Compliance And Privacy Officer - 40009106

Join Durham County Government
Durham County Government is home to over 2,000 dedicated professionals working together to deliver essential services that strengthen and support our vibrant, diverse community. As the heart of a fast-growing region, we offer meaningful careers across a wide range of fields—giving you the opportunity to make a real impact where you live, work, grow, and play. Learn more at www.dconc.gov.

 

DEPARTMENT:       

 

Legal

DATE POSTED:         

   

May 24, 2025

CLOSING DATE:           

 

Until Filled

HIRING RANGE:

 

$85,891 - $125,000

POSITION NUMBER:        

    

40009106

JOB TYPE:

Full-Time; (37.5 hrs/week)

 

 

General Description:

 

The purpose of this job is to oversee and manage the daily operations of the current Compliance and Privacy program. This includes: the ongoing development, implementation, and maintenance of policies and procedures; monitoring program compliance; conducting risk assessments; training and educating employees, department privacy officers, and contractors; communicating with stakeholders; investigating and tracking incidents, privacy violations, and breaches; as well as making breach determinations and reporting breaches to regulatory bodies.

The Compliance and Privacy Officer (CPO) works within the Office of the County Attorney and is designated as the Chief Privacy Officer for Durham County Government as required by 45 Code of Federal Regulations (CFR) §164.530(a). This job is performed under general supervision, independently developing work methods and sequences.

Duties and Responsibilities

The functions listed below are those that represent the majority of the time spent working in this position. Management may assign additional functions related to the type of work of the position as necessary.

• The Compliance and Privacy Officer will be responsible for the development and implementation of compliance and privacy policies and procedures for the County as well as receiving, investigating, and responding to privacy and compliance complaints for the County. This job description will serve as the privacy officer’s written designation in compliance with 45 CFR §164.530(a)(2).

• This position is responsible for ensuring patients’ rights in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and providing guidance on the use and disclosure of confidential information, highly restricted information, personally identifiable information, and protected health information.

• The overall purpose of this job is to ensure that Durham County and its stakeholders are implementing reasonable practices, policies, and controls to ensure it meets applicable federal, state, and local statutes, regulations, and requirements (i.e., including, but not limited to 42 CFR Part 2; NCGS 122c; NCGS Chap. 75 Art. 2A; PCI-DSS). Duties may vary according to the assigned office.

• Responsible for the organization's Privacy Program and performs responsible professional work in the rendering of compliance and privacy services to the County

 

• Oversees and manages the daily operations of the program, development, implementation, and maintenance of policies and procedures (department and county level).

• Provides real-time consultation and support to County department Privacy Officers.

• Provides subject matter expertise regarding applicable state and federal laws, state policies, standard procedures, and controls to confirm they are appropriately embedded in the County’s risk management compliance practices.

• Drafts, updates, and maintains appropriate privacy and confidentiality consent, authorization forms, medical releases, Business Associate agreements, Data Use agreements, Notices of Privacy Practices, and information notices and materials reflecting current organizational and legal practices requirements with regards to privacy.

• Drafts and provides compliance, privacy, and HIPAA related training to employees, contractors, and privacy officers.

• Monitors program compliance through regular auditing and monitoring of processes, practices, and documents to identify weaknesses.

• Conducts investigations and tracks incidents, breaches, and claims.

• Makes breach determinations and reports breaches to internal stakeholder/executive leadership and external regulatory bodies. 

• Provides recommendations for corrective actions and sanctions; works closely with Human Resources and department stakeholders to issue sanctions. 

• Ensures patients' rights in compliance with the Health Insurance Portability and Accountability Act (HIPAA); NCGS 122c; 42 CFR Part 2; and any other applicable state or federal law or regulation with the over-arching goal of ensuring that any such privacy policies and procedures meet federal, state, and local regulations and 
requirements. 

• Receives patient privacy complaints; investigates complaints; and communicates findings with internal stakeholders as well as the complainant.

 

• Reviews all HIPAA/Human Subjects related research proposals and advises the department on the applicable laws and appropriate data use agreements. 

• Identifies and assesses areas of privacy risk and prepare recommendations that mitigate the risks. 

