The University of California, Berkeley, is one of the world's most iconic teaching and research institutions. Since 1868, Berkeley has fueled a perpetual renaissance, generating unparalleled intellectual, economic and social value in California, the United States and the world. Berkeley's culture of openness, freedom and acceptance—academic and artistic, political and cultural—make it a very special place for students, faculty and staff.
Berkeley is committed to hiring and developing staff who want to work in a high performing culture that supports the outstanding work of our faculty and students. In deciding whether to apply for a staff position at Berkeley, candidates are strongly encouraged to consider the alignment of the Berkeley Workplace Culture with their potential for success at http://jobs.berkeley.edu/why-berkeley.html.
As a key member of the Office of Ethics, Risk, and Compliance Services (ORECS) reporting to the Deputy Associate Chancellor/Compliance Officer within the Chancellor's Office, the Campus Privacy Officer is charged with collaboratively developing, implementing, and administrating a unified privacy program for the Berkeley campus. The Campus Privacy Officer must be able to affect organizational change within the University context of shared governance, mission, and values, and complex information technology infrastructure and operations.
The Campus Privacy Officer develops, guides, and assists in the identification and maintenance of the UC Berkley's healthcare information privacy policies and procedures working collaboratively with the health sciences unit's leadership (i.e., University Health Services, School of Optometry, Psych Clinic), to help ensure compliance with University policies, federal and state laws and the protected health information privacy practices. Additionally, in accordance with the UCOP systemwide HIPAA Taskforce recommendations, whereby each chancellor shall designate one or more individuals in the coordinating role regarding HIPAA compliance, UC Berkeley has assigned the HIPAA liaison responsibility to the campus Privacy Officer.
The Privacy Officer supports the Deputy Associate Chancellor/Compliance Officer and UC Berkeley's commitment to protecting the privacy of personal information of research subjects, faculty, staff, students and other members of the community. The incumbent will regularly work on highly variable and complex privacy issues where analysis of situations or data requires an in--depth evaluation of multiple factors. The Privacy Officer will work on privacy related projects of diverse scope that require the development of innovative strategies for implementing compliance communication, training, and policies and procedures in the area of privacy.
The Campus Privacy Officer is an important member of the Compliance and Enterprise Risk Committee (CERC) , co--chairs the Information Risk Governance Committee(IRGC) , and serves on IT and/or campus-wide committees. Among other responsibilities, the (IRGC) subcommittee is charged with developing the vision, strategies, and methodologies of the privacy program administered by the Campus Privacy Officer. The Campus Privacy Officer will collaborate with the Chief Information Security Officer (CISO), other functional experts, and the UC Chief Information Security and Privacy Officer for systemwide alignment.
Infusing understanding and use of the UC privacy values and principles across the community in routine academic and administrative operations is fundamental to meeting the challenge of shifting expectations, new laws, and emerging technologies. A key responsibility of the Campus Privacy Officer is addressing this need, whether in clarifying the boundaries of personal privacy (which is at the heart of the complex issue of the commingling of University information with personal information) or in promulgating the expectation that University privacy and information security principles extend to relationships with partners and collaborators.
Under the direction of the Deputy Associate Chancellor/Deputy Compliance Officer, the Campus Privacy Officer provides guidance in the area of privacy to compliance, audit and other campus staff. The Officer will implement, administer and monitor a comprehensive privacy program campus-wide. As the designated official, the Privacy Officer is accountable for researching highly complex privacy issues, and for compliance with relevant state, federal regulations, and industry privacy standards. This role is critical in providing subject matter expertise and guidance for campus-wide privacy issues (HIPAA, FERPA, CYBER) to all stakeholders on complex and changing privacy issues; participates in the resolution of conflicting privacy interests and ensures applicable balancing principles are engaged; and assist UC stakeholders and partners in understating UC privacy policies, values, regulations, and practices. The Campus Privacy Officer will be in charge of privacy related projects of diverse scope where analysis of data requires evaluation of identifiable factors in developing practices to ensure appropriate compliance communication, policies and procedures are implemented in the area of privacy. Charged with designing, implementing, and monitoring a campus-wide, the Privacy Officer is expected to exercise judgment in selecting methods, techniques and evaluation criteria for obtaining results. As a lead, the incumbent is responsible for conducting and documenting a wide range of assignments in an independent manner, which includes but not limited to developing and managing privacy training, education and awareness, advising on best practices and potential system wide or campus-specific risks. The Privacy Officer will partner with the Chief Information Security Officer (CISO) and be the senior lead on assisting the campuses and relevant parties with responses to privacy breaches or incidents as appropriate.
Strategic design, implementation, and management of the Campus and Health Privacy program.
Directs, delivers, or ensures delivery of privacy and healthcare compliance training and orientation to appropriate clinical practice personnel and management faculty and students, and other appropriate third parties.
Works collaboratively with the clinical units and other applicable organization units in overseeing patient rights to inspect, amend, and restrict access to protected health information when appropriate.
Establishes and administer a process for receiving, documenting, tracking investigating, and acting on all complaints concerning the HIPAA and privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel.
Cooperates with the U.S. Department of Health and Human Service's Office for Civil Rights, State regulators and/or other legal entities in any compliance reviews or investigations.
Serves as UC systemwide Privacy Officer designee. Assessment and reporting of privacy risks at the campuswide, control unit, or Department levels. Includes identifying and assessing new or emerging risks as well as monitoring how campus risks are changing over time. Also includes performing control--gap analyses to help in management's risk response.
Performs initial and periodic information HIPAA and privacy risk assessments and conduct related ongoing compliance monitoring activities in coordination with health entities and other compliance and operational assessment functions.
