System Director, Privacy

📋 Description

• • Own the enterprise-wide privacy strategy for Bon Secours Mercy Health (BSMH), a 50-hospital, $25B health system serving millions of patients across seven states. You will translate complex HIPAA, FTC, ONC, NIST, OCR and emerging AI regulations into practical, scalable controls that protect patient trust and keep the ministry compliant.
• • Build and lead a high-performing privacy team of three direct reports, coaching them to become sought-after subject-matter experts who partner fearlessly with clinicians, researchers, data scientists, marketing, HR, legal and cybersecurity. Your leadership style balances empathy with accountability, turning compliance from a “check-the-box” exercise into a cultural cornerstone.
• • Design and execute an annual privacy workplan that includes risk assessments, policy updates, targeted training, proactive monitoring and surprise audits. You will prioritize initiatives using data-driven heat maps that spotlight the greatest threats to patient confidentiality and brand reputation.
• • Serve as the go-to privacy authority for cutting-edge initiatives such as AI-driven clinical decision support, population-health analytics, telehealth platforms and consumer-facing mobile apps. Translate regulatory gray areas into clear “go / no-go / mitigate” guidance so innovation never stalls.
• • Lead advanced investigations into potential breaches, unauthorized access, ransomware events or insider threats. Coordinate forensics with Cybersecurity, HR, Legal and Risk; draft root-cause analyses; and present remediation plans to the C-suite and Board Quality & Compliance Committee within tight regulatory timeframes.
• • Create and deliver dynamic education—live webinars, micro-learning videos, executive briefings and bedside huddles—that turns every associate into a privacy sentinel. Measure effectiveness through pre/post assessments and phishing-simulation results, then iterate rapidly.
• • Develop dashboards and predictive models that surface anomalous access patterns, over-retention of sensitive data or risky third-party sharing. Leverage internal SQL databases, Power BI, Smartsheets and AI tools to transform raw audit logs into executive-ready insights.
• • Chair or actively participate in multiple system-level committees (Privacy Steering, AI Governance, Cybersecurity, M&A Due Diligence) to ensure privacy is “baked in” to every strategic decision, from hospital acquisitions to cloud migrations.
• • Draft, socialize and maintain policies that are concise, clinician-friendly and legally bulletproof. Policies cover everything from minimum necessary access to de-identification standards for research and marketing, plus emerging AI governance.
• • Partner with external counsel, regulators and accrediting bodies during inspections or voluntary assessments. Translate regulator feedback into system-wide corrective action plans that close gaps and prevent recurrence.
• • Mentor emerging leaders across the ministry—nurses, IT analysts, revenue-cycle managers—so privacy expertise is distributed and sustainable. Your influence extends well beyond your formal span of control.
• • Stay ahead of the curve: monitor OCR settlements, FTC enforcement actions, state privacy laws (e.g., CCPA, Washington My Health My Data) and global standards (GDPR) to anticipate what’s next and future-proof BSMH.
• • Manage competing priorities without losing sight of the human impact: every control you implement protects real patients who entrust us with their most sensitive stories.