Privacy Compliance Manager

Essential Duties

1.Review, develop, and negotiate contracts involving personally identifiable information including data use agreements, GDPR standard contractual clauses, and data processing agreements in collaboration with the Chief Privacy Officer, Procurement, and the Office of Sponsored Projects. Provide feedback on acceptability of terms and recommend revisions.

Provide guidance to the Yale community on completing data processing appendices. 2. Review, develop, negotiate, and manage Business Associate Agreements (BAA) including submissions and initial review of proposed agreements. Refer substantive issues to the Chief HIPAA Privacy Officer as needed and coordinate with Procurement to obtain fully executed Business Associate Agreements that meet regulatory mandates and institutional standards.

Maintain the Business Associate files and logs and ensure complete list of the current Business Associates is available to the Yale community on the HIPAA website. Monitor compliance with Business Associate requirements through outreach to Yale departments as well as active Business Associates. 3. Facilitate privacy compliance across the University by managing centralized privacy functions.

Utilizing knowledge of applicable federal and state regulations related to privacy, responsible for the creation of training materials and guidance for faculty, staff, and students regarding privacy compliance. Identify recurrent issues of University and federal requirements for privacy which are poorly understood and provide enhancements to existing educational materials to address gaps. 4. Serve as initial contact person for the HIPAA Privacy Office.

Respond to, resolve, or refer, as appropriate, inquiries to the Privacy Office from various sources both within and outside Yale University including patients, research investigators, research subjects, clinicians, students, employees, and administrators related to privacy matters. 5. Assist with researching potential breaches and maintaining mandated documentation including an auditable record of incidents investigated under the HIPAA Breach Notification and other state and federal notice requirements. Maintain appropriate documentation of breach determinations.

Assist in notification process. 6. In conjunction with Chief Privacy Officer, oversee compliance with privacy policies and procedures. Appropriately document findings and determine reasonable corrective actions for any finding including guidance documents, revisions to documents and forms, or other measures. 7.

Maintain training records and privacy courses in the University's learning management system including off-line courses. Respond to questions and concerns regarding training compliance requirements for the HIPAA Privacy and Security training and other privacy modules. Responsible for producing, distributing, and following up on training reports, upon request, for all HIPAA covered components of the University. 8.

Maintain the Yale HIPAA and Privacy Office websites and update as necessary to reflect changes in institutional practices and federal, state, or international privacy regulation. 9. Other duties as assigned.

Required Education and Experience

Bachelor's degree in relevant field and a minimum of four years related demonstrated experience or the equivalent combination of education and demonstrated experience.

Background Check Requirements

All candidates for employment will be subject to pre-employment background screening for this position, which may include motor vehicle, DOT certification, drug testing and credit checks based on the position description and job requirements. All offers are contingent upon the successful completion of the background check. For additional information on the background check requirements and process visit "Learn about background checks" under the Applicant Support Resources section of Careers on the It's Your Yale website.

Position Focus:

Reporting to the Chief Privacy Officer, the Privacy Compliance Manager works to ensure compliance with federal, state, and University requirements related to the privacy of personally identifiable information (PII). The Privacy Compliance Manager provides contracting as well as training support to the Privacy Office, including review, negotiation, and management of HIPAA Business Associate Agreements and Data Transfer Agreements. Among other duties, the Privacy Compliance Manager provides guidance regarding privacy requirements and expectations to Yale faculty, staff, students, and trainees and keeps abreast of changes in University policy, as well as federal, state and international regulations, and will be a valuable and reliable resource to the privacy team and the University community.

Preferred Education, Experience and Skills:

J.D. or other advanced degree. Working knowledge of international, federal, and state privacy regulations including the privacy of health information.

Posting Disclaimer

The intent of this job description is to provide a representative summary of the essential functions that will be required of the position and should not be construed as a declaration of specific duties and responsibilities of the particular position. Employees will be assigned specific job-related duties through their hiring departments.