Discover Vanderbilt University Medical Center: Located in Nashville, Tennessee, and operating at a global crossroads of teaching, discovery, and patient care, VUMC is a community of individuals who come to work each day with the simple aim of changing the world. It is a place where your expertise will be valued, your knowledge expanded, and your abilities challenged. Vanderbilt Health is committed to an environment where everyone has the chance to thrive and where your uniqueness is sought and celebrated. It is a place where employees know they are part of something that is bigger than themselves, take exceptional pride in their work and never settle for what was good enough yesterday. Vanderbilt's mission is to advance health and wellness through preeminent programs in patient care, education, and research.

Organization:

Privacy Office

Job Summary:

Vanderbilt Health - Executive Search Team is conducting a national search for a Director, Privacy Office.

The Director, Privacy Office provides leadership for the Privacy Office by developing goals, objectives, policies and procedures; supervising, coordinating, and evaluating the activities; preparing operating and capital expenditure budgets; and performing personnel administration functions. Lead the work processes for the development and deployment of privacy and information security policies and processes; new hire and annual HIPAA/Privacy training materials for staff, house staff, students, and faculty; and provide consultative services to other departments regarding application of the principles and policies of privacy and information security in the way work is done across the organization.

Department Summary

The Privacy Office is responsible for the oversight of HIPAA compliance for the Vanderbilt Affiliated Covered Entity. As VUMC continues to grow its patient volume and expand services geographically, the efforts to maintain organizational compliance with patient privacy regulations including HIPAA increase. In FY25, the team responded to over 2200 privacy matters including patient privacy rights requests, requests from staff for guidance, breach investigations and notifications, and requests for information related to privacy complaints files with the HHS Office for Civil Rights.

The Director role is critical for these efforts, program oversight, and daily management of regulatory activities performed by the Privacy Office team. This role provides leadership for the Privacy Office by developing goals, objectives, policies and procedures; supervising, coordinating, and evaluating daily activities. This role leads the work processes for the development and deployment of privacy and information security policies and processes; new hire and annual HIPAA/Privacy training materials for staff, house staff, students, and faculty; leads complex privacy investigations and VUMC's breach incident response, provides consultative services to departments regarding application of principles and policies of privacy and information security, and responds to external regulatory inquiries and investigations.

.

Key Responsibilities:

• Develop goals, objectives, work plans, and priorities for the Privacy Office based on strategies and priorities defined by the Information Privacy and Security Executive Committee and the Chief Patient Experience and Service Officer.
• Define and secure approval for objectives and work plans to achieve institutional and departmental objectives and priorities.
• Ensure that the functions and processes required by federal and state laws and other regulatory agencies related to privacy and confidentiality of patient and other sensitive personal information are in place and compliant.
• Facilitate inter-departmental input, evaluation and participation in developing and implementing enterprise-wide policies and processes.
• Initiate changes in or develop new policies, procedures and/or methods.
• Analyze long-range impact of decisions and plans.
• Recommend and revise policies related to privacy and information security to promote compliance with federal and state laws and regulations, as well as VUMC strategies and priorities.
• Lead multi-disciplinary teams and work groups across the enterprise in the design of work flow processes and the development of proposed policy related to privacy and/or information security.
• Ensure processes related to receiving, investigating, responding to, and mitigating patient complaints and privacy breaches are compliant with regulatory and policy requirements and are documented according to standards and policies.
• Participates in and lead efforts to assure the consistent application of the Sanctions Policy to incidents determined to be a violation of privacy and information security policy.
• Author policies and procedures and marshal the vetting, review and approval processes through the various stages and committees.
• Facilitate the development of communication and training materials to effect successfully deployment of policies and processes.
• Provide ongoing leadership to committees and teams responsible for administration of enterprise-wide processes; e.g. ID Alert Review Team.
• Ensure effective patient complaint processes provide rapid response to issues/concerns, initiate service recovery, identify trends and incorporate into training to reduce future incidents/complaints.
• Research and implement effective patient complaint processes including tracking all concerns/complaints, responding to all issues/concerns, initiating and managing service recovery efforts.
• Ensure that complaints are addressed within the parameters and timing of regulatory requirements.
• Recommend disciplinary action consistent with the Sanctions Policy for violations of information privacy and security.
• Prepare and deliver training and counseling as needed as part of the disciplinary response.
• Ensure that documentation is maintained to support future complaints or investigations associated with how a patient complaint was investigated and managed.
• Provides analyses and trend reports regarding patient complaints and privacy and security incidents. Incorporate findings from trends and patterns into training modules to reduce recurrence.
• Ensure the most effective operations of the department through program development, process improvement and coordination/integration of processes with other departments.
• Design, implement, evaluate and deploy processes and services to maximize achievement of institutional and department goals.
• Standardize services, processes, resources, and practice to improve efficiency.
• Supervision to include responsibility for planning, coordinating, and controlling the work and procedures; provide advice/consultation to staff regarding problems.
• Adjust work schedules or project priorities to meet emergencies or changing conditions.
• Participate on departmental and/or interdepartmental committees to address problems and facilitate information exchange about programs, problems, etc. Provide information to others to explain/clarify problems, issues or requests.
• Participate in periodic management meetings to keep top management informed of department problems and concerns.
• Analyze and evaluate ongoing department programs to identify areas where adjustments/improvements are needed.
• Develop staffing plans to ensure developmental objectives are being met.
• Create and exceed service standards utilizing key service dimension and from knowledge of customer expectations and best practice.
• Establish service standards for the department and compatible with financial targets.
• Ensure that the service standards are met or exceeded by utilizing customer satisfaction and best practices to improve customer service and satisfaction.
• Identify and work with leaders across the organization to deploy strategies and training to support improvement in each patient satisfaction survey project around respect for privacy.
• Create an organizational culture (both within and across departments) that provides a safe, satisfying and enriching environment for employees and provides a qualified, competent staff to meet patient needs.
• Provide leadership to promulgate the mission and the values of the institution to the department.
• Model behavior consistent with the mission, vision, and values of the enterprise through leading, coordinating projects, innovation, initiating improvement, and developing new programs.
• Demonstrate a leadership style that is facilitative and collaborative.
• Communicate within and across departments to maximize effectiveness, efficiently and information sharing.
• Ensures all Human Resource and VUMC policies and procedures are followed according to standards.
• Define the qualifications and performance expectations for all staff positions through the Performance Development system, including department specific job descriptions, measurable performance standards.
• Create an environment that encourages and supports self-development and learning for all staff through regular feedback, by assuring the development of staff through orientation, training programs, work experiences and assessing competencies by meeting the performance expectations stated in his or her job description in a timely manner (normally annually).
• Identify, establish and evaluate quality assurance standards, programs, and procedures within department.
• Ensure that all direct reports and departmental functions are in compliance with all federal, state and local regulatory standards and requirements, including OCR, HHS, and others.
• Establish and evaluate standards of performance to ensure safe, effective, and efficient operation of the department.
• Ensure that standards are met within area of responsibility to assure clinical enterprise accreditation/licensure.
• Define and achieve financial targets.
• Prepare an annual operating budget for the Privacy Office, including direct labor, material and supplies, services, equipment maintenance and replacement.
• Present and justify a proposed budget (operating and capital expenditure) to a senior management.
• Evaluate organizational functions and structures to best determine the allocation and utilization of resources.
• Analyze and evaluate budget variance to determine cause.
• Prepare justification or develop alternatives for cost containment/reduction
• Project future budgets based upon analysis of current operations

