Chevron left icon
Back to all search results
Legal and Compliance
HIPAA Privacy Officer
Address: Headquarters, 920 Winter St, Waltham, Massachusetts, 02451, United States of America
Job ID: R0258124
Location Type: Remote
Chat to Apply Chevron right icon Loading...
Job Description
PRINCIPAL DUTIES AND RESPONSIBILITIES:
Serves as the enterprise HIPAA Privacy Officer for U.S. operations, responsible for interpretation, application, and oversight of HIPAA Privacy Rule requirements across the organization.
Provides day-to-day guidance and subject matter expertise on HIPAA compliance across operational changes, initiatives, and projects of varying size and complexity.
Advises business, clinical, and IT teams on appropriate handling, use, and disclosure of PHI, including identification and mitigation of privacy risks.
Partners closely with Governance, Risk & Compliance (GRC) to:
Develop and maintain Privacy Policies, standards, and procedures that meet HIPAA requirements
Ensure HIPAA controls are defined, implemented, and monitored
Align privacy requirements with broader regulatory and control frameworks
Support reviews of third party vendors for compliance with HIPAA
Support audits, assessments, and regulatory inquiries
Collaborates with Cyber & Privacy Operations during privacy incidents to:
Support breach assessment and risk analysis
Ensure timely escalation, containment, and notification decisions
Contribute to post-incident remediation and continuous improvement efforts
Develop standard operating procedures (SOPs)
Develop and deliver training on PHI policies and procedures.
Works in close partnership with U.S. Privacy Legal Counsel to:
Assess regulatory requirements and enforcement expectations
Serve as primary point of contact for privacy complaints, investigations, breach risk assessments, and regulatory inquiries
Ensure alignment of operational practices with legal obligations
Support development and maintenance of privacy policies and notices
Reviews and provides input on project designs, system implementations, workflows, and process changes to ensure alignment with HIPAA and organizational privacy requirements.
Drives the integration of privacy-by-design principles into clinic operations and enterprise processes, ensuring sustainable and scalable compliance.
Maintain documentation required to demonstrate HIPAA compliance, including overseeing requests for access, amendments, restrictions, and confidential communications for patient medical records; and ensuring timely response and appropriate denials and approvals.
Develops practical, scalable self-service tools, templates, and guidance to enable teams to independently address routine privacy requirements.
Partners with clinical and operational leaders to ensure HIPAA requirements are consistently and effectively executed in day-to-day clinic and physician practices' operations.
Supports awareness and training efforts to promote understanding of privacy responsibilities across workforce members.
Participates in internal and external meetings, including regulatory, audit, and compliance forums, representing the organization's HIPAA privacy posture.
PHYSICAL DEMANDS AND WORKING CONDITIONS:
EDUCATION:
EXPERIENCE AND REQUIRED SKILLS:
PREFERRED CERTIFICATIONS / DESIGNATIONS:
The rate of pay for this position will depend on the successful candidate's work location and qualifications, including relevant education, work experience, skills, and competencies.
Annual Rate: $97,000.00 - $163,000.00
Benefit Overview: This position offers a comprehensive benefits package including medical, dental, and vision insurance, a 401(k) with company match, paid time off, parental leave and potential for performance-based bonuses depending on company and individual performance.