Transforming the future of healthcare isn't something we take lightly. It takes teams of the best and the brightest, working together to make an impact.
As one of the largest healthcare technology companies in the U.S., we are a catalyst to accelerate the journey toward improved lives and healthier communities.
Here at Change Healthcare, we're using our influence to drive positive changes across the industry, and we want motivated and passionate people like you to help us continue to bring new and innovative ideas to life.
If you're ready to embrace your passion and do what you love with a company that's committed to supporting your future, then you belong at Change Healthcare.
Pursue purpose. Champion innovation. Earn trust. Be agile. Include all.
Empower Your Future. Make a Difference.
Data Protection Officer & Senior Privacy Counsel
Overview of the Position
The Data Protection Officer (DPO) & Senior Privacy Counsel works closely with the Chief Privacy Officer and within the Enterprise Privacy Office to help lead the regulatory and compliance related activities for privacy matters for the organization, including developing policies, processes, and a program covering the privacy of, and access to, protected health information (PHI), Personal Information (PI), and sensitive data in compliance with US federal and state laws, the EU Privacy Shield and GDPR, PIPEDA, and other relevant international privacy protection laws and regulations. Provide regulatory, transactional, and legal support and advice to the business units and senior and executive management in the United States, Canada and the EU.
In his/her unique role as the DPO, this team member will monitor compliance with and advise upon Change Healthcare's UK and European Union data privacy obligations as established under the General Data Protection Regulation (GDPR). The DPO will coordinate closely with the Enterprise Privacy Office and the Chief Privacy Officer to implement necessary compliance processes where gaps are identified or efficiencies are needed.
Why this Role is Compelling
- Implement foundational privacy principles to support business expansion in global operations
- Be a thought leader in healthcare privacy with cutting edge privacy issues
- Help us build and execute a world class privacy program
What will be my duties and responsibilities in this job?
- DATA PROTECTION OFFICER
- Advise upon Change Healthcare's global data privacy obligations as established under the General Data Protection Regulation (GDPR), PIPEDA, and other applicable regulatory privacy frameworks.
- Monitor compliance with the GDPR and ensure relevant Change Healthcare personnel are appropriately trained and aware of their specific GDPR obligations.
- Coordinate with Change Healthcare's Enterprise Privacy Office and the Chief Privacy Officer to recommend necessary compliance processes where gaps are identified or efficiencies are needed.
- Review and advise upon escalated Data Protection Impact Assessments and coordinate with product teams, Product Development Privacy Counsel, and other stakeholders to identify and address GDPR compliance challenges.
- As necessary, serve as primary point of contact for EU customer privacy inquiries and escalate consistent with regulatory requirements.
COUNSELING, GOVERNANCE AND GENERAL MANAGEMENT
- Supporting our strategic and comprehensive privacy program that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of PHI, paper and/or electronic, across all media types.
- Working with business leaders, information security leaders, and team members in the Legal and Compliance department to establish governance for the organization's privacy program covering the requirements of HIPAA, GDPR, PIPEDA, PCI, GLBA, other federal and state and other applicable international privacy protection laws and regulations.
- Monitor and audit de-identification activity, including reviewing statisticians' certifications, within the business units to ensure their compliance with HIPAA and legal requirements.
- Monitor changes in law, and review and update business processes and related policies.
- Preparing reports of privacy metrics, investigations, trends, privacy incidents and strategy/recommendations to mitigate privacy risks for the Chief Privacy Officer
PROCESS, POLICY AND TRAINING
- Developing and delivering ongoing privacy training to team members and management
- Initiating, facilitating and promoting activities to foster information privacy awareness within the organization and related entities.
- Serving as information privacy consultant to the Business Unit Attorneys and others in the Legal & Compliance department.
- Leading the organization's compliance efforts for the EU Privacy Shield, GDPR, PIPEDA, and other applicable international privacy protection laws and regulations.
- Establishing and administering a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization's privacy program and policies and procedures in
RISK MITIGATION AND REPORTING
- Leading privacy impact assessments and data protection risk assessments and other required audits
- Leading regular information privacy risk assessment/analysis, mitigation and remediation efforts in coordination with information security.
- Developing metrics and reporting on the effectiveness of the organization's privacy program.
- Participating in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
- Performing initial and periodic information privacy risk assessments and conducting related ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.
PRIVACY INCIDENTS, INVESTIGATIONS AND AUDITS
- Managing, with the Business Unit compliance resources and others in Legal & Compliance, all required breach determination and notification processes under HIPAA, GDPR, and applicable federal and state breach rules and requirements.
- Working with and managing external counsel on incidents as needed.
- Leading any compliance reviews or investigations of the organization by the Office of Civil Rights, other federal or state regulators, and other regulatory agencies.
- Performing required breach risk assessment, documentation, and mitigation; and working with Human
What are the requirements needed for this position?
- 10 + years' experience In-house experience at a multinational corporation or law firm experience counseling clients on international privacy matters
- A minimum of 3+ years of experience providing healthcare privacy counsel to clients preferred but not required
- Deep understanding of complex global data privacy laws and principles, including the GDPR and UK and EU member state privacy laws.
- Experience negotiating client and vendor agreements, drafting documents related to data security and privacy.
- Demonstrated experience providing practical, actionable advice that balances legal risk and business impact in a dynamic environment.
- Juris Doctor Degree from an ABA accredited law school with excellent academic credentials; admission to practice in good standing as a member of a jurisdiction is required.
- Obtained or demonstrates an active pursuit of one or more of the following IAPP or CHP certifications; CIPP/US, CIPP/E, Canadian privacy (CIPP/C), Technology (CIPT), CHPS (Certified in Healthcare Privacy & Security), or CHPC (Certified in Healthcare Privacy Compliance)
What other skills/experience would be helpful to have?
- 1+ year serving as a Data Protection Officer is plus
- Provide counsel related to advanced and cutting-edge data use and acquisition, as well as data mapping, classification, and related data management and governance.
- Experience conducting privacy impact assessments (PIA) and data privacy impact assessments (DPIA)
- Support the privacy, security, and data protection aspects of relationships and contract review
What are the working conditions and physical requirements of this job?
How much should I expect to travel?
- Employees in roles that require travel will need to be able to qualify for a company credit card or be able to use their own personal credit card for travel expenses and submit for reimbursement.
Join our team today where we are creating a better coordinated, increasingly collaborative, and more efficient healthcare system!
Equal Opportunity/Affirmative Action Statement
Change Healthcare is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, genetic information, national origin, disability, or veteran status. To read more about employment discrimination protections under federal law, read EEO is the Law at https://www.eeoc.gov/employers/eeo-law-poster and the supplemental information at https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf.
If you need a reasonable accommodation to assist with your application for employment, please contact us by sending an email to email@example.com with "Applicant requesting reasonable accommodation" as the subject. Resumes or CVs submitted to this email box will not be accepted.
Click here https://www.dol.gov/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf to view our pay transparency nondiscrimination policy.
Change Healthcare maintains a drug free workplace and conducts pre-employment drug-testing, where applicable, in accordance with federal, state and local laws.