PRIVACY AND COMPLIANCE OFFICER Print (https://www.governmentjobs.com/careers/colorado/jobs/newprint/5034057) Apply  PRIVACY AND COMPLIANCE OFFICER Salary $71,544.00 - $93,012.00 Annually Location Denver, CO Job Type Full Time Job Number ILA 02939 8/6/2025 Department Colorado Department of Human Services Division BHA - Opening Date 08/06/2025 Closing Date 8/20/2025 11:59 PM Mountain FLSA Determined by Position Type of Announcement This position is open only to Colorado state residents. Primary Physical Work Address 710 S. Ash Street, Unit C140, Denver, CO 80246 - Hybrid working arrangements FLSA Status Exempt; position is not eligible for overtime compensation. Department Contact Information Stacy.chinea@state.co.us How To Apply Please submit an online application for this position at https://www.governmentjobs.com/careers/colorado. Reach out to the Department Contact to apply using a paper application, including any supplemental questions. Failure to submit a complete and timely application may result in the rejection of your application. Applicants are responsible for ensuring that application materials are received by the appropriate Human Resources office before the closing date and time listed. + Description + Benefits + Questions Department Information This position is open to current Colorado residents only. Opt in below to receive text message updates on CDHS recruiting events! CDHSCareers Most State of Colorado employees are eligible for a great benefit package! Please see the Supplemental Information section below for details! Description of Job Hybrid 1 - 4 days in office and at least one in-person meeting per month. This is subject to change due to the BHA’s needs. 8-5 Monday through Friday Please note: These working arrangements are subject to change. This position is responsible for overseeing the BHA’s Privacy and Compliance areas. The purpose of the position is to enhance and protect the BHA’s vision, mission, and values by providing risk-based and objective assurance, advice, and insight to individual Offices within the BHA in regard to compliance with state and federal laws and regulations, as well as BHA policies and procedures, that govern privacy and other compliance areas. This position administers a BHA-wide Privacy program that targets BHA divisions/office staff, business associates and trading partners (Example: OIT, HCPF, COAG, outside vendors stakeholders), and is designed so that staff are knowledgeable of BHA and legal requirements for protecting the privacy of confidential information and for instituting policies, procedures, forms and other materials that support this effort via training and enforcement. In accordance with the Health Insurance Portability and Accountability Act (45 CFR Section 164.530) and other state and federal privacy and security regulations, this position serves as the BHA’s BHA Privacy & Compliance Officer. The BHA Privacy & Compliance Officer is a high-level resource in the area of privacy for the BHA. The BHA Privacy & Compliance Officer oversees, monitors, and advises on all ongoing activities related to the development, implementation, maintenance of, and adherence to the BHA’s policies and procedures covering the privacy and access to protected information in compliance with federal and State laws and the BHA’s information privacy practices. The BHA Privacy & Compliance Officer highlights any concerns related to these areas and their associated risks to the BHA. This position serves as the point position for BHA’s compliance with privacy requirements for protected and confidential information. This position works with directors and program managers in managing the implementation of statutory changes affecting the BHA. This position facilitates business associate agreements, security agreements. research requests and projects, and data protection agreements, as well as overseeing investigations of potential privacy breaches and violations, and representing the agency and its policies and practices related to privacy. This position provides technical assistance in relation to the areas described above. The BHA Privacy & Compliance Officer is the authority for the implementation and ongoing privacy compliance for the Behavioral Health Administration. This requires a high level of knowledge and expertise in the privacy field needed by the agency to support its overall mission. As the privacy senior authority, the position is authorized to take action and issue expert opinions that provide direction for further action by others; design strategy, systems, processes, guidelines, rules, and standards that are mission critical and directly impact the agency’s ongoing operation and broad program or policy; and maintain the leadership role in the administration of a privacy program that ensures the protection of confidential information maintained by other divisions and offices. Such responsibilities include administering a program that assures compliance with federal, State and local laws