GENERAL SUMMARY OF POSITION:
Under the general direction of the University of Massachusetts Medical School’s (UMMS) Associate Vice Chancellor for Management and UMMS’ Senior Privacy Officer, the Manager of Data Privacy and Security (MDPS) shall act as the management-level individual within the Office of Management (Administration and Finance) responsible for the development, implementation and adherence to UMMS’ policies and procedures covering the privacy and security of protected health information under the Health Insurance Portability and Accountability Act (HIPAA). The MDPS shall work closely with our Senior Privacy Officer and Information Security Officer to proactively address organizational requirements under HIPAA, including but not limited to: assessing potential privacy and security risks, responding to potential or actual privacy and security incidents, monitoring and auditing, training and driving risk mitigation and remediation activities. The MDPS shall be the privacy and security liaison to UMMS’ departments and business units and shall communicate out and provide direction to key contacts throughout the organization who are responsible for day-to-day application-level access control and authorization. The MDPS is responsible for understanding the business or academic model of respective UMMS units, as well as the relevant federal and state regulations and contractual requirements that impact UMMS’ Commonwealth Medicine business units. The MDPS shall also generally assist in all other privacy and security compliance functions of the Office of Management to foster the development and operational implementation of appropriate privacy and security practices throughout the entire Medical School organization.