Research Privacy Manager

SHIFT:

Day (United States of America)

Seeking Breakthrough Makers
Children’s Hospital of Philadelphia (CHOP) offers countless ways to change lives. Our diverse community of more than 20,000 Breakthrough Makers will inspire you to pursue passions, develop expertise, and drive innovation.
At CHOP, your experience is valued; your voice is heard; and your contributions make a difference for patients and families. Join us as we build on our promise to advance pediatric care—and your career.
CHOP’s Commitment to Diversity, Equity, and Inclusion
CHOP is committed to building an inclusive culture where employees feel a sense of belonging, connection, and community within their workplace. We are a team dedicated to fostering an environment that allows for all to be their authentic selves. We are focused on attracting, cultivating, and retaining diverse talent who can help us deliver on our mission to be a world leader in the advancement of healthcare for children.
We strongly encourage all candidates of diverse backgrounds and lived experiences to apply.
A Brief Overview
This role is responsible for supporting the enterprise-wide privacy program within the Research Institute at Children's Hospital of Philadelphia (CHOP). This individual serves as a key advisor and subject matter expert on privacy issues specifically concerning the access, collection, use, disclosure and security of data including creation, maintenance and acceptable use of data repositories for the purposes of research.
 

This role reports to the Senior Director, Research Compliance within the Research Institute, with matrixed reporting to the Chief Compliance and Privacy Officer and the Chief Research Informatics Officer.
What you will do

 • Serve as a resource for the Research Institute for privacy issues related to data access, collection, use, disclosure and security, in compliance with state, federal and international privacy law, as applicable.

• Collaborate with privacy and security stakeholders within the enterprise and the Research Institute including the Office of Compliance and Privacy, the Institutional Review Board, the Office of General Counsel, Internal Audit, Digital & Technology Services, Information Security, and Research Compliance.

• Identify areas of improvement in operational areas / local practices relative to managing privacy risk.

• Serve on Research Institute, Hospital, and Enterprise committees to provide input related to research data privacy, use and governance. 

• Monitor legal trends and identify new laws or best practices relevant to research data use and disclosure at CHOP on topics such as new and emerging technologies (e.g., machine learning, artificial intelligence), omics, and sensitive data, including when that use occurs as part of Not Human Subjects Research.

• Liase with the national and global data privacy research community to stay abreast of innovations and emerging issues. Raise the profile of the Research Institute as a privacy-by-design organization.  Privacy industry participation (member or volunteer in a trade association, network contacts, etc.)

• Develop policies (including SOPs, job aids) to support the operationalization of regulations and industry standards relevant to research data privacy.

• Coordinate with the Office of Research Compliance, Office of Preparedness, Prevention and Response, the Office of Compliance and Privacy, Information Security, and the Data Trust and Enablement Office as appropriate on initiatives and issues.

• Develop risk mitigation strategies and monitoring programs for data privacy and related data security risks specific to the Research Institute (e.g., in collaboration with OCP, Information Security, DTS).

• Support operationalizing privacy policy for Research Institute programs (e.g. Arcus), including oversight of honest broker functions for data use within the Research Institute as a whole; data mapping and inventorying of research data. Serve as point of contact for research contracting teams to ensure appropriate use and disclosure terms for research data are included in agreements.

• Serve as point of contact for incident response in the Research Institute, including being the main point of contact to investigate, document, evaluate incidents from a breach perspective in coordination with the Office of Compliance and Privacy including overseeing remediation plans as appropriate.

• Collaboratively develop, implement and test incident response procedures with the Offices of Compliance Privacy and Information Security that address the rapidly evolving data landscape in the Research Institute.

• Develop, socialize, and report Research Institute data privacy metrics to Research Institute leadership and Hospital leadership, as appropriate.

• Develop, maintain, and deliver privacy training, education, communication, and awareness materials specific to the research community including updating content of CHOP intranet/internet sites as appropriate.

• Serve as a resource for the research community, to provide input on privacy considerations in the context of individual research protocols.

• Serve as the primary privacy resource for providing input on enterprise-wide initiatives that impact the use and disclosure of data for research purposes.

• Support identification/remediation of privacy risks related to new organizational initiatives, projects, processes, etc. involving the use and sharing of confidential information.

• Design and implement privacy monitoring activities, including periodic audits and spot checks, to ensure ongoing compliance with research privacy requirements. Provide feedback to research teams and leadership on privacy practices and improvements.

• Support Arcus team with privacy-related topics and projects, e.g., serve as a resource, conduct privacy impact assessments, develop and review written standards, consult on special topics and processes. 

Education Qualifications

• Bachelor's Degree Required
• Master's Degree Preferred

Experience Qualifications

• At least seven (7) years of privacy administration related experience Required
• At least three (3) years of leadership, management or supervisory experience Required
• At least five (5) years of research privacy administration related experience Preferred
• At least five (5) years of healthcare related experience Preferred
• Healthcare or research privacy experience Preferred
• Previous privacy scholarship experience Preferred

Licenses/Certifications

• 8-hour OCAT In-House Instructor Certification International Association of Privacy Professionals(https://iapp.org/certify/cipp/) within 12 months Required

Skills and Abilities

• Advanced knowledge of state, federal, and global privacy related laws
• Advanced knowledge of privacy related technology (Arcus)
• Advanced proficiency in socializing, developing and operationalizing privacy processes
• Ability to collaborate and build consensus with stakeholders at all levels
• Demonstrated privacy industry participation (member or volunteer in a trade association, network contacts, etc.)

To carry out its mission, CHOP is committed to supporting the health of our patients, families, workforce, and global community. As a condition of employment, CHOP employees who work in patient care buildings or who have patient facing responsibilities must be fully vaccinated against COVID-19 and receive an annual influenza vaccine. Learn more.
Employees may request exemptions for valid religious and medical reasons. Start dates may be delayed until candidates are immunized or exemption requests are reviewed.
EEO / VEVRAA Federal Contractor | Tobacco Statement