related to privacy and confidentiality; chairing and/or providing leadership to appropriate boards and committees as relates to privacy; serving as the BHA liaison to regulatory and accrediting bodies for matters relating to privacy; developing and administering enterprise privacy policies; collaborating with BHA and division staff for developing, implementing and administering division/office procedures; devising a monitoring system for all divisions and offices that provides timely privacy status information with corrective actions; receiving and addressing complaints from clients and staff relative to possible violations of privacy practices. To administer such a program, the Data BHA Privacy & Compliance Officer works closely with the BHA’s Division Directors. Duties of the position: Risk Management This position has a high-level responsibility for advising the BHA on privacy compliance and other privacy issues derived from privacy laws. The BHA Privacy & Compliance Officer provides guidance to the organization that minimizes data privacy risks, ensures compliance with arising data protection issues, and ensures the confidentiality and protection of data. + Provides technical assistance in establishing data protection policies and behaviors of staff and management throughout the organization, including interactions with other local, State, and federal agencies. + Provides technical expertise regarding the BHA's implementation of HIPAA and other privacy/data protection/information legislation within the State and on a local level. + Develops and maintains BHA privacy policies, procedures, and tools consistent with state and federal privacy statutes. + Reviews and monitors (sometimes in conjunction with the Attorney General’s Office, OSC, Contracting Division, etc.) BHA business associate, data protection, security agreements for completeness and compliance with State and federal statutes and internal policy. + Coordinates and works closely with BHA staff to improve compliance throughout the BHA. + Reports to the U.S. Department of Health and Human Services Secretary concerning agency's level of compliance with standards and legislation mandates. + Maintains logs and documentation of findings within the BHA as well as with division/office business associates, including compliance and non-compliance issues, along with recommendations for remediation and/or mitigation of non-compliance issues. + Serves as point person in responding to breaches, specifically proper response, overseeing notifications, when appropriate, and communicating with the Attorney General’s office and the U.S. Department of Health and Human Services, as appropriate. Education and Awareness + Creates and conducts educational and ongoing awareness programs for the BHA workforce, including Divisional HIPAA liaisons as identified by Division Directors. Provides initial and ongoing training for all staff on privacy requirements based on State and federal laws that protect health information. Provides updated training as necessary based on changes in laws and/or BHA policies. + Monitors to assure that employees complete required training. Answers employee questions. Evaluates current business practices to determine level of staff understanding and adjust training efforts to meet the needs of staff. Updates training modules as new requirements are disseminated. + Attends BHA and outside training offerings in order to keep current with the latest requirements and to share agency experiences that have enhanced the privacy program with other agencies. + Regularly communicates with programs, BHA employees, and other agencies to ensure awareness and compliance with the latest information on BHA policies and procedures and state and federal law; potential vulnerabilities and risks; best practices in safeguarding protected information; and continually reinforcing the importance of maintaining the privacy and security of client and other data. + Advises the Communication Officer and DC of Administration in addressing all privacy topics on behalf of the BHA. + Assists in responding to media inquiries and interviews directed at privacy issues. + Develops and implements communications on BHA privacy awareness and compliance. + Assists and guides BHA staff with communication materials to target specific program privacy needs. + Assists with public relations matters affecting privacy. Other duties: Perform additional duties related to data privacy. Examples include, but are not limited to: + Assists in developing standard operating procedures and guidelines and provides technical assistance to internal and external staff on privacy issues affecting the BHA. + Provides analysis, training, and technical assistance to staff while assisting key managers with rules, changing processe,s and working with other external entities, behavioral health providers, to ensure initial and ongoing compliance. + Represents the BHA on state and federal legislation issues related to compliance with privacy