Join Privia - Population Health Technology | Privia Health
Sr. Manager/Director, Privacy
Legal and Compliance
Remote - US
Full Time

Share | |

Title/Position: Sr. Manager or Director, Privacy

Department or Business Unit: Legal & Compliance

Reporting Structure: Privacy Officer

Employment Type: FTE

Exemption Status: Exempt

Min. Experience: Mid-Level

Travel Required: On average, approximately a total of 1 day a month

Overview of the Role:

**Must have Healthcare Privacy experience to be considered for this opportunity**

This individual will partner with the Privacy Officer to ensure all required elements of an effective Privacy Program are met. This position is responsible for reviewing and developing processes and controls to ensure compliance with state and federal laws and regulations,including, but not limited to HIPAA, applicable to Privia Health. The successful individual will be responsible for providing expert guidance on aspects of policy development, protocols, and industry best practices.    


Primary Job Duties: 

  • Review and investigate all reported privacy and security incidents and concerns to determine if they constitute reportable breaches under HIPAA and/or applicable state law. Coordinate investigations with IT Security team, as needed
  • Work and document all privacy related investigations and findings in Complytrack system
  • Draft all required breach notices and coordinate their mailing / filing to patients
  • Coordinate filing of incident and annual breach reports with the HHS Office of Civil Rights
  • Assist in providing responses to complaints and correspondence from the HHS Office of Civil Rights
  • Assist Medical Records team in responding to subpoenas of patient records
  • Assist in providing appropriate responses to patient complaints (including BBB complaints) related to privacy issues
  • Serve as a subject matter expert resource for Privia and care center staff on HIPAA and state privacy laws and regulations
  • Review current operational processes, policies and procedures to assist in determining opportunities for improvement
  • Collaborate with care centers and departmental management to implement procedures, controls, and policies to ensure compliance
  • Support the Privacy Officer in preparation and delivery of reports to the Board of Directors, Market-Level Board of Governors and Executive Management team
  • Work with business owners to create documentation that outlines processes and procedures 
  • Work with the Medical Records team to address all suspected misuse of athena as identified by our EHR  audit program. Work with care centers and departmental management to determine formal corrective action plans to address issues identified
  • Audit care center compliance with Business Associate Agreement compliance, including, but not limited to, maintenance of cyber-liability insurance
  • Assist the Privacy Officer in performing investigations of allegations of violations of the Company’s HIPAA Compliance Program 
  • Maintain current knowledge of HIPAA and state legal and regulatory requirements and guidance and industry standards
  • Assist in creating and updating Privacy policies and patient forms, including, but not limited to Privia’s Notice of Privacy Practices, website privacy policies, etc
  • Assist in developing and leading education related to HIPAA and privacy issues
  • Assist in the coordination and timely response of audits performed by regulatory agencies or payors related to HIPAA
  • Assist in Third Party Services vetting process to ensure business associate and third party HIPAA compliance
  • Perform other duties as assigned

Minimum Qualifications:

  • Bachelor’s Degree required
  • 5+ years’ experience in healthcare privacy compliance with a keen understanding of risks and controls
  • Thorough knowledge of HIPAA Privacy Rule requirements
  • Privacy and/or compliance certification preferred 
  • Experienced in reviewing and understanding complex laws, regulations and guidelines and applying them to business practices
  • Excellent written and verbal communication skills
  • Comfortable maintaining strict confidentiality 
  • Excellent attention to detail
  • Experience navigating EHR, preferably athena
  • Familiarity with on-line reporting systems and documentation preferred

Communication Methods Used:

  • Written communication
  • Email
  • Phone
  • Google Chat
  • Virtual meetings

Physical Demands:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is regularly required to talk, hear, and operate a computer and telephone. Specific vision abilities required by this job include vision necessary for document review and computer work. Ability to use a computer terminal for an extended period of time. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Technical Requirements for Remote Work:

In order to successfully work remotely, supporting our patients and providers, we require a minimum of 5 MBPS for Download Speed and 3 MBPS for the Upload Speed. This should be acquired prior to the start of your employment. The best measure of your internet speed is to use online speed tests like This gives you an update as to how fast data transfer is with your internet connection and if it meets the minimum speed requirements. Work with your internet provider if you have questions about your connection. Employees who regularly work from home offices are eligible for expense reimbursement to offset this cost.

Would you like to apply to this job?

Apply for the Sr. Manager/Director, Privacy position

Previous MonthNext Month