Skip to Main Content

HIPAA Privacy Officer (UPDATED)

Below you will find the details for the position including any supplementary documentation and questions you should review before applying to the opening.  To apply to the position, please click the Apply to this Job link/button.

If you would like to bookmark this position for later review, click on the Bookmark link.  If you would like to print a copy of this position for your records, click on the Print Preview link.

Position Details

Position Information

Title HIPAA Privacy Officer (UPDATED)
Department Ofc of Resp Conduct of Rsch (2532)
Location Main Campus
Position Summary

Please note: The minimum qualifications for this position have been updated, as well as any corresponding supplemental questions. As a result, the review date for this position has been extended to 11/06/2017.

The University of Arizona has an immediate opening for a HIPAA Privacy Officer. The HIPAA Privacy Officer oversees all compliance activities related to the development, implementation and enhancement of policies and procedures for the protection of individually-identifiable health information used for clinical, business, and research purposes. The HIPAA Privacy Officer will have extensive knowledge of federal and state laws and other standards that regulate or otherwise involve privacy, data security, and breach notification requirements. The HIPAA Privacy Officer will have substantial experience in the development of privacy and security policies, procedures, training programs, audits, risk analyses, and compliance monitoring programs.

This position reports to the Director, Human Subjects Protection & Privacy Program in the office of Research, Discovery & Innovation. The Officer will work closely with the University’s Information Security Office, the Office of the General Counsel, senior University administrators, Deans, Department Heads, faculty members and researchers. The position will require close coordination with multiple colleges and departments within the University, including but not limited to Campus Health Services and Colleges within Arizona Health Sciences Center. The position will also require regular and frequent communication and coordination with affiliated health care entities, including Banner Health and Dignity Health.

The University of Arizona HIPAA Privacy Program is led by the HIPAA Privacy Officer, who oversees all ongoing activities related to UA’s implementation of HIPAA policies and procedures and is the office primarily responsible for ensuring UA’s HIPAA compliance. The UA HIPAA Privacy Officer is the Privacy Officer for designated UA departments and clinics and is responsible for developing and implementing relevant procedures, training and educational materials, and investigating and responding to privacy breaches.

UA is a Hybrid Entity and has designated Health Care Components. These Health Care Components must comply with the HIPAA Privacy, Security, and Breach Notification Rules and the HIPAA Privacy Officer is responsible for the oversight and management of Health Care Components’ compliance.

Research, Discovery & Innovation (RDI) supports world-class research and discovery by University of Arizona faculty, staff, and students with particular attention to the University’s land-grant mission of service to the State of Arizona. RDI enables the research success of University of Arizona faculty through its support of University research centers, institutes, museums, and core facilities; provision of research development, compliance and safety services; and strategic external partnerships. The University of Arizona seeks to build on its great strengths in interdisciplinary research by expanding its fundraising program dedicated to securing philanthropic support for interdisciplinary campus-wide initiatives that cross multiple academic interests.

With more than $606 million in research and development dollars from federal, state, and private sources, The University of Arizona currently ranks #21 among public universities in the US in overall research expenditures and #2 in physical science research. With world class faculty in fields as diverse as astronomy and space exploration, plant science, biomedical science and biotechnology, anthropology, Native peoples, business, law, philosophy, music, and dance, the UA is one of only 62 members in the Association of American Universities. The University’s main campus is situated in the heart of Tucson. Surrounded by mountains and the high Sonoran Desert, Tucson boasts a distinctive southwestern feel and enjoys more than 300 days of sunshine each year.

The UA today has over 43,000 students, and nearly 15,600 employees. The main campus has grown from its original 40 acres to more than 350 acres, and boasts the oldest continually maintained green space in Arizona. The University of Arizona offers a broad range of educational programs and support services that attract an excellent and diverse student body.

Outstanding UA benefits include health, dental, and vision insurance plans; life insurance and disability programs; paid vacation, sick leave, and holidays; UA/ASU/NAU tuition reduction for the employee and qualified family members; state and optional retirement plans; access to UA recreation and cultural activities; and more!

Accepting a new position is a big life step. We want potential candidates and their families to be able to make informed decisions. Candidates who are considering relocation to the Tucson or Phoenix area, and have been offered an on-site interview, are encouraged to use the free services offered by Above & Beyond Relocation Services (ABRS).Ask your department contact to be introduced to ABRS prior to your visit.

The University of Arizona has been listed by Forbes as one of America’s Best Employers in the United States and WorldatWork and the Arizona Department of Health Services have recognized us for our innovative work-life programs. For more information about working at the University of Arizona, please click here.

