Fallon Health

  • Privacy Officer - Growing Health Plan with Senior Care Services

    Location US-MA-Worcester
    Posted Date 2 months ago(11/5/2018 11:29 AM)
    Job ID
    # Positions
    Corporate Compliance
  • Overview


    Fallon Health has a great business strategy for future growth as we head into the New Year and what a great time to join Fallon as our new Privacy Officer! Worcester itself is also on the rise as we’ve seen billions of dollars invested in the revival of its downtown not to mention being awarded the future new home of the Worcester Red Sox.


    Reporting directly to Fallon’s Chief Compliance Officer, our new Privacy Officer will have a great deal of influence and interaction within all facets of the organization and at all levels. This is a highly visible position and will prove to be very rewarding as you help guide us through privacy and compliance matters relating to our diverse scope of unique health care programs and service offerings.    


    About Fallon Health:

    Founded in 1977, Fallon Health is a leading health care services organization that supports the diverse and changing needs of those we serve. In addition to offering innovative health insurance solutions and a variety of Medicaid and Medicare products, we excel in creating unique health care programs and services that provide coordinated, integrated care for seniors and individuals with complex health needs. Fallon has consistently ranked among the nation’s top health plans, and is accredited by the National Committee for Quality Assurance for its HMO, Medicare Advantage and Medicaid products. For more information, visit fallonhealth.org.




    Responsible for managing Fallon Health’s privacy program including leading key decision-making on privacy issues, establishing company policies and procedures, designing and implementing training and education programs and serving as the point-person on all privacy related business questions. As the organization’s Privacy Officer, this position is responsible for researching, reviewing and analyzing privacy regulations and statutes, working with the business to identify and address the impact of existing and new regulations and laws as they relate to privacy and confidentiality and overseeing implementation of new laws and regulations.  Working with the Chief Compliance Officer, the Privacy Officer reviews and oversees Business Associate Agreements, confidentiality agreements, and leads vendor privacy assessments.  The Privacy Officer must assess internal and external privacy risks, develop close working relationships with functional departments, implement programs and policies to prevent and manage risks, and communicate clearly throughout the organization.  This position works closely with the Director of Compliance in managing the compliance tracking log, data collection and other privacy and compliance matters.  This position works closely with Fallon Health’s Information Security Officer to monitor and address security policies and partners frequently with regulatory affairs, medical  economics, service operations and other departments to address privacy matters.  This position also works closely with the Manager of Purchasing as part of the vendor management process.



    • Program and Policy management: develop policies and procedures and oversee compliance for all privacy related policies and procedures, including annual revisions, presentation to Compliance Committee and receiving approval and sign off from Compliance Committee and Chief Compliance Officer.
      • Maintains oversight of privacy issues in compliance tracking log and provides analysis of issues to Chief Compliance Officer as requested.
      • Auditing and monitoring: Assesses and develops monitoring programs for privacy risks; works with internal audit to identify highest risks to be audited.
      • Serves as key member of Compliance Committee.
      • Training and Communications: designs and implements corporate-wide privacy training. Develops annual communication plan to raise privacy awareness and to underscore “hot topics” through Compliance Corners and Compliance Matters communication tools. Provides ad-hoc privacy training to specific departments upon request.
      • Manages policies, procedures, training and implementation related to all uses and disclosures of protected health information; review disclosures e.g. sales, marketing, research, clinical accreditation, customer service and other purposes.
      • Issue Resolution: manages privacy related issues; documents issues in tracking log and report to Compliance Committee.
      • Conducts legal reviews of:
        • Business Associate Agreements, Data Use Agreement, Data Transition Agreements and Non-disclosure agreements
        • Research contracts
        • Vendor contracts regarding confidentiality
        • Employee, provider and other Confidentiality agreements
        • Works with Purchasing Manager to ensure BAA and privacy components are synched up with overarching business contract
      • Manages OFAC list
      • Manages subpoena and medical records process. Accepts service and prepares responses in accordance with legal service requirements. Maintains subpoena tracking log. Provides guidance on questions concerning release of PHI involving Powers of Attorney, Health Care Proxies, Guardianships, etc.
      • Manages employee access to protected health information.
      • Analyzes privacy legislation and impact of new regulations and laws as they relate to corporate privacy and confidentiality; updates and works with business to address impact.
      • Serves as the liaison to the Office of Attorney General and Consumer Affairs and other oversight bodies for laws and regulations related to privacy, confidentiality and identity theft. Works with Chief Compliance Officer and General Counsel as needed.
      • Chairs Privacy and Security Committee
        • Plays lead role in Security/Privacy Integration corporate-wide.
        • Works closely with Information Security Officer to align privacy and security policies, address risks and manage issues.
      • Provides subject matter expertise around corporate privacy for corporate projects and core system development.
      • Works with Medical Economics and IT to establish policies and procedures involving the release of large amounts of PHI (“data dumps”) to large employers, consultants, vendors and public entities.
      • Establishes policies and procedures for the release of PHI to employer groups converting from fully insured business to ASO accounts.
      • Integrates privacy policies into all Fallon Health locations including all Summit ElderCare sites, UltraBenefits, GISC and Fallon Health Weinberg. This includes periodic on-site inspections for compliance with privacy and security requirements.  
      • Manages relationship and PHI data distribution to Meyers Primary Care Institute.
      • Performs other duties as required by HIPAA privacy rule and as determined by the needs of the company
      • Serves as Compliance Officer for Fallon Health Weinberg, Inc.
      • Performs other duties and responsibilities as assigned.






    • Juris Doctorate degree preferred
    • Privacy Certification preferred .
    • Minimum five years’ experience in managed care and/or health care industry
      • Analytical, writing and verbal communications skills and business knowledge of health care privacy and security regulations are essential. Keen understanding of contract law; ability to write and negotiate contracts.  
      • High degree of IT knowledge
      • Ability to work collaboratively and proactively with a wide range of professional levels
      • Fluency with Microsoft Office
      • Strong legal research and analysis skills
      • Strong critical thinking skills – identify issues and develop innovative solutions






    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed