Job Board

 View Only

Job Opportunity: Assistant Director, University and Research Privacy at the University of Miami

  • 1.  Job Opportunity: Assistant Director, University and Research Privacy at the University of Miami

    Posted 11-10-2021 04:57
    Assistant Director, University and Research Privacy
    The Assistant Director of University and Research Privacy (Assistant Director) supports university and research privacy concerns across the University/Research enterprise. In this role, the Assistant Director reports to the to the Vice Provost for Research + Scholarship for University/Research activities (70% effort). The Assistant Director also has a dotted line reporting relationship to the Vice President of Audit and Compliance for support services related to University privacy compliance (30% effort). In addition, the Assistant Director also serves as institutional Data Protection Officer (DPO) pursuant to GDPR requirements.
    University/Research Compliance
    The Assistant Director will oversee ongoing activities related to the development, implementation, and maintenance of the University research program's adherence to privacy principles in accordance with applicable state, federal and international laws, regulations, and rules. The Assistant Director will lead the effort toward fostering a culture of respect for privacy throughout the research organization.
    University/Research Compliance (70% effort)
    • Lend strategic advisory support regarding regulatory issues, privacy considerations, data ethics and risk mitigation to critical initiatives managed by or contributed to by Office of the Vice Provost for Research (OVPRS).
    • Serves as the liaison between the University research/academy privacy matters and the HIPAA privacy group in UHealth Compliance and HSRO & RCQA.
    • Assists in developing, implementing, and oversight privacy regulatory compliance strategies.
    • Identifies and ranks areas at risk of exposure and recommends strategies to address issues.
    • Identifies and reports general compliance issues that may arise.
    • Stays abreast of current regulations and trends, and ensures appropriate actions are taken to incorporate necessary revisions into the workplace environment.
    • Provide advisory services on regulatory considerations and support the contracting function for Research Administration, business units and other related parties to ensure all research and privacy concerns, requirements, responsibilities, related laws, and data ethics standards are properly addressed in agreements.
    • Lead the process of maintaining University templates for data-centric, research-related agreements aligned with evolving regulatory requirements and University priorities in consultation with stakeholders such as the Office of General Counsel and others.
    • With delegated signature authority, review, negotiate and execute agreements for the use and transfer of data and information with external parties.
    • Provide support to the research community on global privacy and security issues and use or disclosure of protected health information and protected identifiable information to ensure minimal risk to the privacy of individuals. Review research proposals for HIPAA, Data Privacy/Data Security, and Common Rule/FDA compliance.
    • Work with PI and research teams to provide technical assistance and guidance on regulatory requirements; assist with design of complex studies involving patient or other individually identifiable data.
    • Advise on data and privacy issues in structuring ventures and advisory support in negotiating agreements.
    • Provide advisory services relative to Office of Technology Transfer on how data deals can be structured to comply with regulatory and data ethics norms and help negotiate terms where appropriate.
    • Collaborate with UMIT, University Compliance Services, UHealth IT and other stakeholders to organize, administer and build policy around data generated by new technologies being developed by and used by the University community (e.g. wearable devices, embedded sensors, mobile apps, cloud computing/storage, AI, machine learning, etc.).
    • Research and monitor changing federal, state, and international laws relating to privacy requirements for research
    • Serves as liaison to other institutional regulatory and monitoring work groups or committees with regards to University privacy matters concerning the University/Academy
    • Provide guidance on privacy matters to management, faculty, staff and administrators and others doing business with the University, as appropriate and participate in periodic training, education, and outreach.
    • Assist with contract review on privacy issues related to research.
    • Supervise personnel as the Vice Provost deems necessary in effectuating the above.
    University Compliance (30% effort)
    • Serve as data privacy resource concerning privacy regulations that impact the University/Academy (including GDPR, FERPA, FIPA, COPPA, GLBA, etc.).
    • Investigate and act on University privacy complaints when raised by data subjects or third parties.
    • Initiate, facilitate and promote activities to foster data privacy awareness within the organization.
    • As Data Protection Officer for the University pursuant to GDPR, the Assistant Director will be responsible for conducting the duties attributed to a Data Protection Officer as outlined in GDPR.
    • Respond to data subject requests and build/maintain a process for same.
    • Assess and monitor compliance activities relating to University data protection and PII captured, stored, and transmitted by University departments in various formats and from various sources.
    • Serve as subject matter expert in any privacy breach incidents that involve PII.
    • Assist UMIT in responding to PII privacy incidents/breaches.
    • Develop and provide training to the University community concerning FERPA and GDPR
    • Evaluate the institution's compliance with FERPA, GDPR and other privacy regulations and make recommendations for improvements.
    • In the capacity of Data Protection Officer, assist Contract Administration (Business Services)
    and the Office of General Counsel in the review of Data Processing Agreements and serve as a subject matter expert. • Lend advisory support to the Office of General Counsel, and UMIT on operationalizing strategic University/Academy initiatives (non-UHealth and non-research).
    • Keeps abreast of new legal and data privacy regulations that affect the University.
    • Current knowledge of applicable global, federal, and state privacy laws and standards.
    • Exceptional interpersonal and leadership skills with the ability to influence and work collaboratively within the UHealth and University community. Must be able to problem solve, prioritize assignments, and effectively manage projects.
    • Knowledge of federal and state laws, rules, and regulations that affect a multi-faceted institution of higher education, research, and health care.
    • Ability to interpret and translate, legal, regulatory, and risk implications of actions taken by the organization.
    • Ability to assess legal, regulatory and risk implications of investigations or proceedings brought by any regulatory agency, individual or class of individuals.
    • Highly developed creative thinking and problem-solving ability with excellent oral and written communication skills.
    • Desire and demonstrable ability to achieve CIPT and/or CIPM certification within 12-18 months of assuming role where budgetary considerations allow.
    • Keen attention to detail and strong analytical and reasoning skills are essential.
    • Excellent communication skills, including the ability to translate complex legal and regulatory concepts into easy-to-understand advice.
    • Ability to multi-task and work effectively and efficiently to meet deadlines on a time-sensitive basis.
    • Possesses a positive, problem-solving attitude and flexibility.
    • Substantial and in-depth knowledge of privacy principles and relevant international, federal, and state laws applicable to the University of Miami as a healthcare, higher education institution and research enterprise.
    • An understanding of good management, compliance and governance practices and familiarity with privacy standards/regulations in the healthcare and higher education arenas.
    • A collaborative, culturally competent and consultative style appropriate for working effectively through a diverse and complex organization.
    • Ability to synthesize complex concepts.
    A law degree and/or a minimum of three years of experience in an appropriate area of specialization.
    Relevant certifications required, such as CIPP/US by the International Association of Privacy Professionals (IAPP), Certified HIPAA Professional (CHP), at minimum; CIPP/E strongly preferred.
    Extensive familiarity with relevant privacy legislation for the protection of health information and patient privacy required.
    Four years of work-related experience in the healthcare and/or education industries or comparable education and/or work experience, including, for example, graduate school combined with externships/internships.
    Experience serving in the capacity as a privacy subject matter expert, advisor or the equivalent in technology, higher education and/or healthcare industries.
    International experience in privacy/law preferred.

    Kimberly Croft
    Executive Director
    University of Miami