Works with administration, legal counsel, faculty and other related parties to represent the organization's information privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standard.
Performs required breach risk assessment, documentation, and mitigation. Works with appropriate officials to ensure consistent application of sanctions for privacy violations. Directs and coordinates HIPAA or privacy breach and incident notification activities. Leading and Monitoring of the campuswide Privacy Program as well as of risk response programs in place at the control unit and department levels. Includes preparing reports for the Compliance, Enterprise Risk Committee (CERC) and Information Risk Governance Committee (IRBC).
Co-chairs the Information Risk Governance Committee and General Data Protections Regulations working group.
Oversees Privacy and Online Monitoring Policy to ensure monitoring policies are enforced and do not deviate from best practices and established norms.
Directs and participate in the development, implementation, and ongoing compliance monitoring of various agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
Establishes with management and operations a mechanism to track access to protected health information within the purview of the University of California System as required by law and to allow qualified individuals to review or receive a report on such activity. Advisory and facilitation support to control units and Departments in the development of their privacy risk response programs as well as in the incorporation of privacy risk assessments into their initiatives or projects.
Works with University personnel involved with any aspect of release of protected health information, to help ensure full coordination and cooperation under UCB's policies and procedures and legal requirements.
Works within the organization and system-wide to attain a coordinated approach responsive to organization needs. Assists departments with building expertise in privacy laws, policies and best practices. Maintains and grows expertise on privacy issues relevant to universities. Networks with colleagues at other like institutions to understand and promulgate best practices. Serves as a resource on good privacy configurations and controls. Communicates complex privacy Principles, concepts and regulations in simple and actionable terms.
Privacy Information Steward/Records Management Coordinator:
Administers, evaluates, and continuously refines the campus Information, Privacy, and Records Management Program that includes policy, procedures, best practices, and training modules to enhance campus compliance with the Information Practices Act (IPA), Freedom of Information Act (FOIA), Family Education Records Privacy Act (FERPA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other legislation and University policy pertaining to the access to and privacy, integrity and disposition of, information and records under UCB's stewardship.
Serves as a consultant for campus departments evaluating their record management, retention and disposition practices. Provides relevant tools and resources for Business Officers and record proprietors. Interprets information management policy and legislation, providing advice to senior management, faculty, managers, supervisors, information technology/systems developers and administrators, academic and nonacademic staff, students, media, and the public. Stays current in information and records management principles, regulations, and best practices for higher education through reading, professional associations, collaboration, and training.
Acts as University of California Electronic Communications Policy (ECP) designated campus officer. Partners with IT in the administration of the campus- privacy implementing guidelines for the ECP.
Provides interpretative guidance to the campus on ECP. Direct the nonconsensual access review process, ensuring 1) access complies with policy and law and 2) appropriate notifications are sent. Coordinates with General Counsel on ECP issues as appropriate.
HIPAA Compliance Program: Oversight of campus-wide HIPAA compliance.
Serves as a subject matter expert to local Practice HIPAA Officers of health entity on Privacy and Security compliance internal controls, policies, procedures and best practices.
Performs periodic information privacy risk assessments and conduct related ongoing compliance monitoring activities.
Serves on Healthcare and Security Compliance committee in the review of annual “checklist of HIPAA compliance activities” and reporting responsibilities.
Serves as UC systemwide HIPAA Privacy Officer designee. Education, Communication and Outreach.
Determines significant operational and control risks, implements appropriate process improvements and best practices, and manages campus communications structure to improve control environment. Assesses and inventories data access/use policies and practices of the campus on a rolling basis at the campus, unit, or department level, as appropriate.
Proposes, leads and / or participates on policy and planning committees and working groups. Stays abreast of activities and initiatives across campus that may have the potential to affect the campus risk profile. Collaborates with Chief Information Security Officer (CISO) and others regarding information systems and electronic systems to
Expert knowledge of the ethics and compliance profession, theories and systems of internal control, and professional compliance and investigations standards.
Extensive privacy and compliance experience required. University experience preferred.
Expert knowledge and experience in the following areas: FERPA, HIPAA, Confidentiality of Medical Information Act (CMIA), California Consumer Privacy Act , California Online Privacy Protection Act (CalOPPA), GDPR, federal and state and applicable international privacy laws.
Expert knowledge of University ethics and compliance policies, procedures and programs. Demonstrated grasp of ROI concepts.
Technical expertise regarding information systems sufficient to coordinate, consult, and collaboration with Chief Information Security Officer and other regarding electronic systems to protect privacy.
Expert interpersonal service orientation, active listening skills and highly effective team leadership skills.
Highly development ability to concisely present complex risk finding and make recommendation verbally and in writing.
Ability to gather, organize, analyze, and report on issues and recommendations that are complex in nature. Ability to apply policy and legal concepts to issues.
Excellent skills in complex decision making on critical issues.
Excellent skills in presenting information in a thorough and complete manner.
Ability to multi-task with demanding timeframes. Self-starter, motivated, disciplined and diplomatic professional with high energy and a strong work ethic.
At minimum, a Bachelor's degree in Business, Risk Management, Information Health or related field. Extensive background and experience (4 years plus) in the area of privacy and/or regulatory compliance or equivalent of working/training experience.
Preferred Juris Doctorate or an appropriate combination of education and experience.
Salary & Benefits
Salary will commensurate with experience.
For information on the comprehensive benefits package offered by the University visit:
Please submit your cover letter and resume as a single attachment when applying.
Conviction History Background
This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check. Equal Employment Opportunity