Chief HIPAA Privacy Officer

Job title: Chief HIPAA Privacy Officer

Company: Stony Brook Medicine

Job description: Job Summary:

The Chief HIPAA (Health Insurance Portability and Accountability Act) Privacy Officer (CHPO) serves as the leader in HIPAA compliance and is responsible for planning and directing Stony Brook Medicine’s HIPAA Privacy Program, including but not limited to daily program operations, program development, implementation and maintenance of HIPAA Privacy Policies and Procedures, monitoring program compliance, investigating and tracking incidents and breaches in compliance with applicable federal and state HIPAA regulations, particularly regarding the organizations access to and use of protected health information (PHI) for Stony Brook’s Organized Health Care Arrangement (SBOHCA). The covered entities participating in SBOHCA include Stony Brook University Hospital’s (SBUHs), the University Faculty Practice Corporations (UFPCs), SB Community Medical, P.C. (SBCM), Meeting House Lane Medical Practice, P.C., the Long Island State Veterans Home (LISVH) and several academic health professional schools of Stony Brook University including the School of Medicine, School of Dental Medicine, School of Nursing, School of Health Technology and Management, and School of Social Welfare; their employees and contracted professionals and students; and the voluntary members of the SBUH Medical Staff. The covered entities which comprise the SBOHCA are in numerous locations throughout the greater New York area. The CHPO monitors and enforces compliance with the Federal and state privacy laws and regulations, including the HIPAA of 1996, 42 CFR Part 2, New York State Mental Hygiene Law, and New York State Public Health Law. Under the direction of the Chief Compliance Officer, the CHPO ensures that covered entities of SBOHCA satisfy and uphold compliance with applicable Privacy laws, regulations, policies, and directives.

Supervisory Responsibilities:

  • Lead the organization’s health information Privacy Committee/Task Force.
  • Recommend disciplinary steps and sanctions as needed when any member of the workforce fails to comply with privacy policies.
  • Provide the Privacy Report to the Compliance and Audit Committee of the Governing Body.
  • Immediate Supervisor for HIPAA Privacy Office employees.


  • Develop, maintain and provide training to include new employee orientation, annual and periodic training and reminders on health information privacy requirements and policies and procedures.
  • Report on changes in applicable HIPAA Privacy laws and regulations, update relevant policies and procedures and provide training as needed.
  • Lead and/or facilitate teams and/or projects toward successful achievement of goals.
  • Serve as the internal subject matter expert on HIPAA Privacy, provide HIPAA Privacy guidance to all entities of the SBOHCA, and maintain current knowledge of HIPAA Privacy and other applicable federal and state laws and regulations.
  • Conduct HIPAA privacy investigations and track incidents and breaches.
  • Conduct a risk assessment for all reported and suspected potential violations involving protected health information (PHI) for breach determination.
  • Report reportable breaches involving PHI in accordance with Breach Notification requirements of federal and state law.
  • Maintain records and supporting documentation for investigations and breach risk assessments including but not limited to mitigation actions, communications and notifications.
  • Respond to all requests from individuals regarding their HIPAA rights.
  • Serve as a resource for HIPAA Data Use Agreements and HIPAA Business Associate Agreements.
  • Serve as the Privacy Board resource to the Institutional Review Board.
  • Work collaboratively with the Chief HIPAA Information Security Officer to ensure overall organizational HIPAA compliance.
  • Partner and collaborate with internal departments and operational leaders that represent organizational privacy interests including but not limited to Health Information Management, General Counsel/Hospital Counsel, Patient Access, and Faculty Practices.
  • Cooperate with the U.S. Department of Health and Human Services Office for Civil Rights and other federal and state regulators conducting HIPAA compliance reviews or investigations.
  • Manages the privacy budget and makes annual budgeting recommendations to the CCO for approval.
  • Perform other related duties as assigned.

