Health System Privacy Officer

ABOUT THE JOB

The System Privacy Officer serves as the leader of the healthcare privacy program, overseeing HIPAA compliance, privacy investigations, audits, training, and risk mitigation efforts across a complex academic healthcare environment. This role provides strategic guidance on privacy regulations and serves as a trusted advisor to operational and executive leaders, ensuring patient information is protected while supporting organizational goals. The position also manages a team of four privacy professionals and collaborates with stakeholders across the health system, School of Medicine, School of Nursing, School of Health Professions, and health information exchange programs.

Reporting to the Chief Compliance Officer, the ideal candidate brings extensive healthcare privacy and HIPAA experience, preferably within a healthcare system, along with strong leadership, analytical, and relationship-building skills. Success in this role requires the ability to foster collaboration, influence stakeholders, and balance regulatory compliance with operational needs. During the first 90 days, the individual will focus on building relationships, assessing the current privacy program, learning organizational processes, and identifying opportunities for improvement. Long-term priorities include strengthening privacy initiatives, enhancing proactive auditing and monitoring efforts, and serving as a strategic partner to leaders throughout the organization.

Shift:Exempt Employee - Standard Day Shift

Department: Compliance
Compensation:

* Base Pay Range: $145,808 - $237,848 per year, based on experience

* Moving Allowance: Negotiable

ABOUT MU HEALTH CARE

MU Health Care is proud to be named one of Forbes' Best-in-State Employers seven years in a row, and that's largely a result of the incredible culture and team we've built. At MU Health Care, we have an inspired, hard-working and collaborative environment driven by our mission to save and improve lives. Here, we believe anything is possible and rally around solutions. We celebrate innovation and offer opportunities to be a part of something bigger - to have a voice and role in the work that is serving our community and changing the field of medicine.

Our academic health system - the only in mid-Missouri - is home to seven hospitals, including the region's only Level 1 Trauma Center and region's only Children's Hospital, as well as over 90 specialty clinics. Here you can define your career among our many clinical and nonclinical positions - with growth, opportunity and support every step of the way.

Learn more about MU Health Care.

Learn more about living in mid-Missouri.

EMPLOYEE BENEFITS

* Health, vision and dental insurance coverage starting day one

* Generous paid leave and paid time off, including nine holidays

* Multiple retirement options, including 100% matching up to 8%and full vesting in three years

* Tuition assistance for employees (75%) and immediate family members (50%)

* Discounts on cell phone plans, rental cars, gyms, hotels and more

* See a comprehensive list of benefitshere.

DETAILED JOB DESCRIPTION

Oversees implementation and management of the HIPAA Privacy Program to ensure compliance with applicable federal and state regulations.

Monitors compliance with HIPAA privacy and related state laws across covered components.

Leads investigations of potential privacy breaches, documents findings, ensures mitigation and reports as required.

Coordinates privacy audits, risk assessments, and monitoring activities to identify gaps and support mitigation strategies.

Provides subject-matter expertise on privacy implications for clinical research, information exchanges, and health data utilities.

Collaborates with compliance, legal, information security, and clinical teams to support privacy-by-design in operations and technology initiatives.

Participates in system-level data governance and other committees, ensuring privacy considerations are fully integrated.

Develops, implements, and updates policies and procedures governing access, use, and disclosure of protected health information (PHI).

Coordinates privacy-related education, awareness, and training initiatives to promote HIPAA compliance across all levels of staff and faculty.

Monitors privacy program metrics, trends, and incident patterns to identify areas of risk and drive system-wide improvements.

Advises and collaborates with MU Health Care leadership, academic partners, and the Tiger Institute on privacy-related initiatives and projects.

Prepares regular reports for the Chief Compliance Officer and other leadership on privacy compliance status, investigations, and policy developments.

Serves as a key liaison for responding to regulatory inquiries, audits, and investigations related to privacy compliance.

Leads, mentors, and supports privacy department staff in best practices, standards, and continuous improvement.

Ensures appropriate documentation and tracking of compliance program activities.

Leads a culture of safety through proactive risk mitigation and continuous quality improvement, taking measures to routinely evaluate regulatory readiness. Monitors and analyzes safety and performance metrics to identify trends and implement corrective actions for staff and/or patients as appropriate.

Manage the development, coordination, and maintenance of daily staffing schedules to ensure the appropriate level of coverage and continuity of care.

Monitor and oversee time and attendance in alignment with MU Health Care policies and practices, ensuring accuracy of records and timely approval for payroll purposes.

May complete unit/department-specific duties as outlined in department documents.

KNOWLEDGE, SKILLS, AND ABILITIES

Demonstrates advanced knowledge in health care compliance, with specific expertise in privacy and data protection regulations.

In-depth understanding of the HIPAA Privacy Rule, HIPAA Security Rule, and the Health Information Technology for Economic and Clinical Health Act (HITECH), as well as applicable state health privacy regulations.

Proven ability to interpret and apply privacy laws to complex academic medical center and data exchange settings.

Applies critical thinking and problem-solving skills to investigate and analyze privacy incidents, evaluate risk, and guide appropriate responses.

Ability to review contracts and data-sharing agreements to determine Business Associate Agreement (BAA) applicability and to oversee negotiation, execution, and management of BAAs in alignment with HIPAA standards.

Utilizes technical tools and methodologies to support operational goals, maintain compliance, and optimize privacy performance across digital and clinical systems.

Builds consensus and leads initiatives across diverse stakeholders with strong leadership and project management skills.

Communicates technical and regulatory information clearly to clinical, academic, IT, and executive audiences, both in writing and verbally.

Proficiency in developing and delivering educational content to clinical, administrative, and academic teams on privacy compliance topics.

Collaborates effectively with interdisciplinary teams to support innovation, regulatory readiness, and service delivery.

Possesses knowledge of clinical operations, academic medical environments, research practices, and digital health tools, including health information exchanges, health data utilities, and multi-entity systems.

REQUIRED QUALIFICATIONS

Bachelor's degree in Healthcare, Business, Legal Studies, Accounting, Finance, or a related area.

Master's degree in a related area or an equivalent combination of education and experience from which comparable knowledge, skills, and abilities can be acquired.

Seven (7) years of related experience.

Certified in healthcare privacy compliance (CHPC) by the Health Care Compliance Association.

PREFERRED QUALIFICATIONS

Juris Doctor (JD) or Master's degree in Business Administration, Health Administration, or Finance.

Experience working in an academic medical center or integrated health system.

Advanced knowledge of healthcare privacy practices, electronic health records, and breach mitigation strategies.

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met with or without reasonable accommodation. The performance of these physical demands is an essential function of the job. The employee may be required ambulate, remain in a stationary position and position self to reach and/or move objects above the shoulders and below the knees. The employee may be required to move objects up to 10 lbs.

Equal Employment Opportunity

The University of Missouri is an Equal Opportunity Employer.

The University of Missouri is an Equal Opportunity Employer.