Job Description
Job Description
WE ARE HEALTHCARE SYSTEMS OF AMERICA. Our mission is to elevate healthcare standards, improve patient outcomes, and create value for communities across the United States. Healthcare Systems of America (HSA) is more than a healthcare provider-we're a community built on excellence, innovation, and compassion. If you're looking for a career that makes a difference, empowers you to grow, and gives you the opportunity to impact lives, HSA is where you belong.
Healthcare Systems of America operates 8 community hospitals across 3 states. We service a multitude of patients and their families across our vast network, while remaining committed to the professional development of our staff, the functional improvement of our patients, and the cultivation of strong partnerships within our communities.
WHAT WE OFFER
- Career Growth & Development - We are an essential, stable and growing company with many opportunities for training and advancement within the medical field that all employees and team members can benefit from.
- Supportive & Inclusive Culture - We foster an environment where every team member is valued, heard, and empowered to succeed.
- Meaningful Work - Every day, you'll contribute to patient care, cutting-edge medical solutions, and life-changing treatment and technologies.
POSITION SUMMARY
The Privacy, Risk, and Compliance Manager is responsible for developing, implementing, and maintaining privacy and compliance frameworks to protect sensitive health information across the healthcare organization. This role ensures alignment with HIPAA, HITECH, and other federal and state healthcare privacy regulations. The Manager works cross-functionally with departments including IT, Legal, Clinical Operations, and HR to identify and mitigate risk while promoting a culture of compliance.
PRIMARY RESPONSIBILITIES
- Privacy Program Management
- Develop, maintain, and enforce HIPAA-compliant privacy policies and procedures.
- Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
- Ensure organizational compliance with HIPAA, HITECH, and applicable state healthcare privacy laws.
- Lead privacy education and training programs for clinical and administrative staff.
Risk & Compliance Oversight
- Lead and manage the organization's enterprise risk management (ERM) program.
- Conduct vendor risk assessments for third-party healthcare service providers and business associates.
- Coordinate internal audits and prepare for external healthcare regulatory assessments (e.g., OCR, Joint Commission).
- Track and report remediation activities for identified risk and compliance gaps.
Incident Response & Investigation
- Act as the privacy SME in response to data breaches or suspected privacy incidents.
- Collaborate with IT Security, Legal, and affected departments to ensure appropriate resolution and reporting.
- Coordinate breach notification processes in accordance with HIPAA Breach Notification Rule.
Reporting & Governance
- Maintain audit logs and documentation required for regulatory compliance.
- Generate risk and compliance reports for executive leadership and compliance committees.
- Monitor and report privacy and compliance KPIs across the healthcare network.
EXPERIENCE/EDUCATION REQUIREMENTS
- Bachelor's degree in Healthcare Administration, Information Security, Law, or a related field.
- Minimum 5 years of experience in healthcare privacy, risk management, or compliance roles.
- In-depth knowledge of HIPAA, HITECH, and applicable federal/state healthcare privacy laws.
- Experience conducting audits, risk assessments, and regulatory reporting in a healthcare environment.
- Excellent organizational, communication, and cross-functional collaboration skills.
PREFERRED QUALIFICATIONS
- Professional certifications: CHPC, CIPP/US, CIPM, CISM, or CRISC.
- Experience with healthcare compliance tools such as OneTrust, ServiceNow, or Archer.
- Background in working with hospitals, clinics, or health systems.
- Familiarity with EMR/EHR systems (e.g., Epic, Cerner).