Reporting to the Chief Privacy Officer, the Privacy Compliance Manager works to ensure compliance with federal, state, and University requirements related to the privacy of personally identifiable information (PII). The Privacy Compliance Manager provides contracting as well as training support to the Privacy Office, including review, negotiation, and management of HIPAA Business Associate Agreements and Data Transfer Agreements. Among other duties, the Privacy Compliance Manager provides guidan... more details
Reporting to the Chief Privacy Officer, the Privacy Compliance Manager works to ensure compliance with federal, state, and University requirements related to the privacy of personally identifiable information (PII). The Privacy Compliance Manager provides contracting as well as training support to the Privacy Office, including review, negotiation, and management of HIPAA Business Associate Agreements and Data Transfer Agreements. Among other duties, the Privacy Compliance Manager provides guidance regarding privacy requirements and expectations to Yale faculty, staff, students, and trainees and keeps abreast of changes in University policy, as well as federal, state and international regulations, and will be a valuable and reliable resource to the privacy team and the University community. Ability to work independently and exercise sound judgment, as well as ability work well as part of a team and support others on the team. Ability to prioritize, problem-solve, and work under pressure without sacrificing accuracy or customer service. 1. Review, develop, and negotiate contracts involving personally identifiable information including data use agreements, GDPR standard contractual clauses, and data processing agreements in collaboration with the Chief Privacy Officer, Procurement, and the Office of Sponsored Projects. Provide feedback on acceptability of terms and recommend revisions. Provide guidance to the Yale community on completing data processing appendices. 2. Review, develop, negotiate, and manage Business Associate Agreements (BAA) including submissions and initial review of proposed agreements. Refer substantive issues to the Chief HIPAA Privacy Officer as needed and coordinate with Procurement to obtain fully executed Business Associate Agreements that meet regulatory mandates and institutional standards. Maintain the Business Associate files and logs and ensure complete list of the current Business Associates is available to the Yale community on the HIPAA website. Monitor compliance with Business Associate requirements through outreach to Yale departments as well as active Business Associates. 3. Facilitate privacy compliance across the University by managing centralized privacy functions. Utilizing knowledge of applicable federal and state regulations related to privacy, responsible for the creation of training materials and guidance for faculty, staff, and students regarding privacy compliance. Identify recurrent issues of University and federal requirements for privacy which are poorly understood and provide enhancements to existing educational materials to address gaps. 4. Serve as initial contact person for the HIPAA Privacy Office. Respond to, resolve, or refer, as appropriate, inquiries to the Privacy Office from various sources both within and outside Yale University including patients, research investigators, research subjects, clinicians, students, employees, and administrators related to privacy matters. 5. Assist with researching potential breaches and maintaining mandated documentation including an auditable record of incidents investigated under the HIPAA Breach Notification and other state and federal notice requirements. Maintain appropriate documentation of breach determinations. Assist in notification process. 6. In conjunction with Chief Privacy Officer, oversee compliance with privacy policies and procedures. Appropriately document findings and determine reasonable corrective actions for any finding including guidance documents, revisions to documents and forms, or other measures. 7. Maintain training records and privacy courses in the University’s learning management system including off-line courses. Respond to questions and concerns regarding training compliance requirements for the HIPAA Privacy and Security training and other privacy modules. Responsible for producing, distributing, and following up on training reports, upon request, for all HIPAA covered components of the University. 8. Maintain the Yale HIPAA and Privacy Office websites and update as necessary to reflect changes in institutional practices and federal, state, or international privacy regulation. 9. Other duties as assigned. Bachelor’s degree in relevant field and a minimum of four years related demonstrated experience or the equivalent combination of education and demonstrated experience.