Privacy Director

Everyone who works with Mercy Health is united under one purpose: to help our patients be well in mind, body and spirit. This drive, along with our history of faith, is a powerful combination. It gives us a shared calling to work toward every day. Join our exceptional team and help us continue to provide the highest quality of health care possible to our communities.

PRIVACY DIRECTOR | Work From Home/Remote

WFH/Remote Anywhere in the US (Eastern/Central Time Zone Preferred)

• We operate in the Eastern Time Zone*

Reports to: System Director, Compliance - Privacy

# of Direct Reports: 2

As directed by the System Director, Compliance, the role oversees all ongoing activities across defined service areas within the group related to the development, implementation, maintenance of, and adherence to the organization's policies and procedures covering the privacy of, disclosure of and access to, patient Protected Health Information (PHI) in compliance with federal and state laws and the healthcare organization's information privacy practices.

• Assists in building a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and procedures that enable consistent, effective privacy practices.
• Collaborates with IT Security Directors and Information Services Directors, or their designee, to ensure alignment between security and privacy programs.
• Collaborates with IT, Security, Legal, and Business partners for privacy impact assessments and incident response.
• Guides business in assessing and mitigating privacy risks by providing recommendations and controls for AI, machine learning, and digital health technologies.
• Develops and enhances formal processes for privacy risk assessments with vendors, contractors, and business associates.
• Supports public‑facing responsibilities such as responding to consumer, government, and media inquiries about privacy incidents or policies.
• Regularly benchmarks privacy program maturity against industry standards.
• Conducts ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.
• Reviews role‑based access controls and conducts audits of access to PHI.
• Takes lead role to ensure organization maintains appropriate privacy and confidentiality consents, authorization forms and information notices.
• Conducts risk assessments to identify, evaluate, and mitigate potential threats to PHI.
• Oversees development and delivery of advanced privacy training modules.
• Establishes a mechanism to track access to PHI and allows qualified individuals to review activity reports.
• Contributes to the establishment of processes for receiving, documenting, tracking, investigating, and taking action on all types of complaints concerning privacy policies and procedures.
• Provides leadership, support and supervision to Privacy program staff.

• Certified in Healthcare Privacy Compliance – Health Care Compliance Association (required);
• Certified in Healthcare Compliance – Health Care Compliance Association (required);
• Certified Information Privacy Manager – International Association of Privacy Professionals (required).

Bachelors (required): Healthcare, regulatory, business administration, or business ethics.

Masters (preferred):

6 to 10 years of Healthcare Regulatory experience including HIPAA (required).

• Deep knowledge of Privacy, Security, and Breach Notification Laws
• Incident and Breach Response
• Research of Regulations
• Risk Assessment Skills
• Auditing and Monitoring
• Investigation Processes & Techniques
• Policy Development and Implementation
• Education Development and Training
• Data Analytics and Reporting
• Microsoft Office & Copilot proficiency
• Familiarity with privacy & compliance applications (e.g., Symplr, Protenus, EPIC)

• Strategic Leadership
• Communication
• Collaboration & Stakeholder Management
• Problem‑Solving
• Adaptability
• Change Management
• Conflict Resolution
• Analytical Thinking
• Team Development
• Integrity in Everything

• Competitive pay, incentives, referral bonuses and 403(b) with employer contributions (when eligible)
• Medical, dental, vision, prescription coverage, HSA/FSA options, life insurance, mental health resources and discounts
• Paid time off, parental and FMLA leave, short‑ and long‑term disability, backup care for children and elders
• Tuition assistance, professional development and continuing education support

Benefits may vary based on the market and employment status.

All applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, age, genetic information, or protected veteran status, and will not be discriminated against on the basis of disability.