Skip to Main Content

Kaiser Permanente Careers

Compliance, Privacy & Regulatory

Putting Integrity Into Practice

Promoting honesty and integrity across our daily actions and interactions, our compliance, privacy, and regulatory professionals provide the guidance and resources to uphold the highest ethical standards.

Director, Privacy-Security Officer

Location: Rockville, MD Additional Locations:
Job Number: 832397 Date posted: 10/08/2019

The position of the Privacy & Security Officer is a leadership position responsible for the promotion, direction and oversight of the following regional compliance activities: implementation of, and ongoing compliance with, the HIPAA Privacy and Security requirements for the Mid-Atlantic States region, compliance training and awareness; fraud, waste and abuse prevention and detection; and compliance investigations performed by staff in the MAS Regional Compliance Department. The position provides overall direction and leadership for the implementation of, and ongoing compliance with, HIPAA Privacy and Security requirements for the Mid- Atlantic States region, under the direction of the Regional Compliance Officer. This position shall represent the RCO on national and regional committees and forums as assigned with the authority to act on behalf of the RCO.  In addition to these primary, this position also provides supervision, and support for compliance staff responsible for training, investigations and fraud control programs (including the Medicaid program integrity program).

Essential Responsibilities:

  • Responsible for the overall leadership and strategic direction of the compliance program staff responsible for investigations, fraud control, and training and awareness. Part of this responsibility is to ensure efficiency and effectiveness of compliance staff efforts in assigned areas, and to ensure that performance targets are set and clearly communicated. Directly responsible for the management and direction of compliance support staff.

  • In conjunction with Regional leadership team, plans strategic direction and organization of compliance activities in primary areas of responsibility in region. This position is responsible for partnering strategically with leadership of these areas, as well as with NCO, to address regional compliance risks and determine how to address them in light of regional/national business objectives and limitations.  Build and maintain collaborative partnerships with Mid-Atlantic Permanente Medical Group (MAPMG), service area administrators and clinical specialty leadership and labor representatives to assure the success of compliance objectives and successful resolution of compliance incidents which arise.

  • Champion's process optimization within Compliance, and upon the request of senior leadership staff in the region, leads process optimization efforts in key areas of organization. Identifies areas of risk for compliance deficiencies in those departments or functions for which this position is responsible, and develops, implements, tracks and reports on work plans for correction and adherence to policies and standards. (Intervention and process development based on identified deficiencies from HIPAA or Fraud Control audits/surveys or investigation findings which may include identification of needed policy development and education, procedures and regulations interpretation and application.) Directs, oversees, develops and implements an effective Compliance awareness education program relating to general Compliance, HIPAA, fraud/waste/abuse for KPMAS staff.

  • Direct and/or coordinate all investigations performed, in whole or in part, by Regional Compliance staff, to assure that the investigatory work involving Compliance related allegations is conducted in a consistent, professional and timely manner. This responsibility also includes the oversight of all work product/documentation required resulting from said investigations and oversight of timely investigation case and CAP closures. Also conducts special investigations at the request of senior leadership.

  • Direct the development of a robust fraud control plan in the region, leveraging the regional Compliance Control Committee. This responsibility includes the management of staff responsible for identifying and addressing fraud throughout this region and to champion those changes necessary to meet regulatory expectations. Collaborates with key administrative departments and delivery system to identify necessary controls.

  • Serve on numerous cross-functional and special projects and committees involving key/senior managers and directors within MAS Health Plan, Program Offices and MAPMG. Primary authority to drive compliance objectives on behalf of the regional compliance office. Represent Compliance and Regional Compliance Officer in meetings, interviews, negotiations, hearings and task forces, either internal or external to KP. Also, working with RCO, is a compliance liaison to Program Office Legal to address complex compliance related issues where necessary.

  • Develops, implement, maintains, and updates the organization's Privacy and Information Security Program and/or Privacy & Information Security Plans.  This includes the development, implementation and updating/revising of: the privacy and information security policies and procedures; and the internal privacy and information security audit program to ensure compliance with privacy and information security policies. In addition, oversees and coordinates periodic PHI risk assessments.

  • Provides strategic guidance to Leadership on privacy and information security matters. Collaborates with and provides leadership and direction to departments and individuals (e.g. staff in IT, Legal, HR, HIMS, the care delivery system, MAPMG, and Compliance) focused on the implementation and ongoing administration and monitoring of the region's privacy and security efforts, to ensure compliance of Health Plan with federal and state privacy and information security laws. Provides leadership in the development and dissemination of best practices across regional departments. Actively participate in the review of new or proposed laws or regulations as relate to privacy and/or security, to assess impact on current regional practices.

  • Participates in and/or chair regional privacy and/or information security committees or forums.

  • Ensures that the organization implements and maintains required notices, forms and documents (e.g. Privacy Notice, Authorization forms, Business Associate Agreements, Confidential Communication request forms, HIPAA Security Checklist).

  • Represents the organization's privacy and information security interests with external parties including accrediting bodies, and regulators responsible for oversight of privacy and security standards. Responds to complaints from the OCR and CMS as relates to alleged privacy and information security violations.

  • Working closely with IT, develops and implements a consistent process whereby IT and business-supported applications, including Bio-Med/Clinical Technology are reviewed, both initially and periodically, to assure that they comply with the HIPAA Security standards established by KP. Provides strategic guidance to business system/application owners to ensure the inclusion of privacy and information security standards in new operating systems/application for both Health Plan and Care Delivery (such as KPHC) as they are introduced in the region.

