A cover letter is required for consideration for this position and should be attached as the first page of your resume. The cover letter should address your specific interest in the position and outline skills and experience that directly relate to this position.

The HIPAA Privacy Manager is responsible for ensuring the organization's compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other state and federal privacy regulations. This role involves overseeing privacy initiatives, developing and implementing policies, managing responses to privacy incidents, overseeing the privacy office patient monitoring electronic health record (EHR) audit program, supporting the privacy office educational plan and many other key privacy compliance initiatives. The HIPAA Privacy Manager will serve as a key point of contact for HIPAA privacy related matters.

The HIPAA Privacy Manager reports to the HIPAA Official | Senior Corporate Compliance Director and assists in the day-to-day operations and implementation of the Privacy Office's privacy compliance program. This position performs ongoing activities to support privacy compliance with the academic medical center, the UM Health System (inclusive of regional affiliated hospitals) and the University Hybrid HIPAA covered components.   

This position will be eligible for a remote first approach to work location, however, there may be occasional required in-person meetings which will be held in the Ann Arbor Michigan area.  Flexible work opportunities are determined at the discretion of the hiring department. Flexible work agreements are reviewed annually and are subject to change dependent on the business needs of the team throughout the course of employment.

Michigan Medicine improves the health of patients, populations and communities through excellence in education, patient care, community service, research and technology development, and through leadership activities in Michigan, nationally and internationally.  Our mission is guided by our Strategic Principles and has three critical components; patient care, education and research that together enhance our contribution to society.

Michigan Medicine is one of the largest health care organizations in the world and has been the site of many groundbreaking medical and technological advancements since the opening of the U-M Medical School in 1850. Michigan Medicine is comprised of over 30,000 employees and our vision is to attract, inspire, and develop outstanding people in medicine, sciences, and healthcare to become one of the world?s most distinguished academic health systems. In some way, great or small, every person here helps to advance this world-class institution. Work at Michigan Medicine and become a victor for the greater good.

• Manage the work performed by privacy staff (auditors - associate, intermediate, senior and Privacy Team Leads) to include support and oversight of their performance of privacy work assignments and core functions (education, investigations, patient monitoring electronic audits of the EHR), completion of the Privacy Office annual workplan and other customer requests from workforce members for privacy resources and guidance as needed.  
• Assist the HIPAA Official in responding to federal and state government investigations of HIPAA privacy complaints, through the performance of the underlying investigation (or supervision of privacy office staff to perform the same), preparation of documentation and collection of relevant documents responsive to the government investigation demands.  
• The HIPAA Manager shall be responsible for oversight of our office's incident metrics, including the preparation of reports, tracking open/closed incidents, documenting, participating in investigations, preparing updates, documenting findings and recommendations.
• Additional duties include performing privacy risk assessments, providing consultations and guidance, assisting in developing and updating policies, procedures and standard operating procedures, and engaging in a wide range of privacy-related communications and education. 
• A critical requirement for this position will be the establishment and operation of this role across the affiliated institutions comprised of the academic medical center and the University and affiliated regional hospitals systems, to support adherence to our various HIPAA privacy policies consistent with corresponding state and federal privacy regulations. 
• Participate on committees and working groups to offer substantive guidance on issues involving HIPAA privacy and provide recommendations and guidance on best practices to address issues based on our HIPAA privacy policies.
• Build relationships with internal stakeholders to include the office of General Counsel, HIM, Compliance, IT and Information Security, leadership and staff at regional entities, HR and others to collaboratively address HIPAA privacy compliance initiatives and ensure HIPAA privacy policy compliance.
• Develop and provide HIPAA privacy education, training, and communications designed for a diverse workforce.
• Assist in the review and updating of web site content.
• Develop and prepare reports on Privacy Office metrics illustrating staff activities and progress in several key performance areas, including incidents, audits, consultations and educational guidance offered to teammates.  
• Prepare (and review/update) current Privacy Office standard operating procedures (SOPs) for several areas including, use of systems for privacy activities (like audits and incidents) and interactions with other affiliates where it may be necessary to coordinate joint activities that should be documented in a SOP.
• Assist with the development and reporting of HIPAA-related key performance indicators for leadership and other stakeholders across the health system.
• Partner with Human Resources to ensure that the diverse range of workforce members across the health system receive consistent communication for not only the enforcement of privacy compliance standards, but also the associated disciplinary guidelines/outcomes for identified patient privacy violations.
• Foster a 'speak-up' organizational culture free from retaliation.
• Advise internal stakeholders of potential HIPAA compliance risks.
• Continually acquire and update personal knowledge regarding regulatory changes impacting the health system and new systems or businesses acquired by the health system. 
• Lead complex compliance projects and cross-functional teams in setting and managing milestones and deliverables to achieve stated outcomes.
• Assist in planning, prioritizing and/or directing the work/responsibilities of teams/colleagues. 
• Perform other duties that may be necessary or in the best interest of the Program and the health system. 

Equivalent Education and/or Experience

• Bachelor's degree is required, Master's degree or Juris Doctorate preferred.
• Minimum seven (7) years' experience in healthcare compliance or health care operations, preferably with a large, multi-faceted healthcare company or academic medical center.
• Preferred experience with healthcare regulations, conducting investigations, auditing and monitoring, education and training and other healthcare compliance-related activities.
• An equivalent combination of relevant experience may serve as a substitute for the education requirements only.
• Preferred Certifications / Licensure: Currently certified and in good standing with one of the following (or obtained within 24 months of start date): Certified in Healthcare Compliance (CHC), Certified in Healthcare Privacy Compliance (CHPC) Certified Compliance Professional (CCP) Certified Information Privacy Professional (CIPP/US) or Certified Professional Compliance Officer (CPCO).  Alternative similar certifications may be substituted at the discretion of the Program.

Technical Skills:

• Excellent verbal and written communication skills.
• Ability to oversee and collaborate with professional level employees and exercise latitude and independence in assignments.
• Ability to create and deliver clear, concise, and effective information to a diverse workforce through a variety of methods, such as formal training, newsletters, webinars, etc.
• Experience with a health care electronic medical record system. 
• Mastery of Microsoft applications, telecommunications tools, software, and applications commonly used in healthcare.
• Robust organizational skills and attention to deadlines, details, and accountability.
• Strong composure when under pressure.
• Ability to delegate and serve as a coach/mentor/supporter to team members in and outside of the Compliance Program.
• Excellent critical-thinking skills with intuitive ability to appropriately escalate matters based on potential risk to the health system.
• Appreciation for the confidential nature of compliance-related and attorney-client privileged matters.
• Ability to foster a balanced 'need to know' work environment in support of Program objectives.
• Strong research, analytical and problem-solving skills.

Additional Skills:

• Exemplify MM's Mission, Vision, Values and Code of Conduct.
• Operates with high degree professional integrity.
• Inspire confidence in key stakeholders, build consensus, influence others, maintain credibility and effectively lead teams.
• Team player and good listener who values the input of others and their contributions.
• Energetic, results-oriented individual who is innovative, and creative.
• Understanding of and adherence to High Reliability principles. 

Positions that are eligible for hybrid or mobile/remote work mode are at the discretion of the hiring department. Work agreements are reviewed annually at a minimum and are subject to change at any time, and for any reason, throughout the course of employment. Learn more about the work modes.

Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings.  Background screenings are performed in compliance with the Fair Credit Report Act. Pre-employment drug testing applies to all selected candidates, including new or additional faculty and staff appointments, as well as transfers from other U-M campuses.

Job openings are posted for a minimum of seven calendar days.  The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.

The University of Michigan is an equal employment opportunity employer.