Position Summary

The Director of Privacy serves as Privacy Officer and leads our compliance with healthcare privacy laws and regulations across multiple pharmacy and payor solutions. Responsibilities include working with key stakeholders on privacy strategies and developing and executing related plans.

Director of Privacy works closely with leaders across businesses, solutions, and multiple functions including Legal, Ethics & Compliance, Information Technology, IT Risk & Compliance, Data Security, and Internal Audit.


  • Serve as healthcare privacy subject matter expert for businesses and solutions. Work closely with solution and data teams to ensure compliance with all healthcare privacy laws and regulations.
  • Ensure all data uses are in compliance with agreements including BAAs and other contractual restrictions, applicable laws, regulations, and policies.
  • Develop privacy plans and ensure compliance across all solution activities including development, implementation, operations, and support.
  • Lead privacy for strategic initiatives and new product development projects.
  • Manage and negotiate BAAs (business associate agreements) with customers, downstream BAAs with vendors, and other related business agreements to support HIPAA business associate requirements.
  • Support business/transactional counsel with the review and negotiation of privacy language as needed, particularly for HIPAA and privacy issues.
  • Develop and maintain privacy policies and SOPs.
  • Complete audits, risk assessment activities, analysis, and corrective actions.
  • Continuously learn about new regulatory requirements and industry trends and build into the privacy program.
  • Train businesses and solutions on HIPAA and healthcare privacy requirements. Lead outreach plans and continuously build relationships and awareness around importance of privacy.


  • Bachelors Degree required in Business or related field. Advanced Degree or JD and privacy certifications including IAPPs CIPP or CIPM, preferred.
  • Minimum of 8 to 10 years of experience in healthcare privacy and compliance.
  • Must have detailed knowledge of healthcare privacy laws and regulations. Ability to apply these requirements to Cardinal Health businesses.
  • Ability to define and solve problems, collect data, establish facts, and draw conclusions.

Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

More jobs: