1. Review, develop, and negotiate contracts involving personally identifiable information including data use agreements, GDPR standard contractual clauses, and data processing agreements in collaboration with the Chief Privacy Officer, Procurement, and the Office of Sponsored Projects. Provide feedback on acceptability of terms and recommend revisions. Provide guidance to the Yale community on completing data processing appendices. 2. Review, develop, negotiate, and manage Business Associate Agreements (BAA) including submissions and initial review of proposed agreements. Refer substantive issues to the Chief HIPAA Privacy Officer as needed and coordinate with Procurement to obtain fully executed Business Associate Agreements that meet regulatory mandates and institutional standards. Maintain the Business Associate files and logs and ensure complete list of the current Business Associates is available to the Yale community on the HIPAA website. Monitor compliance with Business Associate requirements through outreach to Yale departments as well as active Business Associates. 3. Facilitate privacy compliance across the University by managing centralized privacy functions. Utilizing knowledge of applicable federal and state regulations related to privacy, responsible for the creation of training materials and guidance for faculty, staff, and students regarding privacy compliance. Identify recurrent issues of University and federal requirements for privacy which are poorly understood and provide enhancements to existing educational materials to address gaps. 4. Serve as initial contact person for the HIPAA Privacy Office. Respond to, resolve, or refer, as appropriate, inquiries to the Privacy Office from various sources both within and outside Yale University including patients, research investigators, research subjects, clinicians, students, employees, and administrators related to privacy matters. 5. Assist with researching potential breaches and maintaining mandated documentation including an auditable record of incidents investigated under the HIPAA Breach Notification and other state and federal notice requirements. Maintain appropriate documentation of breach determinations. Assist in notification process. 6. In conjunction with Chief Privacy Officer, oversee compliance with privacy policies and procedures. Appropriately document findings and determine reasonable corrective actions for any finding including guidance documents, revisions to documents and forms, or other measures. 7. Maintain training records and privacy courses in the University's learning management system including off-line courses. Respond to questions and concerns regarding training compliance requirements for the HIPAA Privacy and Security training and other privacy modules. Responsible for producing, distributing, and following up on training reports, upon request, for all HIPAA covered components of the University. 8. Maintain the Yale HIPAA and Privacy Office websites and update as necessary to reflect changes in institutional practices and federal, state, or international privacy regulation. 9. Other duties as assigned.
Required Skill/ability 1: Contract drafting and negotiation skills; ability research and learn about privacy-related legal requirement. Thorough working knowledge of PC-based tools including Microsoft Office Suite, data base administration, and other related software.
Required Skill/ability 2: Excellent oral and written communication and interpersonal skills including ability to interact positively with a broad spectrum of individuals from patients to faculty members, as well as demonstrated organizational skills and analytic ability.
Required Skill/ability 3: Demonstrated superior and organized customer service coordination working with multiple stakeholders, i.e., administrators, patients, etc.
Required Skill/ability 4: Ability to have high level of ethics and integrity in professional matters and sensitivity for confidentiality.
Required Skill/ability 5: Ability to work independently and exercise sound judgment, as well as ability work well as part of a team and support others on the team. Ability to prioritize, problem-solve, and work under pressure without sacrificing accuracy or customer service.
Preferred Education: J.D. or other advanced degree. Working knowledge of international, federal, and state privacy regulations including the privacy of health information.
Work Week: Standard (M-F equal number of hours per day)
Posting Position Title: Privacy Compliance Manager
University Job Title: Privacy Compliance Manager
Preferred Education, Experience and Skills: J.D. or other advanced degree. Working knowledge of international, federal, and state privacy regulations including the privacy of health information. Bachelor's degree in relevant field and a minimum of four years related demonstrated experience or the equivalent combination of education and demonstrated experience. About Yale University
Yale University is an American private Ivy League research university located in New Haven, Connecticut. Founded in 1701 in the Colony of Connecticut, the university is the third-oldest institution of higher education in the United States.
Connections working at Yale University