Privacy Officer - 2025488

ROLE & RESPONSIBILITIES:

• Develop and implement corporate privacy policies and procedures.
• Provide training and guidance to staff regarding data privacy. 
• Elaborate the list of training courses/content needed for the staff working under the various health components of WR’s HIPAA/HITECH hybrid framework.   
• Conduct regular and ongoing privacy risk assessments and legal-compliance reviews using WR’s risk assessment systems and cycles, evaluating compliance with all applicable local, state, federal, and international regulations.   
• Identify potential areas of privacy vulnerability and risk.  Develop corrective action plans to be approved for resolution of problematic issues and guidance for risk mitigation.
• Collaborate with the Security Officer to ensure protection of electronic protected health information (ePHI) in compliance with both federal and state law, and where necessary define steps to mitigate any identified risks.   
• Investigate and track privacy incidents as they arise, reporting inappropriate access and/or disclosure of protected health information according to the Health Insurance Portability and Accountability Act (HIPAA) and HITECH privacy rules.
• Coordinate, convene and report progress to and recommendations for changes to the internal intradepartmental Privacy Decision Group. 
• Keep abreast of the changing landscape of privacy laws and best practices, updating the relevant policies and procedures and communicating these changes accordingly.
• Monitor and compliance follow-up with staff for the documentation platform for detailed documentation of staff training, and other privacy compliance requirements for staff working in roles where HIPAA compliance is required (currently about 40 staff with annual growth in the next three years of 10 to 30 staff per year).
• Collaborate with diverse teams across departments and functions
• Demonstrate success in setting goals and objectives, managing to outcomes, and developing and using data to inform continuous improvement and decision making
• Professional, collaborative approach that is solution oriented; demonstrated leadership and management skills including the ability to escalate concerns through appropriate chains of command.
• Coordinate and move forward all activities related to the development, implementation, maintenance, and adherence to the organization’s policies and procedures covering privacy and access to patient health information (PHI/ePHI) for hybrid entities in accordance with federal and state laws and the organization’s information privacy practices

JOB REQUIREMENTS:

• Mature and personal Christian faith
• Committed to the mission, vision, and values of World Relief
• Desire to serve and empower the Church to impact vulnerable communities
• Able to affirm and/or acknowledge World Reliefs Core Beliefs, Statement of Faith, Christian Identity and National Association of Evangelicals' For the Health of The Nation document
• Five years of experience in compliance, privacy role, or equivalent experience is required. 
• At least two years of experience as a Privacy Officer in a nonprofit organization under a hybrid entity framework to implement HIPAA/HITECH rules just to the designated covered health and business associate components of the hybrid entity.
• Ability and willingness to cultivate, engage with internal and external partners and to promote and achieve organizational strategic outcomes
• Subject matter expert on laws, regulations, policies, and procedures relating to the protection of private and confidential information. 
• Have a highly developed written and verbal communication skills.
• Sound business judgment on handling sensitive and confidential information.
• Ability to work in diverse settings.

PREFERRED QUALIFICATIONS:

• Experience in a multi-program sector nonprofit where only a small percentage of the programs or activities are covered health components of the entity. 
• Familiar with behavioral health practices is preferred.