Basic Qualifications

• Bachelor's Degree
• 7 years of experience

Preferred Qualifications

• 2-3 years of Leadership
• Advanced Degree (MBA, MHA, JD)
• CHPC - Certified in Healthcare Privacy Compliance or IAPP/US certification
• Prior privacy program leadership experience in an academic medical center

#LI-AM1

Our professional administrative functions include critical supporting roles in information technology and informatics, finance, administration, legal and community affairs, human resources, communications and marketing, development, facilities, and many more.

At our growing health system, we support each other and encourage excellence among all who are part of our workforce. High-achieving employees stay at Vanderbilt Health for professional growth, appreciation of benefits, and a sense of community and purpose.

Core Accountabilities:

* Organizational Impact: Establishes key tactical and operational plans of a sub-function or multiple departments that has longer-term effect on results of the sub-function. * Problem Solving/ Complexity of work: Integrate knowledge and in-depth analysis from several areas to resolve complex problems that are both technical and operational. * Breadth of Knowledge: Applies comprehensive knowledge of professional/technical area and broad management knowledge of other professional areas to carry out objectives. * Team Interaction: Leads multiple departments with a function.

Core Capabilities :

Supporting Colleagues: - Develops Self and Others: Acts upon constructive feedback from all levels of the organization and initiates strategies to develop talent in others. - Builds and Maintains Relationships: Leverages relationships and insight to forecast potential future needs and influence delivery of work to exceed expectations. - Communicates Effectively: Anticipates difference audience concerns, styles and finds mutually beneficial solutions across conflicting and sensitive issues. Delivering Excellent Services: - Serves Others with Compassion: Demonstrates in-depth knowledge of broad-based issues and considers the interests of others to improve satisfaction of services. - Solves Complex Problems: Critically evaluates complex information and identifies trends/risks to make recommendations to improve processes across areas. - Offers Meaningful Advice and Support: Provides ongoing feedback and development discussions to motivate and support team members to maximize performance.Ensuring High Quality: - Performs Excellent Work: Anticipates problems or obstacles which may interfere with quality standards and develops plants to ensure area's quality standards are met. - Ensures Continuous Improvement: Routinely draws upon valuable learning from others, past experiences, and new information to determine key opportunities. - Fulfills Safety and Regulatory Requirements: Develops appropriate corrective actions for unsafe environments in order to ensure operational and safety compliance. Managing Resources Effectively: - Demonstrates Accountability: Identifies potential obstacles to goal achievement and develops solutions to address those obstacles. - Stewards Organizational Resources: Creates the appropriate systems and processes to effectively manage resources. - Makes Data Driven Decisions: Applies in-depth knowledge of data to recommend and implement new approaches to improve decision making capabilities. Fostering Innovation: - Generates New Ideas: Identifies opportunities and leads development of new initiatives that create value across areas. - Applies Technology: Creates the energy and drive for self/others to identify and leverage technology in new, innovative ways to drive greater efficiencies. - Adapts to Change: Anticipates the change process and clearly communicates impact on others/own team(s), assisting them in embracing the change.

Position Qualifications:

Responsibilities:

Certifications:

Work Experience:

Relevant Work Experience

Experience Level:

7 years

Education:

Bachelor's

Vanderbilt Health is committed to fostering an environment where everyone has the chance to thrive and is committed to the principles of equal opportunity. EOE/Vets/Disabled.