Duties & Responsibilities
  • Serve as the University’s designated HIPAA Privacy Official with the responsibility of notifying and cooperating with applicable governmental agencies in response to external compliance reviews and investigations.
  • Responsible for organizing and developing a HIPAA Privacy and Security compliance-related committee.
  • Engage with our affiliated and community-based health care partners in their compliance-related activities and committees as necessary.
  • Coordinate with other University business units on HIPAA privacy issues, including the Information Security Office, the Health Sciences Colleges, Contracting & Research Support, the Office of General Counsel and Human Subjects Protection Program.
  • Review and appropriate identification of Health Care Components and management of HIPAA privacy compliance for each Component.
  • Oversee the development and implementation of policies, procedures and forms related to HIPAA privacy and breach notification, as applicable to the University, its researchers, and Covered Health Care Components, which include those units and/or programs engaged in HIPAA covered functions, as well as those units and/or programs that provide services (internally and externally) as Business Associates.
  • Perform periodic internal privacy impact assessments and compliance audits.
  • Support the Information Security Office (ISO) in the performance of institutional security risk analyses and development policies, procedures and processes around HIPAA Security.
  • Investigate and respond to complaints regarding alleged breaches of institutional privacy policies, including recommending and implementing corrective action plans.
  • Provide subject matter expertise on HIPAA privacy and breach notification requirements to University constituents, including students, faculty, researchers and staff.
  • Coordinate with the privacy officers and other compliance staff for the University’s affiliated healthcare entities, including Banner Health and Dignity Health.
  • Direct, deliver and provide updates to annual privacy training and orientation to covered workforce members, including employees, students, volunteers, medical and professional staff.
  • Review and track all institutional Business Associate Agreements (BAAs).
  • Develop effective and measurable quality improvement initiatives.
  • Oversee and update the privacy office records retention program.
  • Additional duties may be assigned.
Knowledge, Skills, & Abilities
Minimum Qualifications
  • Bachelors’ Degree in healthcare administration, health information management, or a related field with at least 3 years of directly related experience in interpreting, operationalizing, and applying laws, regulations and policies related to information privacy and security, and the confidentiality of health information; OR, equivalent combination of experience.
  • Sound working knowledge of current federal and state healthcare and privacy laws, agency regulations, and accreditation requirements (e.g., OCR, OIG, HIPAA, FISMA, NIST, etc.)
  • Experience working well and collaboratively with researchers, medical and non-medical personnel, and administrative staff at all levels.
  • Experience developing training modules, compliance assessment, and monitoring tools and techniques.
  • Ability to clarify and communicate complex legal and regulatory requirements, so that they are understood by a variety of audiences.
  • Excellent organizational abilities and outstanding written and oral communications skills.
  • Motivated to excel, takes initiative, respects others, and inspires collaboration.
  • High degree of personal integrity.
Preferred Qualifications
  • Advanced degree in law, research area or related field.
  • Experience working within a university research or academic medical center compliance office, or a healthcare organization with significant university research contracts, is highly preferred.
  • Nationally-recognized compliance certification (e.g., CHPC; CIPP/US, CHPS, RHIA; or RHIT credentials) preferred (or able to obtain within six months of hire).
FLSA Exempt
Full Time/Part Time Full Time
Number of Hours Worked per Week 40
Job Category Administrative and Professional
Benefits Eligible Yes - Full Benefits
Posted Rate of Pay DOE
Type of criminal background check required: Fingerprint criminal background check (security sensitive due to title or department)

Posting Detail Information

Posting Number A22130
Number of Vacancies One
Desired Start Date
Position End Date (if temporary)
Limited to Current UA Employees No
Contact Information for Candidates

Mariette Marsh

Open Date 10/09/2017
Close Date
Open Until Filled Yes
Review Begins On 11/06/2017
Special Instructions to Applicant
Diversity Statement

At the University of Arizona, we value our inclusive climate because we know that diversity in experiences and perspectives is vital to advancing innovation, critical thinking, solving complex problems, and creating an inclusive academic community. We translate these values into action by seeking individuals who have experience and expertise working with diverse students, colleagues and constituencies. Because we seek a workforce with diverse perspectives and experiences, we encourage minorities, women, veterans, and individuals with disabilities to apply. As an Employer of National Service, we also welcome alumni of AmeriCorps, Peace Corps, and other national service programs.

Quick Link for Internal Postings

Supplemental Questions

Required fields are indicated with an asterisk (*).

  1. * Where did you first learn about this position?
    • Arizona Daily Star
    • Arizona Republic
    • Chronicle of Higher Education
    • Department of Economic Security (DES)
    • Diverse Issues in Higher Education
    • Hispanic Outlook in Higher Education
    • Jobing.Com
    • LinkedIn
    • Local Job Banks
    • Pima County One-Stop
    • Professional Conference
    • Professional journal/publication
    • Referred by UA Employee
    • Invited by Dept to Apply
    • UA Website
    • Other
  2. * Upon hire, will you possess a Bachelors’ Degree in healthcare administration, health information management or a related field with at least three (3) years’ of directly related experience in interpreting, operationalizing and applying laws, regulations and policies related to information privacy and security, and the confidentiality of health information; OR, do you have an equivalent combination of experience?
    • Yes
    • No

Documents Needed to Apply

Required Documents
  1. Cover Letter
  2. Resume
Optional Documents