Serves as the enterprise HIPAA Privacy Officer responsible for the interpretation, application, and oversight of HIPAA Privacy Rule requirements across U.S. operations. Collaborates with Legal, IT, and GRC teams to manage privacy risks, handle breach assessments, and ensure operational compliance.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
- Serves as the enterprise HIPAA Privacy Officer for U.S. operations, responsible for interpretation, application, and oversight of HIPAA Privacy Rule requirements across the organization.
- Provides day-to-day guidance and subject matter expertise on HIPAA compliance across operational changes, initiatives, and projects of varying size and complexity.
- Advises business, clinical, and IT teams on appropriate handling, use, and disclosure of PHI, including identification and mitigation of privacy risks.
- Partners closely with Governance, Risk & Compliance (GRC) to:
- Develop and maintain Privacy Policies, standards, and procedures that meet HIPAA requirements
- Ensure HIPAA controls are defined, implemented, and monitored
- Align privacy requirements with broader regulatory and control frameworks
- Support reviews of third party vendors for compliance with HIPAA
- Support audits, assessments, and regulatory inquiries
- Collaborates with Cyber & Privacy Operations during privacy incidents to:
- Support breach assessment and risk analysis
- Ensure timely escalation, containment, and notification decisions
- Contribute to post-incident remediation and continuous improvement efforts
- Develop standard operating procedures (SOPs)
- Develop and deliver training on PHI policies and procedures.
- Works in close partnership with U.S. Privacy Legal Counsel to:
- Assess regulatory requirements and enforcement expectations
- Serve as primary point of contact for privacy complaints, investigations, breach risk assessments, and regulatory inquiries
- Ensure alignment of operational practices with legal obligations
- Support development and maintenance of privacy policies and notices
- Reviews and provides input on project designs, system implementations, workflows, and process changes to ensure alignment with HIPAA and organizational privacy requirements.
- Drives the integration of privacy-by-design principles into clinic operations and enterprise processes, ensuring sustainable and scalable compliance.
- Maintain documentation required to demonstrate HIPAA compliance, including overseeing requests for access, amendments, restrictions, and confidential communications for patient medical records; and ensuring timely response and appropriate denials and approvals.
- Develops practical, scalable self-service tools, templates, and guidance to enable teams to independently address routine privacy requirements.
- Partners with clinical and operational leaders to ensure HIPAA requirements are consistently and effectively executed in day-to-day clinic and physician practices’ operations.
- Supports awareness and training efforts to promote understanding of privacy responsibilities across workforce members.
- Participates in internal and external meetings, including regulatory, audit, and compliance forums, representing the organization’s HIPAA privacy posture.
PHYSICAL DEMANDS AND WORKING CONDITIONS:
- The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Travel required per business need.
EDUCATION:
- Bachelor’s Degree required; degree in a related discipline such as Health Information Management, Healthcare Administration, or Law preferred
EXPERIENCE AND REQUIRED SKILLS:
- 8–10 years of experience in privacy, compliance, or healthcare regulatory roles
- Demonstrated expertise in HIPAA Privacy Rule requirements and real-world application in healthcare operations
- Experience supporting clinical, operational, and IT environments with privacy guidance
- Proven ability to translate regulatory requirements into actionable, business-friendly solutions
- Strong experience working cross-functionally with Legal, Compliance, Security, and operational stakeholders
- Experience supporting privacy incident response and breach risk assessments
- Strong understanding of healthcare workflows, PHI data flows, and regulatory risk
- Excellent communication skills, with the ability to present complex privacy concepts to non-technical and executive audiences
- Strong analytical, problem-solving, and decision-making capabilities
- High attention to detail and ability to operate in a fast-paced, evolving environment
PREFERRED CERTIFICATIONS / DESIGNATIONS:
- Certified in Healthcare Privacy Compliance (CHPC) – HCCA
- Certified Information Privacy Professional (CIPP/US or CIPP/E) – IAPP
- Certified Information Privacy Manager (CIPM) – IAPP
The rate of pay for this position will depend on the successful candidate’s work location and qualifications, including relevant education, work experience, skills, and competencies.
Annual Rate: $97,000.00 - $163,000.00
Benefit Overview: This position offers a comprehensive benefits package including medical, dental, and vision insurance, a 401(k) with company match, paid time off, parental leave and potential for performance-based bonuses depending on company and individual performance.
Fresenius Medical Care is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sexual orientation, gender identity, parental status, national origin, age, disability, military service, or other non-merit-based factors