  • Establishes and administers processes related to privacy and information security complaints, including the documentation of such complaints in nationally and/or regionally supported tracking mechanisms, and investigating reported HIPAA violations and/or provide technical expertise to others assigned to perform such investigations.

  • Is responsible for the periodic completion of national and regional metrics or scorecards as used to assess readiness and completion of HIPAA-related performance standards

  • Perform other duties as assigned.

  • Basic Qualifications:


  • Minimum three (3) years of project management experience required.

  • Minimum four (4) years of health care regulatory experience or related field required, with a strong preference for experience with HIPAA Privacy and Security Rules during that four (4) year period.

  • Education

  • Bachelor's degree in business administration, public policy, health care administration or a related field of study required.

  • License, Certification, Registration

  • N/A

  • Additional Requirements:

  • Experience in compliance or compliance-related functions required.

  • Familiarity with legal requirements relating to privacy, information security and protection of confidential health information is required. Specifically, familiarity with the HIPAA Privacy and Security Rules required.

  • Ability to communicate effectively with and coordination of efforts of a variety of professional, technical, and non-technical personnel within the organization required.

  • Knowledge of monitoring and tracking systems databases required.

  • Strong computer skills including knowledge of Microsoft's applications, email, and databases required.

  • Excellent interpersonal and communications skills (both written and verbal) required, including the ability to present effectively to large diverse groups and Senior Leaders across the organization.

  • Proficient in team building, conflict resolution and group interaction required.

  • Excellent time management, project and budget management skills required.

  • Prior supervisory experience required.

  • Familiarity with basic concepts of compliance programs required.

  • Familiarity with HIPAA, federal, states, local regulations and accreditation standards (such as NCQA) relating to privacy, confidentiality, and information security required.

  • Ability to independently set priorities based on on-going risk analysis required.

  • Knowledge of systems analysis and design, quality assurance, data analysis, and evaluation required.

  • Preferred Qualifications:

  • Juris Doctor or Master's degree strongly preferred.

  • CISSP Certification preferred.

  • Understanding of the operating environment of KP preferred.

  • Knowledge of adult learning methodology including basic education and training principles preferred. In lieu of education re such training, demonstrated training experience on technical subjects will be considered.
  • Primary Location: Maryland,Rockville,Rockville Regional Offices 2101 E. Jefferson St. Scheduled Weekly Hours: 40 Shift: Day Workdays: Mon, Tue, Wed, Thu, Fri Working Hours Start: Variable Working Hours End: Variable Job Schedule: Full-time Job Type: Standard Employee Status: Regular Employee Group/Union Affiliation: Salaried, Non-Union, Exempt Job Level: Director/Senior Director Job Category: Compliance / Privacy / Regulatory Specialty: Compliance General Department: Regional Compliance Travel: Yes, 10 % of the Time Kaiser Permanente is an equal opportunity employer committed to a diverse and inclusive workforce. Applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), age, sexual orientation, national origin, marital status, parental status, ancestry, disability, gender identity, veteran status, genetic information, other distinguishing characteristics of diversity and inclusion, or any other protected status.

    External hires must pass a background check/drug screen. Qualified applicants with arrest and/or conviction records will be considered for employment in a manner consistent with federal and state laws, as well as applicable local ordinances, including but not limited to the San Francisco and Los Angeles Fair Chance Ordinances.

    About Compliance, Privacy & Regulatory Careers

    Compliance, Privacy & Regulatory Careers

    We've established a comprehensive, world-class compliance, privacy, and regulatory program, giving you the chance to make a difference in the lives of millions. As a member of this team, you'll engage with internal stakeholders to foster an environment of safety and trust for our members, physicians, and employees alike.

    Helping to establish and maintain an effective compliance program, you'll ensure that we operate according to the highest ethical standards and follow all applicable laws, standards, policies, and procedures. Everything we do — from developing policies and training to protecting privacy and security — reinforces our commitment to our members, regulators, and the communities we serve.

    Glassdoor Logo

    See What People are Saying About Working at KP

    Mar 26, 2019

    "The best job I have ever had!"

    Glassdoor Ratings

    Current Employee - Senior Project Manager in Oakland, CA

    • Recommends
    • Positive Outlook
    • Approves of CEO

    I have been working at Kaiser Permanente full-time for more than a year


    Real focus on creating higher quality, more affordable healthcare. Talented coworkers and great mentors. Fabulous benefits.Full Review

    More Kaiser Permanente Ratings & Reviews (5,917)

    to Our

    Kaiser Permanente has been named one of the 2019 Best Places to Work. Check out what our employees like best about working at KP!

    glassdoor 2019 Best Places to Work - Employees' Choice

    Our Events

    Come introduce yourself to a member of the Kaiser Permanente team at an upcoming career or professional event. We look forward to meeting you in person.

    Recently Viewed Jobs

    You do not have any recently viewed jobs.

    Join Kaiser Permanente's Talent Network

    Please fill out the fields below and click "Join Now" to receive information about opportunities that relate to your selections.

    Interested InSearch for a category and select one from the list of suggestions. Search for a location and select one from the list of suggestions. Finally, click “Add” to create your job alert.

    Interested in internships or early career opportunities? Click here to join our University Talent Network. Are you a Veteran? Click here to join our Military Talent Network.