ACC is committed to compliance with all applicable equal employment laws. ACC In-house Jobline listings may not explicitly or implicitly discriminate on the basis of any prohibited factor.
Listings on the ACC In-house Jobline are for in-house attorney positions only. While we do not accept non-attorney corporate job listings, if you are hiring a corporate legal operations professional, contact LawDepartmentOps@ACC.com. By posting a job on the ACC In-house Jobline or using the service as a job seeker, you are agreeing to comply with our Terms and Conditions, including those relating to discrimination. The system administrator may delete postings, which do not comply. Employer postings removed by ACC are not subject to refund.
We are very interested in your thoughts as we continue to develop the ACC In-House Jobline to better serve your needs. If you have questions about ACC In-house Jobline, please call our helpdesk at: 1-888-491-8833 Ext. 1125 (Extension Required).
The Privacy Official performs program administration and regulatory work overseeing all ongoing activities related to the development, implementation, maintenance of, and adherence to the Association’s policies and procedures covering the privacy of, and access to, protected health information in compliance with federal, state and local laws.
Responsibilities include but are not limited to:
Serves as the Privacy Official under HIPAA. Provides oversight, development guidance and directs the identification, administration and maintenance of organization information privacy process, policies and procedures in coordination with the Legal team, the Information Security team, Compliance, Commercial Markets, the Federal Employee Program, BCBS Plans and other relevant stakeholders.
Works closely with senior management, business areas and the corporate compliance officer to monitor and revise as necessary an enterprise-wide approval, monitoring and reporting of the use and release of privacy data internally and externally.
Design, develop, implement and provide leadership for implementation of an organization wide privacy program. Develop and oversee the implementation in collaboration with business units and business associate agreements, to ensure all privacy concerns, requirements and responsibilities are addressed and appropriate risk mitigation and corrective action plans are developed.
Provide privacy counseling and guidance to BCBSA staff and BCBS Plans.
Develop, maintain, and update organization-wide privacy process, policies and procedures, including but not limited to:
Notice of Policy Practice
Use and Disclosure of Protected Health Information
Individual Requests for Access to Protected Health Information
Recordkeeping and Administrative Requirements
Working with Communications where appropriate, prepares internal and external communications and notices in connection with privacy matters.
Evaluate and ensure contract negotiation terms, compliance reviews and ongoing monitoring activities of all customers, vendors, partnerships and third party administrators are conducted as they relate to the use of Blue Cross Blue Shield Association Protected Health Information
Revise and update the privacy program as necessary to comply with changes in the law, regulations, professional ethics, and BCBSA requirements and as necessary due to changes in the technical, systems and or business environment.
Collaborate with Legal and the business units in handling any federal or state government investigations of the organizations regarding privacy.
Serve as a liaison to federal government, state law enforcement and regulatory officials, and international regulators on matters relating to privacy, including functioning as the data protection official under the EU GDPR.
Maintain current knowledge of applicable federal, state and local privacy laws and regulations and accreditation standards, and monitor advancements in information privacy technologies, to ensure organizational adaptation and compliance.
Oversee and conduct a technical and business privacy gap and risk analysis. Perform initial and periodic privacy and security risk assessments and conduct ongoing monitoring activities in coordination with Legal, Information Security, Compliance and audit functions.
Work strategically across the BCBSA enterprise and system leveraging resources to meet overriding Privacy goals and objectives working in concert with matrix support resources.
Work with Privacy Officials at BCBS Plans to support system-wide privacy efforts.
Privacy Compliance Reporting, Monitoring and Training
Establish the reporting and monitoring mechanism to track access to protected health information and personally identifiable information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity. Oversee all access to PHI and PII data.
Develop, review, approve and track all PHI information transmission requests. Produce regular PHI information transmission reports and monitor for approval and compliance.
Ensure compliance with privacy practices and communicate failures to comply with privacy policies, procedures and processes for all individuals in BCBSA’s workforce, extended workforce and for all business associates, in cooperation with Human Resources staff, legal counsel or administrative authority. Oversee and perform internal investigations of breaches and make recommendations to senior management for corrective action.
Serve as the enterprise Privacy Training Official, oversee, develop, direct and ensure delivery of privacy training and orientation to all senior management, employees, professional staff, Plans, contractors, business partners\associates and other appropriate third parties.
Initiate and promote activities to foster privacy and security awareness and compliance within BCBSA and BCBS Plans.
Collaborate closely with Information Security counterparts to monitor the privacy environment to assure privacy data are secure and protected.
Required Basic Qualifications:
Law degree, admission to a state bar; ability to obtain licensure in Illinois
Minimum of five years’ practical legal/compliance experience with data privacy laws in healthcare within a law firm or in-house corporate setting
Experience developing and implementing enterprise-wide privacy policies, processes and procedures
Preferred Basic Qualifications:
Privacy and or Security Certification
BS, MBA, or MS in Information Technology Management
Demonstrated knowledge of Health Insurance Portability and Accountability Act (HIPAA)
Demonstrated knowledge of other legislative mandates and requirements relating to protected health information and personally identifiable information
Expertise working in a matrix organization across many disciplines (legal, information security, finance, administration, operations, etc.) and levels of the organization (executive, senior management, senior staff, etc.) as well as with business partners, vendors and customers
Knowledge and experience in project management
Experience counseling senior management on developing and implementing crisis management strategies
Experience in health industry compliance
An awareness of the legal environment in which Blue Cross and Blue Shield Plans and the Association operates
Knowledge of vendor management and contract administration
Blue Cross Blue Shield Association is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, national origin, age, gender identity, disability, veteran status, genetic information or any other legally protected characteristics.
About Blue Cross Blue Shield Association
The Blue Cross and Blue Shield Association is a national federation of 36 independent, community-based and locally operated Blue Cross® and Blue Shield® companies. The Association owns and manages the Blue Cross and Blue Shield trademarks and names in more than 170 countries and territories around the world. The Association grants licenses to independent companies to use the trademarks and names in exclusive geographic areas.
The Association also operates several business initiatives in support of the Blue Cross and Blue Shield companies and represents the Blue System in national forums. In this role as a national association, BCBSA is responsible for advancing Blue Cross and Blue Shield interests in legislative and regulatory initiatives in Washington, D.C., as well as coordinating legislative, regulatory and political strategy for the Blue System.