Regional Privacy Officer (Health Information Management) - Duke Street Office Building - Days

York, PA | Professional | Tracking Code: 57708

Position Summary:

General Summary:




Under general supervision of the Director, Health Information Protection, directs and guides regional hospital, outpatient facility and medical group activities to support the organization’s Privacy Program.  Includes, but is not limited to daily operations of the program, development, implementation, and maintenance of policies and procedures, workforce awareness and training, monitoring program compliance, investigation and tracking of incidents and breaches, review, vetting and validation of non-WellSpan users and insuring patients’ rights in compliance with federal and state laws.



Duties and Responsibilities:


  1. Serves as a(n) (information) privacy and security compliance resource for the organization.
  2. Maintains current knowledge of industry standards and ensures compliance with federal and state regulations regarding privacy and uses and disclosures of health information.
  3. Works collaboratively with the WellSpan Security Operations Center (WellSoc) leadership in addressing new and/or on-going security risk assessment reviews, including any associated analysis, mitigation and remediation.
  4. Using Privacy Administration software, ensures consistent application of established process for the receipt, documentation, tracking and investigation of privacy and Protected Health Information (PHI)-related security violations against the organization’s privacy and security practices. Ensures that all documentation of privacy and PHI-related security violations meets regulatory requirements.
  5. Develops and maintains content of privacy and information security education as required by federal regulations; enhances relevance as it pertains to employees, volunteers, medical staff, contractors, business associates, and other third parties. Initiates, facilitates, and promotes activities to foster workforce awareness of privacy and confidentiality policies, procedures, and practices.
  6. Takes a lead role in ensuring that the organization has and maintains appropriate enterprise-wide operational practices, including, but not limited to, policies and procedures, privacy and confidentiality consents, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
  7. Investigates and monitors all complaints to ensure consistent application of standards for failure to comply with privacy and security practices. Works closely with Human Resources and management on all disciplinary actions taken with involved staff.
  8. Performs initial and periodic information privacy breach risk assessments/analysis, documentation, mitigation, and remediation.
  9. Cooperates with the Office for Civil Rights and/or other investigative agencies in response to external compliance reviews or investigations. Facilitates coordination of responses with WSH leadership.
  10. Measures and reports on the status, effectiveness, and quality of WSH’s health information protection program and provides input, recommendations, and guidance on privacy issues affecting the organization.
  11. Serves as an information privacy liaison for vetting, approval and monitoring of non-WSH user access to clinical and administrative information systems containing PHI.
  12. Utilizes Privacy Monitoring software to conduct proactive reviews and assessments of access to PHI and recommends appropriate individual and/or policy actions as a result.
Required Experience

Minimum Education:


Bachelor's Degree



Preferred Education:


Master’s Degree



Minimum Experience:


3 - 5 years in a multi-entity health information management and/or privacy environment.



Minimum Field of Expertise:


Health Information Management



Required Cert/Registration:


Certified in Healthcare Privacy and Security (CHPS) and Registered Health Information Administrator (RHIA)

Quality of Life

WellSpan Health is an integrated health system that serves the communities of central Pennsylvania and northern Maryland. The organization is comprised of a multispecialty medical group of more than 1,500 physicians and advanced practice clinicians, a regional behavioral health organization, a home care organization, eight respected hospitals, more than 19,000 employees, and 170 patient care locations. WellSpan is a charitable, mission-driven organization, committed to exceptional care for all, lifelong wellness and healthy communities. We are committed to transforming the health of the communities we serve and to educating the next generation of clinicians, staff and leaders.

Quality of Life
Quality of Life

Founded in 1741, the city of York is considered by many as the first capital of the United States. The Articles of Confederation were signed by the Second Continental Congress here in 1777. Its beautifully restored historic district is an architectural treasure. While York retains its farming and manufacturing heritage, at its heart York is a thriving cultural community that has attracted creative talent and innovative entrepreneurial investors from across the nation.

Life in York County offers affordable housing, options for higher education, a thriving arts and cultural community, historical attractions, parks and recreational resources, semi-professional baseball team, fine dining and more — within an easy drive of major East Coast cities.

York County residents can find local employment in healthcare, manufacturing, technology, agricultural and service sectors. (Patient population: 445,000)

Equal Opportunity Employment

WellSpan Health is an equal opportunity employer. Employment selection and related decisions are made without regard to sex, race, age, disability, religion, national origin, color or any other protected class. WellSpan Health does, however, have a tobacco-free/nicotine-free hiring policy.

Similar Opportunities