Director, Privacy and Security Compliance

AcclaraRemote, United States


Job Title:                                Director, Privacy and Security Compliance

Company:                              Tegria Revenue Cycle Management (Tegria RCM)

Department:                           Compliance

Leader:                                   Senior Director Compliance – Compliance Officer

FLSA Status:                         Salaried/Exempt

Work Location:                      Remote within the U.S.

Travel:                                    Minimal (10%)

Compensation:                     $70,000 - $167,000



The Director of Privacy and Security Compliance leads Tegria RCM’s privacy and IT security compliance program and supports the Tegria RCM Compliance Officer and the Tegria RCM overall compliance program by administering and implementing privacy and IT security compliance programs, policies, and practices consistent with the Federal Sentencing Guidelines’ Seven Elements of an Effective Compliance Program.  Assists in coordinating and administering compliance education across the organization.  Leads and facilitates compliance with relevant laws, regulations, and frameworks, including but not limited to HIPAA, HITRUST, PCI, Cyber Essentials, SOC2, and applicable state regulations. Serves as the enterprise subject matter expert on privacy laws and regulations. Oversees and manages the planning, implementation, oversight, auditing, monitoring, and ongoing operation of Tegria RCM’s privacy and security compliance program.  Acts as a compliance liaison to Tegria RCM partners and government agencies as appropriate.  Coordinates and leads a risk-based privacy and IT Security compliance auditing and monitoring program based on continuous assessment of the Tegria RCM risk environment.  Investigates potential privacy and security compliance violations and recommends appropriate corrective action.

Responsibilities include:

  • Develops, implements, and maintains an effective privacy program that prevents and detects privacy violations. Responds to and promptly investigates alleged violations of information privacy, security, or compliance rules, regulations, policies, procedures, and Standards of Conduct by evaluating and investigating reported alleged violations and recommending appropriate corrective action plans.
  • Manages required breach determination and notification processes under applicable federal and state laws.
  • Provides guidance, direction, and practical translation of privacy requirements (legal, regulatory, contractual, and, as applicable, those related to accreditation and certification standards).
  • Establishes an ongoing process to track, investigate, and report inappropriate access and disclosure of protected health information, including oversight of corrective action plans that mitigate non-compliance.
  • Maintains current knowledge of applicable federal and state privacy laws and accreditation standards and monitors advancements in information privacy technologies to ensure organizational adaptation and compliance.
  • Manages and provides guidance for the implementation and review of Tegria RCM’s Business Associate Agreements (BAAs) with clients and vendors. Tracks, monitors, and coordinates appropriate responses in accordance with privacy breach notification requirements established in the BAAs. 
  • Coordinates with Tegria RCMs IT Security leadership to lead compliance efforts and evidence validation/collection related to SOC 2, HITRUST, and any other applicable audits and frameworks. Leads internal auditing and monitoring to ensure ongoing compliance.
  • Supports the continuous risk assessment process and provides reporting to Tegria RCM’s applicable leadership committees (including but not limited to the Compliance Committee, Security Committee, Risk Management Committee) related to key elements of the privacy program, including privacy notice, consent, authorization, business partner agreements/practices, minimum necessary information, disclosure, etc.
  • Cooperates with governmental auditors, legal inquiries, and organization officers in privacy or IT security related compliance reviews or investigations.
  • Assists in responding to or reviewing customer or vendor security and privacy questionnaires.
  • Supports and assists Tegria RCM’s Compliance Officer and IT leadership in creating and administering the third-party risk management program, including articulating privacy and security risks in a business context, their impacts, and recommending mitigation; assists in leading governance forums (e.g., Enterprise Risk Committee), and remediation activity governance and tracking.
  • In coordination with the Compliance Officer, maintains an effective Risk Management program to encompass all relevant elements (e.g., initial assessments, continuous monitoring).
  • Creates and maintains Privacy and IT Security compliance policies.
  • Research healthcare compliance developments, trends, and benchmarks within RCM.
  • Manages and mentors’ staff as assigned.


  • Bachelor’s degree in Health Administration, Healthcare Information Systems, Health Information Management or equivalent.
  • Privacy and/or IT Security certification, such as CHPC, CISA, CHPS, or equivalent
  • Minimum of 7 years’ experience in cross-discipline healthcare privacy and Information Security/Information Technology experience
  • Minimum of 5 years’ experience in a supervisory role in healthcare privacy, IT security compliance, or combination
  • Demonstrated experience with representing security controls to external auditors and/or customers.
  • Strong knowledge of healthcare privacy and security compliance, governance, and risk management concepts and practices.
  • Strong understanding of common security and privacy standards, regulations, and laws relating to a cloud software development company (e.g., SOC 2, ISO 27001, HIPAA, HITECH, CCPA, HITRUST, etc.).
  • Experience developing information privacy, security, and compliance policies, procedures, and supporting documentation.
  • Experience conducting information privacy risk assessment/analysis and determining positional breach exposure.
  • Experience with evidence gathering, validation, and managing audits for SOC 2 Type 2, and HITRUST certifications.

Preferred Qualifications:

  • Master’s degree in Health Administration or other related privacy, security, or medical record management related field.

Physical Requirements:

The physical demands described are representative of those that must be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.  Listed below are the physical requirements required while performing the duties of this job.

  • The employee is regularly required to: stand; sit; talk; hear; use hands and fingers to operate a computer and telephone keyboard; and reach, stoop and/or kneel to install computer equipment
  • The employee must have the specific vision ability to complete close vision requirements due to computer work
  • The employee is required to be able to complete light to moderate lifting

Our Commitment to Diversity, Equity, and Inclusion

We welcome and respect the variety of experiences, viewpoints, and cultural backgrounds that everyone brings to our workplace. Tegria RCM makes every effort to promote a workplace where leaders model inclusive behaviors and individuals feel respected, valued, and empowered.  Together, we promote and sustain an inclusive workplace where people feel a sense of belonging