|•||Job Seeker Tools|
|•||Your Saved Jobs|
|•||Build Your Professional Profile|
|Assistant Director, University and Research Privacy|
Company: University of Miami Health System
Location: Coral Gables, FL
Employment Type: Full Time
Date Posted: 10/27/2021
Expire Date: 12/27/2021
Job Categories: Education
Assistant Director, University and Research Privacy|
The Office of the Vice Provost for Research & Scholarship has an exciting opportunity for an Assistant Director, University and Research Privacy position to work at the Coral Gables campus.
The Assistant Director of University and Research Privacy (Assistant Director) supports university and research privacy concerns across the University/Research enterprise. In this role, the Assistant Director reports to the to the Vice Provost for Research + Scholarship for University/Research activities. The Assistant Director also has a dotted line reporting relationship to the Vice President of Audit and Compliance for support services related to University privacy compliance. In addition, the Assistant Director also serves as institutional Data Protection Officer (DPO) pursuant to GDPR requirements.
The Assistant Director will oversee ongoing activities related to the dev elopment, implementation, and maintenance of the University research programís adherence to privacy principles in accordance with applicable state, federal and international laws, regulations, and rules. The Assistant Director will lead the effort toward fostering a culture of respect for privacy throughout the research organization.
PRIMARY DUTIES AND RESPONSIBILITIES:
Lends strategic advisory support regarding regulatory issues, privacy considerations, data ethics and risk mitigation to critical initiatives managed by or contributed to by Office of the Vice Provost for Research (OVPRS).
Serves as the liaison between the University research/academy privacy matters and the HIPAA privacy group in UHealth Compliance and HSRO & RCQA.
Assists in developing, implementing, and oversight privacy regulatory compliance strategies.
Identifies and ranks areas at risk of exposure and recommends strategies to address issues.
Identifies and reports general compliance issues that may arise.
Stays abreast of current regulations and trends, and ensures appropriate actions are taken to incorporate necessary revisions into the workplace environment.
Provides advisory services on regulatory considerations and support the contracting function for Research Administration, business units and other related parties to ensure all research and privacy concerns, requirements, responsibilities, related laws, and data ethics standards are properly addressed in agreements.
Leads the process of maintaining University templates for data-centric, research-related agreements aligned with evolving regulatory requirements and University priorities in consultation with stakeholders such as the Office of General Counsel and others.
With delegated signature authority, reviews, negotiates and executes agreements for the use and transfer of data and information with external parties.
Provides support to the research community on global privacy and security issues and use or disclosure of protected health information and protected identifiable information to ensure minimal risk to the privacy of individuals. Reviews research proposals for HIPAA, Data Privacy/Data Security, and Common Rule/FDA compliance.
Works with PI and research teams to provide technical assistance and guidance on regulatory requirements; assists with design of complex studies involving patient or other individually identifiable data.
Advises on data and privacy issues in structuring ventures and advisory support in negotiating agreements.
Provides advisory services relative to Office of Technology Transfer on how data deals can be structured to comply with regulatory and data ethics norms and help negotiate terms where appropriate.
Collaborates with UMIT, University Compliance Services, UHealth IT and other stakeholders to organize, administer and build policy around data generated by new technologies being developed by and used by the University community (e.g. wearable devices, embedded sensors, mobile apps, cloud computing/storage, AI, machine learning, etc.).
Researches and monitors changing federal, state, and international laws relating to privacy requirements for research
Serves as liaison to other institutional regulatory and monitoring work groups or committees with regards to University privacy matters concerning the University/Academy
Provides guidance on privacy matters to management, faculty, staff and administrators and others doing business with the University, as appropriate and participate in periodic training, education, and outreach.
Assists with contract review on privacy issues related to research.
Supervises personnel as the Vice Provost deems necessary in effectuating the above.
Serves as data privacy resource concerning privacy regulations that impact the University/Academy (including GDPR, FERPA, FIPA, COPPA, GLBA, etc.).
Investigates and acts on University privacy complaints when raised by data subjects or third parties.
Initiates, facilitates and promotes activities to foster data privacy awareness within the organization.
As Data Protection Officer for the University pursuant to GDPR, the Assistant Director will be responsible for conducting the duties attributed to a Data Protection Officer as outlined in GDPR.
Responds to data subject requests and build/maintain a process for same.
Assesses and monitors compliance activities relating to University data protection and PII captured, stored, and transmitted by University departments in various formats and from various sources.
Serves as subject matter expert in any privacy breach incidents that involve PII.
Assists UMIT in responding to PII privacy incidents/breaches.
Develops and provides training to the University community concerning FERPA and GDPR
Evaluates the institutionís compliance with FERPA, GDPR and other privacy. regulations and make recommendations for improvements.
In the capacity of Data Protection Officer, assist Contract Administration (Business Services) and the Office of General Counsel in the review of Data Processing Agreements and serves as a subject matter expert.
Lends advisory support to the Office of General Counsel, and UMIT on operationalizing strategic University/Academy initiatives (non-UHealth and non-research).
Keeps abreast of new legal and data privacy regulations that affect the University.
Current knowledge of applicable global, federal, and state privacy laws and standards.
Exceptional interpersonal and leadership skills with the ability to influence and work collaboratively within the UHealth and University community. Must be able to problem solve, prioritize assignments, and effectively manage projects.
Knowledge of federal and state laws, rules, and regulations that affect a multi-faceted institution of higher education, research, and health care.
Ability to interpret and translate, legal, regulatory, and risk implications of actions taken by the organization.
Ability to assess legal, regulatory and risk implications of investigations or proceedings brought by any regulatory agency, individual or class of individuals.
Highly developed creative thinking and problem-solving ability with excellent oral and written communication skills.
Desire and demonstrable ability to achieve CIPT and/or CIPM certification within 12-18 months of assuming role where budgetary considerations allow.
Keen attention to detail and strong analytical and reasoning skills are essential.
Excellent communication skills, including the ability to translate complex legal and regulatory concepts into easy-to-understand advice.
Ability to multi-task and work effectively and efficiently to meet deadlines on a time-sensitive basis.
Possesses a positive, problem-solving attitude and flexibility.
Substantial and in-depth knowledge of privacy principles and relevant international, federal, and state laws applicable to the University of Miami as a healthcare, higher education institution and research enterprise.
An understanding of good management, compliance and governance practices and familiarity with privacy standards/regulations in the healthcare and higher education arenas.
A collaborative, culturally competent and consultative style appropriate for working effectively through a diverse and complex organization.
Ability to synthesize complex concepts.
A law degree and/or a minimum of three (3) years of experience in an appropriate area of specialization.
Relevant certifications required, such as CIPP/US by the International Association of Privacy Professionals (IAPP), Certified HIPAA Professional (CHP), at minimum; CIPP/E strongly preferred.
Extensive familiarity with relevant privacy legislation for the protection of health information and patient privacy required.
WORK EXPERIENCE REQUIREMENTS:
Three (3) of work-related experience in the healthcare and/or education industries or comparable education and/or work experience, including, for example, graduate school combined with externships/internships.
Experience serving in the capacity as a privacy subject matter expert, advisor or the equivalent in technology, higher education and/or healthcare industries.
International experience in privacy/law preferred