University of Massachusetts Medical School

  • Senior Director of Compliance and Privacy

    Minimum Salary US-MA-Shrewsbury
    Job Location 1 week ago(1/8/2019 4:54 PM)
    Requisition Number
    # of Openings
    Posted Date
  • Overview


    Under the direction of the University of Massachusetts Medical School’s (UMMS) Associate Vice Chancellor for Management or designee, within the Office of Management, the Senior Director of Compliance and Privacy oversees compliance and privacy of individually identifiable information, organizational level privacy and compliance, and ensures compliance and privacy framework are conducted in compliance with federal and state laws and UMMS’ information privacy practices. 




    • Manage privacy and compliance program staff within the Office of Management
    • Serve as the institutions Compliance and Privacy Officer
    • Serve as a resource and provides guidance on the HIPAA Privacy rule, FERPA, FIPA, and other state and federal privacy laws, including but not limited to Mass. Gen. Laws, Chapter 93H.
    • Oversee all ongoing activities related to the development, implementation, maintenance of, and adherence to federal, state, and UMMS’ laws/policies and procedures covering the privacy of, and access to, individually identifiable information
    • Ensure contracts include appropriate agreements and assist departments with analysis of privacy obligations under business associate and data use agreements
    • Monitor effectiveness of the key elements of the compliance and privacy framework
    • Lead privacy investigations and the documentation of same
    • Ensure that training is designed, reviewed and implemented
    • Collaborate with UMMS’ Information Security Office to research, design and advocate new processes and technologies to assist with UMMS’s adaptation and compliance activities
    • Serve as a liaison to the UMMS Institutional Review Board (IRB) and assist in the development of appropriate privacy policies and procedures for UMMS researchers
    • Work with senior management teams as a member of both the University-level and UMMS campus-level Risk Management Committees to analyze, rate and elevate awareness surrounding certain compliance and privacy concerns
    • Lead and maintain campus wide compliance and risk management programs. Ensure that periodic risk assessments are completed
    • Establish and administer a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning UMMS’ privacy policies and procedures, including reports of unauthorized disclosures, in coordination and collaboration with the Associate Vice Chancellor for Management, and when necessary, the University of Massachusetts Office of General Counsel
    • Ensure adherence to compliance and privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in UMMS’ workforce, extended workforce, and for all business associates
    • Initiate, facilitate, and promote activities to foster information privacy awareness
    • Perform other duties as required.



    • Juris Doctor degree
    • 10 years of related experience of which 5 years should be management experience within privacy programs performing regulatory, compliance and/or audit functions in a university, health-related or corporate environment
    • Strong working knowledge of the HIPAA Privacy rule and other state and federal privacy laws, including but not limited to Mass. Gen. Laws, Chapter 93H
    • Strong knowledge and experience dealing with data repositories and related privacy issues
    • Experience conducting risk analyses on privacy matters
    • Experience developing and presenting privacy training
    • Knowledge of, and experience reviewing and interpreting contract terms and conditions relating to privacy, including but not limited to Business Associate and Data Use agreements
    • Strong familiarity of the operations of an IRB and confidentiality/privacy requirements relating to human subject’s research
    • Demonstrated organization, facilitation, communication, and presentation skills


    Additional Information


    • PhD in a health or business-related field.
    • Certification in Privacy and/or Compliance (i.e. CHPC, CHC, CIPP).




    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed