Job Description

Director of HIPAA Privacy and Security Operations

The Director of HIPAA Privacy & Security Operations serves as the organization’s designated HIPAA Privacy and Security Officer. This role is responsible for the strategic leadership, development, and execution of an enterprise-wide privacy, security, and data protection program to ensure compliance with all federal and state regulations, including HIPAA.
Responsible for the foundational responsibilities of privacy compliance, incident investigation, and policy oversight, this position elevates accountability to the enterprise level—driving risk management, cybersecurity strategy, governance, and organizational resilience.
The Director partners across Compliance, Legal, IT, Clinical Operations, and Executive Leadership to protect patient information (PHI/ePHI), mitigate risk, and ensure the secure delivery of care.

Primary Job Responsibilities:

1. Enterprise Privacy & HIPAA Program Leadership - Serve as the organization’s designated HIPAA Privacy Officer and Security Officer. Establish and maintain comprehensive HIPAA privacy and security programs, policies, and procedures. Ensure organizational compliance with HIPAA, HITECH, and applicable state privacy laws. Oversee patient privacy rights processes, disclosures, and regulatory reporting

2. Information Security Strategy - Execute the enterprise information security strategy and roadmap aligned to organizational priorities. Provide compliance oversight of security architecture, identity/access management, encryption, and data protection standards. Integrate security into all technology, clinical, and operational initiatives

3. Risk Management & Regulatory Compliance – Lead enterprise-wide privacy and security risk assessments and gap analyses. Develop mitigation strategies and track remediation efforts. Maintain audit readiness for OCR, CMS, and other regulatory bodies. Oversee third-party/vendor risk management, including Business Associate Agreements

4. Incident Response & Breach Management - Direct investigation and response to privacy and security incidents and breaches. Ensure timely and compliant reporting to regulatory authorities. Lead root cause analysis, corrective action planning, and mitigation strategies. Oversee incident response, disaster recovery, and business continuity planning.

5. Security Operations & Cybersecurity Oversight – Oversee and support administrative, physical, and technical safeguards for ePHI, including vulnerability management, threat detection and response, security monitoring and audit logging, and system access reviews and controls. Ensure continuous monitoring of security posture and operational resilience

6. Organizational Education & Culture - Lead enterprise-wide HIPAA and cybersecurity training programs. Promote a culture of privacy, security, and accountability across all departments. Provide guidance to leadership, clinicians, and staff on privacy/security requirements

7. Governance, Reporting & Leadership Engagement – Serve as primary advisor to executive leadership on privacy and cybersecurity risks. Develop and report key performance indicators (KPIs) and risk metrics. Represent the organization in external audits and regulatory inquiries. Participate and lead cross-functional governance structures (Compliance Committee, Security Committee, etc.)

8. Legal & Cross-Functional Collaboration - Partner with Legal on privacy matters, investigations, and regulatory interpretation. Collaborate with IT to ensure secure management of ePHI. Work with HR on sanctions, training compliance, and workforce accountability

Cross-functional Leadership Responsibilities

Provide direction to cross-functional stakeholders involved in compliance, IT security, and operations.
Establish clear ownership of controls, processes, and reporting structures across the organization.

Education and Experience
Required

Bachelor’s degree required; Master’s or JD strongly preferred
7–10+ years of experience in healthcare privacy, compliance, or information security
Progressive leadership experience with enterprise-level responsibility
Deep knowledge of:
- HIPAA Privacy & Security Rules
- Healthcare regulatory environment
- Risk management and audit frameworks

Preferred Certifications

CHPC, CHPS, CISSP, CISM, or equivalent

Core Competencies

Strategic leadership and executive presence
Risk-based decision-making
Cross-functional collaboration (clinical + IT + legal)
Crisis and incident management
Strong communication and change management

Physical Requirements

Work consistently requires walking, standing, sitting, lifting, reaching, stooping, bending, pushing, and pulling.
Must be able to lift and support weight of 35 pounds.
Ability to concentrate on details.
Use of computers for long periods of time.

About Tryon Medical Partners

As an independent practice, the difference is personal.

The physicians of Tryon Medical Partners joined forces because we share a core belief: the patient-doctor connection is the foundation for better health. This is the reason we are an independent practice. It allows us to remain true to our principles, while delivering better care rooted in stronger relationships.

What are the benefits of choosing an independent practice?

Value – We are able to practice medicine and conduct business nimbly and efficiently, with fewer layers of bureaucracy in our way – or our patients’.

Transparency – As a leaner organization, we are in direct contact with our patients and partners. Keeping it personal means serving with integrity and accountability.

Choice – In the changing world of healthcare, consolidation has become the new normal, and options are shrinking. We created an independent practice because we believe more choices should be available to everyone. Better health comes from having more than a healthcare provider. It takes a healthcare partner.

Industry

Healthcare & Social Services

Company Size

201-500 employees

Headquarters

Charlotte, NC

Year Founded

Unknown

Website

tryonmed.com

Social Media