• Drafts periodic and annual reports on the Compliance and Privacy Program and reports Compliance Program status to Executive Leadership.

• Serves as the Chair for the HIPAA Compliance Committee as well as the Privacy Group. 

• May assist the Risk Manager as needed.

• May supervise, direct, and evaluate assigned staff

• Performs related tasks as required.

 

 

Knowledge, Skills and Abilities:

 

• Thorough knowledge of privacy laws, regulations, and best practices.

• Thorough knowledge of the principles, methods, materials, practices and references utilized in legal research.

• Thorough knowledge of legal office procedures and practices.

• General knowledge of local government law, torts, contracts, civil rights, and administrative process.

• Ability to read and interpret contracts, County, state, and federal codes and regulations, insurance policies and other technical data and reports related to the 
management of County risks.

• Ability to effectively communicate in writing and orally with all levels of County government as well as the insurance industry personnel, attorneys, citizens, and state and federal government officials.

• Ability to effectively negotiate with insurance industry personnel, attorneys, citizens, and County personnel, sometimes in advisory situations.

 

• Strong subject matter expertise and knowledge of all relevant privacy laws, regulations, industry standards and best practices.

 

 

Minimum Education and Experience Requirements: 

 

• Requires a bachelor’s degree in a relevant field such as, but not limited to, public health, health care administration, social work, business administration, public administration or a related field.

• Requires four (4) years of responsible, professional level experience working in a compliance, privacy, regulatory compliance, healthcare law and/or administration, risk management, or healthcare privacy role. 

• A master’s degree in public health, health care administration, law or a related field may be substituted for one (1) year of required experience.

• Graduation from a recognized law school, and two years of experience in healthcare or related experience, some of which is in municipal or county work, can be accepted in lieu of four years of experience.

• Auditing experience is a plus.

 

Unavoidable Hazards (Work Environment):

• None.

Special Certifications and Licenses:

• Certification in one of the following is required within one year of hiring: Certified in Healthcare Privacy Compliance (CHPC) and/or Certified Information Privacy Manager (CIPM).

Preferred Certifications:

• Certifications in one or more of the following is highly desired, but not required:

 

Certified HIPAA Privacy Security Expert (CHPSE), Certified Information Privacy 
Professional (CIPP), Certified Ambulance Privacy Officer (CAPO), Certified 
Information Privacy Manager (CIPM), Certified Information Privacy Technologists 
(CIPT), Certified in Healthcare Compliance (CHC), Certified in Healthcare Privacy 
Compliance (CHPC), or Certified in Healthcare Research Compliance (CHRC). 

 

Americans with Disabilities Act Compliance

 

Durham County is an Equal Opportunity Employer. ADA requires Durham County to provide reasonable accommodations to qualified persons with disabilities. Prospective 
and current employees are encouraged to discuss ADA accommodations with management.

 

Physical Demands:

Physical demands refer to the requirements for physical exertion and coordination of limb and body movement.

• Performs sedentary work that involves walking or standing some of the time and involves exerting up to 10 pounds of force on a regular and recurring basis or sustained keyboard operations.

Standard Clauses:

May be required to work nights, weekends, holidays and emergencies (man-made or natural) to meet the business needs of Durham County.

This job description is not designed to cover or contain a comprehensive listing of essential functions and responsibilities that are required of an employee for this job. Other duties, responsibilities, and activities may change or be assigned at any time with or without notice. 

Essential Safety Functions:

It is the responsibility of each employee to comply with established policies, procedures and safe work practices. Each employee must follow safety training and instructions provided by their supervisor. Each employee must also properly wear and maintain all personal protective equipment required for their job. Finally, each employee must immediately report any unsafe work practices or unsafe conditions as well as any on-thejob injury or illnesses. Every manager/supervisor is responsible for enforcing all safety rules and regulations. In addition, they are responsible for ensuring that a safe work environment is maintained, safe work practices are followed, and employees are properly trained.

 

 

 

 

AMERICANS WITH DISABILITIES ACT COMPLIANCE:

Durham County is an Equal Opportunity Employer. ADA requires Durham County to provide reasonable accommodations to qualified persons with disabilities. Prospective and current employees are encouraged to discuss ADA accommodations with management.