HIPAA Privacy Officer

Fresenius Medical Care

Waltham, Massachusetts

JOB DETAILS
SKILLS
Analysis Skills, Business Operations, Clinical Advice, Clinical Support, Communication Skills, Computer Security, Continuous Improvement, Cross-Functional, Detail Oriented, Documentation, HIPAA (Health Insurance Portability and Accountability Act), Health Information Management, Healthcare, Healthcare Administration, Healthcare Software, Incident Response, Information Technology & Information Systems, Internet Privacy, Legal, Medical Records, Operational Support, Operations Processes, Physical Demands, Presentation/Verbal Skills, Problem Solving Skills, Project Design, Regulations, Regulatory Compliance, Regulatory Requirements, Requirements Management, Risk, Risk Analysis, Risk Management, Scalable System Development, Standard Operating Procedures (SOP), Standards Development, Time Management, Training/Teaching, Willing to Travel
LOCATION
Waltham, Massachusetts
POSTED
13 days ago

PRINCIPAL DUTIES AND RESPONSIBILITIES:

  • Serves as the enterprise HIPAA Privacy Officer for U.S. operations, responsible for interpretation, application, and oversight of HIPAA Privacy Rule requirements across the organization.
  • Provides day-to-day guidance and subject matter expertise on HIPAA compliance across operational changes, initiatives, and projects of varying size and complexity.
  • Advises business, clinical, and IT teams on appropriate handling, use, and disclosure of PHI, including identification and mitigation of privacy risks.
  • Partners closely with Governance, Risk & Compliance (GRC) to:
    • Develop and maintain Privacy Policies, standards, and procedures that meet HIPAA requirements
    • Ensure HIPAA controls are defined, implemented, and monitored
    • Align privacy requirements with broader regulatory and control frameworks
    • Support reviews of third party vendors for compliance with HIPAA
    • Support audits, assessments, and regulatory inquiries
  • Collaborates with Cyber & Privacy Operations during privacy incidents to:
    • Support breach assessment and risk analysis
    • Ensure timely escalation, containment, and notification decisions
    • Contribute to post-incident remediation and continuous improvement efforts
    • Develop standard operating procedures (SOPs)
    • Develop and deliver training on PHI policies and procedures.
  • Works in close partnership with U.S. Privacy Legal Counsel to:
    • Assess regulatory requirements and enforcement expectations
    • Serve as primary point of contact for privacy complaints, investigations, breach risk assessments, and regulatory inquiries
    • Ensure alignment of operational practices with legal obligations
    • Support development and maintenance of privacy policies and notices
  • Reviews and provides input on project designs, system implementations, workflows, and process changes to ensure alignment with HIPAA and organizational privacy requirements.
  • Drives the integration of privacy-by-design principles into clinic operations and enterprise processes, ensuring sustainable and scalable compliance.
  • Maintain documentation required to demonstrate HIPAA compliance, including overseeing requests for access, amendments, restrictions, and confidential communications for patient medical records; and ensuring timely response and appropriate denials and approvals.
  • Develops practical, scalable self-service tools, templates, and guidance to enable teams to independently address routine privacy requirements.
  • Partners with clinical and operational leaders to ensure HIPAA requirements are consistently and effectively executed in day-to-day clinic and physician practices’ operations.
  • Supports awareness and training efforts to promote understanding of privacy responsibilities across workforce members.
  • Participates in internal and external meetings, including regulatory, audit, and compliance forums, representing the organization’s HIPAA privacy posture.

PHYSICAL DEMANDS AND WORKING CONDITIONS:

  • The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 
  • Travel required per business need.

EDUCATION:

  • Bachelor’s Degree required; degree in a related discipline such as Health Information Management, Healthcare Administration, or Law preferred

EXPERIENCE AND REQUIRED SKILLS:          

  • 8–10 years of experience in privacy, compliance, or healthcare regulatory roles
  • Demonstrated expertise in HIPAA Privacy Rule requirements and real-world application in healthcare operations
  • Experience supporting clinical, operational, and IT environments with privacy guidance
  • Proven ability to translate regulatory requirements into actionable, business-friendly solutions
  • Strong experience working cross-functionally with Legal, Compliance, Security, and operational stakeholders
  • Experience supporting privacy incident response and breach risk assessments
  • Strong understanding of healthcare workflows, PHI data flows, and regulatory risk
  • Excellent communication skills, with the ability to present complex privacy concepts to non-technical and executive audiences
  • Strong analytical, problem-solving, and decision-making capabilities
  • High attention to detail and ability to operate in a fast-paced, evolving environment

PREFERRED CERTIFICATIONS / DESIGNATIONS:

  • Certified in Healthcare Privacy Compliance (CHPC) – HCCA
  • Certified Information Privacy Professional (CIPP/US or CIPP/E) – IAPP
  • Certified Information Privacy Manager (CIPM) – IAPP

The rate of pay for this position will depend on the successful candidate’s work location and qualifications, including relevant education, work experience, skills, and competencies.

Annual Rate: $97,000.00 - $163,000.00

Benefit Overview: This position offers a comprehensive benefits package including medical, dental, and vision insurance, a 401(k) with company match, paid time off, parental leave and potential for performance-based bonuses depending on company and individual performance.

Fresenius Medical Care is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sexual orientation, gender identity, parental status, national origin, age, disability, military service, or other non-merit-based factors

About the Company

F

Fresenius Medical Care

Fresenius Medical Care North America is a wholly owned subsidiary of Fresenius Medical Care AG & Co. KGaA, located in Bad Homburg, Germany. Through our dialysis services entity, Fresenius Medical Services, we operate more than 2,100 outpatient dialysis clinics in the U.S. Our Renal Therapies Group is responsible for the manufacture and distribution of a variety of dialysis products and equipment, including dialysis machines, dialyzers and other dialysis-related supplies.
COMPANY SIZE
10,000 employees or more
INDUSTRY
Healthcare Services
FOUNDED
1996
WEBSITE
http://fmcna.com/