Director of Privacy and Data Protection
University of Maryland Medical System
Baltimore, MD - United States
WittKieffer is partnering with University of Maryland Medical System (UMMS) on their search for a Director of Privacy and Data Protection.
Created in 1984, UMMS has evolved into a multi-hospital system with academic, community and specialty service missions reaching every part of Maryland and beyond with approximately 150 locations where patient care is provided. The 12-hospital UMMS is a comprehensive healthcare delivery system with approximately 28,000 employees, 2,458 licensed beds, over 100,000 annual patient admissions and patient revenues of $4.86 billion. UMMS’ flagship academic campus, the University of Maryland Medical Center in Baltimore, is recognized regionally and nationally for excellence in specialized care. In partnership with the University of Maryland School of Medicine, UMMC is a national and regional referral center for trauma, cancer care, transplant, neurocare, cardiac care, women’s and children’s health and physical rehabilitation.
The Director, Privacy and Data Protection is a key system shared services role that is responsible for leading and overseeing UMMS privacy and data protection program development, implementation, and maintenance. This includes facilitating adherence to all relevant UMMS privacy and data protection policies and procedures, as well as privacy and data protection related laws and regulations. The new director will thoughtfully design transparent, measurable and compliant data management processes and related activities within UMMS, ensuring that privacy and data protection is baked into world class patient care and related business operations and includes metrics. This position also directs and develops the organization’s privacy and data protection strategy and work plan and coordinates with other compliance leaders in a shared services model to enhance the culture of compliance around privacy and data protection.
Key priorities for the Director of Privacy and Data Protection include:
- Build a strategic and comprehensive privacy and data protection program that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of protected health information (PHI). Assess the current state of privacy and data protection within UMMS and identify potential vulnerabilities and opportunities for enhancements within the program. Develop a vision and strategic plan in accordance with best practices that will guide the future direction of privacy and data protection and align with the overall strategic initiatives of UMMS.
- Ensure that the UMMS privacy and data protection program includes the privacy components of the Health Insurance Portability and Accountability Act (HIPAA), state privacy laws and regulations, protection of the organization’s proprietary data, employee data privacy as well as other relevant and emerging privacy requirements including but not limited to the General Data Protection Regulation (GDPR).
- Work effectively and collaboratively with executive leadership, Information Security, and compliance leaders to establish and maintain effective management and governance for the privacy and data security program. Act as the compliance liaison to the UMMS Information Security and Technology Department.
- Working effectively with compliance leaders, organization administration, legal counsel, and other related parties to represent UMMS information privacy interests with external parties (state or local government bodies) that adopt or amend privacy legislation, regulations, or related expectations.
- Work effectively with representatives of the U.S. Department of Health and Human Service’s Office for Civil Rights (OCR), state regulators and/or other legal entities as well as appropriate internal partners during government-initiated privacy or data security related reviews, audits or investigations.
- Build, mentor, and develop a world class privacy team. Manage, hire and retain staff and be accountable for the performance of the team.
Qualifications:
- Five or more years of privacy, data security or IT security program leadership or related experience required.
- Demonstrated current working knowledge of relevant and emerging privacy and data protection laws and regulations.
- Bachelor’s degree in business or health care administration or similar field required. An advanced degree in law (JD), privacy, or a related field preferred.
- One or more of the following existing and current certifications or obtaining an approved privacy or data security related certification within the first year of employment is required: CIPP, CIPM, HCISPP, PECB-CDPO, CDP or CHPC.
- Experience with HIPAA and working within academic medical centers or integrated care delivery systems is preferred.
Please direct all applications, nominations, and inquiries to Jessica Cummings, by clicking the buttons below or by e-mail to: [email protected].