PLS designation are preferred.
Certification in healthcare compliance ("CHC" designation) or as a compliance and ethics professional ("CCEP" designation) from the Compliance Certification Board within nine (9) months of appointment (must be eligible to take the certification exam at the time of appointment). Candidates holding a CHC designation are preferred.

Location: The Summit, Danbury
Work Type: Full–Time
Standard Hours: 40.00
FTE: 1.000000
Work Schedule: Day 8
Work Shift: M–F 8:00am–4:30pm (hybrid)

Some manual skills / motor coord & finger dexterity
Little or no potential for occupational risk
Medium to Heavy effort. May exert up to 35 lbs. force
Generally pleasant working conditions.

Job Type: Full–time

Pay: $135,000.00 – $175,000.00 per year

Dental insurance
Health insurance
Paid time off
Vision insurance
8 hour shift

Work Location: Hybrid remote in DAnbury, CT