Required Qualifications/Skills/ Abilities:

  • Master’s Degree in Health Care Administration, Health Information Management, Business Administration, Law or related field.
  • HIPAA Privacy Certification (CHPC or equivalent) or Certified Health Care Compliance Professional (CHC).
  • Knowledge and demonstrated experience with healthcare regulations and related state and federal information privacy, confidentiality, security, and breach notification laws and regulations including but not limited to access, use, disclosure, or HIPAA.
  • Demonstrated skills in collaboration, teamwork and problem-solving.
  • Eight years of professional experience in a healthcare related position (e.g., corporate compliance, health information management, healthcare administration, healthcare operations) or five years of direct experience in HIPAA compliance.
  • Mental agility and strong communication skills regarding privacy with the ability to understand broad enterprise risks in a complex health system.
  • Excellent verbal, listening, and written communication skills.
  • Ability to present complex information clearly and thoroughly.
  • Excellent organizational skills and attention to detail.
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgement and maturity.
  • Ability to develop and maintain positive interpersonal relationships.
  • Demonstrated leadership in conducting investigations of possible privacy breaches. Skilled at conflict resolution and managing difficult conversations.
  • Demonstrated commitment to diversity, equity, and inclusion.

Preferred Qualifications:

  • Prior Privacy Officer experience within an academic healthcare hybrid entity.

Special Notes: Resume/CV and cover letter should be included with the online application.

In accordance with the New York State Department of Health (DOH) regulation that all hospitals and nursing homes “continuously require all personnel to be fully vaccinated against COVID-19,” Candidates who are not already partially vaccinated must obtain the first dose of the vaccine within three (3) calendar days of acceptance of conditional job offer and must obtain any subsequent doses in accordance with the vaccine protocol. Candidates who are partially vaccinated, but not yet fully vaccinated, must complete their vaccination series within three (3) calendar days of job offer or in accordance with vaccine manufacture protocol, whichever comes later.

The regulation also includes those who may be affiliated with or interact with employees of a hospital or nursing home. The regulation allows for limited exemptions with reasonable accommodations, consistent with applicable law.

Posting Overview: This position will remain posted until filled or for a maximum of 90 days. An initial review of all applicants will occur two weeks from the posting date. Candidates are advised on the application that for full consideration, applications must be received before the initial review date (which is within two weeks of the posting date).

If within the initial review no candidate was selected to fill the position posted, additional applications will be considered for the posted position; however, the posting will close once a finalist is identified, and at minimal, two weeks after the initial posting date. Please note, that if no candidate were identified and hired within 90 days from initial posting, the posting would close for review, and possibly reposted at a later date.

· Stony Brook Medicine is a smoke free environment. Smoking is strictly prohibited anywhere on campus, including parking lots and outdoor areas on the premises.

· All Hospital positions maybe subject to changes in pass days and shifts as necessary.

· This position may require the wearing of respiratory protection, which may prohibit the wearing of facial hair.

· This function/position maybe designated as “essential.” This means that when the Hospital is faced with an institutional emergency, employees in such positions may be required to remain at their work location or to report to work to protect, recover, and continue operations at Stony Brook Medicine, Stony Brook University Hospital and related facilities.

Prior to start date, the selected candidate must meet the following requirements:

· Successfully complete pre-employment physical examination and obtain medical clearance from Stony Brook Medicine’s Employee Health Services*

· Complete electronic reference check with a minimum of three (3) professional references.

· Successfully complete a 5 panel drug screen*

· Successfully complete a Background Check investigation.

· Provide a copy of any required New York State license(s)/certificate(s).

Failure to comply with any of the above requirements could result in a delayed start date and/or revocation of the employment offer.

*The hiring department will be responsible for any fee incurred for examination.

Stony Brook University is committed to excellence in diversity and the creation of an inclusive learning, and working environment. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, familial status, sexual orientation, gender identity or expression, age, disability, genetic information, veteran status and all other protected classes under federal or state laws.

If you need a disability-related accommodation, please call the University Office of Equity and Access at (631)632-6280.

In accordance with the Title II Crime Awareness and Security Act a copy of our crime statistics can be viewed .

Visit our page to learn about the total rewards we offer.

Expected salary:

Location: Saint James, NY

Job date: Wed, 15 Dec 2021 01:34:38 GMT

Apply for the job now!

Leave a Comment