System Director, Privacy

At Bon Secours Mercy Health, we are dedicated to continually improving health care quality, safety and cost effectiveness. Our hospitals, care sites and clinicians are recognized for clinical and operational excellence.

SYSTEM DIRECTOR, PRIVACY | Work From Home/Remote

WFH/Remote anywhere in the US (Eastern/Central Time Zone Preferred)

We operate in the Eastern Time Zone

Reports to:
Vice President of Privacy and Compliance

# of Direct Reports: 3

Primary Function/General Purpose of Position

Under the direct supervision of the Vice President of Privacy and Compliance, this position contributes to the Bon Secours Mercy Health mission and vision by developing and implementing the privacy program. This position oversees the privacy team and will be responsible for privacy related activities relative to Bon Secours Mercy Health operations conducted at local and remote locations and leads ad hoc privacy investigations, education, auditing, and monitoring.

• Support the BSMH Privacy program, including application of leading practice approaches to identification, assessment, and mitigation of risks, auditing and monitoring, workplan development, education of operational leaders on regulatory requirements, establishing functional committee, and implementing privacy policies
• Serve as the privacy subject matter expert within assigned areas of responsibility including data privacy, security, analytics and artificial intelligence by staying up-to-date with current and emerging regulations and government agency guidance including OCR, HHS, NIST, OIG, FTC, ONC, and/or other relevant state/federal agencies
• Conduct audits and monitoring of assigned areas evaluating their compliance with relevant regulations (e.g., HIPAA), industry standards, internal policies, and provide recommendations for improvement
• Provide advice/consultation to functional leadership regarding initiatives to assist in mitigating risks to the organization and facilitate strategic initiatives. This will include education and training sessions on emerging risk areas, policy & procedure development, governance, and risk frameworks
• Lead advanced investigations across the ministry relative to assigned areas, working collaboratively with HR, IT, Cybersecurity, Risk, Legal, and other BSMH Partners.
• Develop monitoring and auditing protocols/tools specific to assigned areas
• Develop and implement privacy policies and procedures related to assigned areas. Identify and implement artificial intelligence applications to facilitate privacy program effectiveness. Provide data analytics techniques, statistical analysis, and modeling, through databases developed internally, or in conjunction with other third‑party vendors to detect, monitor, and audit potential privacy issues
• Participate in various ad‑hoc and/or established BSMH committees to provide updates and perspective, and shares identified risks with Leaders for awareness and collaboration.
• Develop educational content and trending of non‑compliant activities to enhance proficiency and competency, understanding of standards and the consequences of non‑compliance. Prepare multi‑faceted oral, written and electronic communications and presentations to facilitate discussion, networking, decision‑making and proactive responses to meet current and emerging challenges among affected parties and entities.
• Hire, train, coach, counsel, manage and evaluate performance of direct reports within assigned areas

Certified in Healthcare Privacy Compliance (required)

Certified in Healthcare Compliance (preferred)

Bachelor's Degree in related field (required)

Master level degree in a related field or Juris Doctor (required)

8-10+ years of experience managing privacy within healthcare

• In-depth knowledge of industry‑relevant privacy regulations, standards, and audit frameworks
• Proficient in Microsoft Office including Copilot, SharePoint, Smartsheets, Outlook, PowerPoint, Excel and Word.
• Strong understanding of privacy standards and best practices related to data confidentiality.
• Strong knowledge of applicable federal, state and local laws, regulations and policies…