Director Privacy Officer

Surescripts serves the nation through simpler, trusted health intelligence sharing, in order to increase patient safety, lower costs and ensure quality care. We deliver insights at critical points of care for better decisions — from streamlining prior authorizations to delivering comprehensive medication histories to facilitating messages between providers.
 

The Director, Privacy Officer is a seasoned leader who shapes and advances Surescripts’ Privacy Program to accelerate the Company’s growth.  This role champions innovative privacy strategies, navigates complex regulatory and technical environments, and implements privacy solutions that enable enterprise success.  By leveraging deep Privacy Program implementation expertise in a healthcare setting, this leader fuses cross-functional partnerships (e,g, with Data Governance, Security, AI, and Legal) to deliver aligned and integrated solutions for both risk management and business innovation.   

• Lead the Privacy vertical within the Compliance team to advance enterprise objectives, ensuring strategic and operational alignment with privacy-related laws, regulations, policies, and contractual requirements as advised and handed off by Legal Affairs.

• Oversee, train, hire, develop, and coach staff to drive outcomes and behaviors consistent with the Department’s purpose and service delivery model.

• Assign responsibilities to team, delegate, and manage team to ensure appropriate coverage and back-up support to meet enterprise needs.

• Serve as senior leader on the Compliance team to develop, implement, and execute strategic vision, including team meetings, brainstorming sessions, trainings, and team building activities.

• Independently solve or ensure that solutions are provided for the development and ideation of products and across product life cycles.

• Design and deploy operational strategies and plans to   meet the privacy-related needs of customers and rights of individuals. 

•  Lead privacy incident readiness and response plan; in the event of a cyber incident, provide privacy subject matter expertise throughout an investigation and breach response, at the direction of Legal. Partner with Data Governance, Information Security, Legal Affairs and others to ensure that key internal stakeholders are aligned on risk assessments, breach mitigation and notification, data use analyses, etc.

• Oversee and direct assigned team members in the subpoena intake and response process in coordination with the VP, Legal Affairs.

• Act in accordance with the Department’s service delivery model.

• In collaboration with the Corporate Compliance Director, conduct a regular privacy risk assessment and design, modify, and deploy a risk treatment plan that is responsive to such assessment.

• Keep apprised of privacy developments (legislative, enforcement, etc.) and best practices, and proactively share intelligence with the Chief Compliance Officer, Chief Legal Officer, and senior leaders in the Company as appropriate.

• Ensure that inquiries or requests that relate to Privacy are appropriately and efficiently handled by the team (including but not limited to complaints, PHI access requests, opt-outs, and requests for accounting of disclosure).  Analyze and draw insights therefrom.

• Ensure appropriate privacy-related policies are in place.

• Develop and report relevant privacy metrics and insights to the Corporate Compliance Committee and other leadership forums.

• Ensure that engaging training is delivered to Company personnel, including tailored educational experiences for key groups or roles, and ensure that there is appropriate awareness of privacy matters by Company personnel.

• Ensure that any alleged privacy violations or potential issues are investigated, and partner with others as needed to ensure proper mitigation.

• Ensure that appropriate response plans are in place for possible privacy breaches and provide training to personnel as necessary to promote readiness to enact such plans.

Basic Requirements:

• 10+ years of experience developing and implementing privacy programs in a healthcare setting

• Deep expertise in HIPAA and non-HIPAA privacy laws

• You thrive in environments where uncertainty is the norm, demonstrating confidence in making decisions amid incomplete information and evolving facts.

• Proficiency in data governance, data lineage, tagging and segmentation.

• Excellent communication skills to present and explain complex privacy matters to executive and senior leadership with solution-orientation.

• Works independently, demonstrating elite subject matter expertise and strategic stakeholder management.

Preferred Qualifications:

• Juris Doctor Degree and member in good standing of at least one bar

• 3+ years in healthcare technology

• Experience in a Privacy Equity-backed organization

• High proficiency with OneTrust

• Privacy certification

• Specialist knowledge of privacy and data security matters in the healthcare sector

• Proactive, practical, solution-oriented approach

• Strong cross-functional partnering skills

• 3+ years of people management experience or experience in roles showing progressive leadership

#LI-REMOTE

Surescripts embraces flexibility through its Flexible Hybrid Work model for most positions. This model allows employees to work virtually while still utilizing our offices as collaboration centers. With alignment and agreement from your leadership, you can come and go from the office as needed .
 

To be considered for employment, applicants must have a valid U.S. work authorization allowing work without restrictions with Surecripts in the U.S. At this time, we are unable to provide support or provide sponsorship for immigration benefits such as work visas. Additionally, we do not participate in academic training programs or work-study programs through an academic institution that require employer endorsement of F-1/CPT or F-1/STEM.

You have never met a problem you did not want to try to solve. You are creative and practical. With your ability to drive to results, cut through the fog, and help others see multiple perspectives, you save the day on a semi-regular basis.
   

We learn from each other and help one another. We don’t waste energy competing with one another, stirring up drama, or plotting revenge. We’re too busy for that. Plus, we actually like each other. We get work done, ask how we can get better, and generally enjoy ourselves along the way.  
 

We operate a balancing act: We don’t just advise on risks; we help the business move toward opportunities. . It’s good that we are flexible and nimble as we operate in an ever-evolving landscape. We encounter and embrace constant change and continue to drive compliance with laws, regulatory requirements, policies and procedures. We are proud that our work protects and advances the interests of the Surescripts Network Alliance and helps build a secure, connected, and effective healthcare system.
 

Why Wait? Apply Now

We’re a midsize company. This means you’re not just another employee ID number. Here, you can build real relationships and feel supported by truly awesome people with diverse backgrounds and talents in an innovative and collaborative work culture. We strive to create an environment where you can be yourself, share your ideas and work your way. We offer opportunities for employee development, as well as competitive compensation packages and extensive benefits.
 

Benefits include, but are not limited to, comprehensive healthcare (including infertility coverage), generous paid time off including paid childbirth and parental leave and mental health days, pet insurance, and 401(k) with company match and immediate vesting. To learn more, review the Keep You and Yours Healthy, Balancing Work and Life, and Where Talent Takes Shape links under the Better Benefits. Better Work. Better Life section of our careers site.
 

Physical and Mental Requirements

While performing duties of this job, an employee may be required to perform any, or all of the following: attend meetings in and out of the office, travel, communicate effectively (both orally and in writing), and be able to effectively use computers and other electronic and standard office equipment with, or without, a reasonable accommodation. Additionally, this job requires certain mental demands, including the ability to use judgement, withstand moderate amounts of stress and maintain attention to detail with, or without, a reasonable accommodation.

Surescripts is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate on the basis of race, color, religion, age, national origin, ancestry, disability, medical condition, marital status, pregnancy, genetic information, gender, sexual orientation, parental status, gender identity, gender expression, veteran status, or any other status protected under federal, state, or local law.

#LI-REMOTE