regulations. + Prepares materials as required by the BHA and the legislature when requesting funds, justifying current funding, and for ensuring compliance with state and federal privacy laws. Minimum Qualifications, Substitutions, Conditions of Employment & Appeal Rights Experience Only: Seven (7) years of relevant experience in all of the following areas: + HIPAA compliance and data standards, including data privacy + Federal and state statutory/legislative requirements + Developing and maintaining privacy and compliance program documentation and processes + Strong collaboration skills OR Education and Experience: A combination of related education (associates or bachelor's degree) and/or relevant experience in an occupation related to the work assigned, equal to seven (7) years in all of the following areas: + HIPAA compliance and data standards, including data privacy + Federal and state statutory/legislative requirements + Developing and maintaining privacy and compliance program documentation and processes + Strong collaboration skills Preferred Qualifications: + Managing data sharing/use agreements + Assessing third-party vendor privacy risks + Experience training on HIPAA compliance for various staff at all levels Conditions of Employment: + This position is delegated as a hybrid position. The employees must maintain a home office and workstation free of distraction. internet, and possibly phone to complete required job duties or report to the office when needed. + Standard Background – Name check, TRAILS, CMS, and JBITS + Current/Valid and unrestricted US Driver's License + The position is to travel to meetings and/or conferences as needed. + Former State employees who were disciplinarily terminated or resigned in lieu of termination must disclose the information on the application and provide an explanation why the prior termination or resignation should not disqualify the applicant from the current position. Absent extraordinary circumstances, prior disciplinary termination, or resignation in lieu of termination will disqualify the applicant from future State employment with CDHS. APPEAL RIGHTS: If you receive notice that you have been eliminated from consideration for this position, you may file an appeal with the State Personnel Board or request a review by the State Personnel Director. An appeal or review must be submitted on the official appeal form, signed by you or your representative. This form must be delivered to the State Personnel Board by email (dpa_state.personnelboard@state.co.us), postmarked in US Mail or hand delivered (1525 Sherman Street, 4th Floor, Denver CO 80203), or faxed (303.866.5038) within ten (10) calendar days from your receipt of notice or acknowledgment of the department’s action. For more information about the appeals process, the official appeal form, and how to deliver it to the State Personnel Board; go to spb.colorado.gov; contact the State Personnel Board for assistance at (303) 866-3300; or refer to 4 Colorado Code of Regulations (CCR) 801-1, State Personnel Board Rules and Personnel Director's Administrative Procedures, Chapter 8, Resolution of Appeals and Disputes, at spb.colorado.gov under Rules. A standard appeal form is available at:www.colorado.gov/spb. If you appeal, your appeal must be submitted in writing on the official appeal form, signed by you or your representative, and received at the following address within 10 days of your receipt of notice or knowledge of the action: Colorado State Personnel Board/State Personnel Director, Attn: Appeals Processing, 1525 Sherman Street, 4th Floor, Denver, CO 80203. Fax: 303-866-5038. Phone: 303-866-3300. The ten-day deadline and these appeal procedures also apply to all charges of discrimination. Supplemental Information How to Apply (https://cdhs.colorado.gov/information-for-job-applicants#how-to-apply) The Assessment Process For additional recruiting questions, please contact Stacy.Chinea@state.co.us About Us: If your goal is to build a career that makes a difference, consider joining the dedicated people of the Colorado Department of Human Services (https://www.colorado.gov/cdhs) (CDHS). Our professionals strive to design and deliver high quality human and health services that improve the safety, independence, and well-being of the people of Colorado. In addition to a great location and rewarding and meaningful work, we offer: + Strong, secure, yet flexible retirement benefits including a PERA Defined Benefit Plan or PERA Defined Contribution Plan www.copera.org plus 401(k) and 457 plans + Medical and dental health plans + Employer supplemented Health Savings Account + Paid life insurance + Short- and long-term disability coverage + 11 paid holidays per year plus vacation and sick leave + BenefitHub state employee discount program + Employee Wellness program MotivateMe + Excellent work-life programs, such as flexible schedules, training and more + Remote work arrangements for eligible positions *Some positions may qualify for the Public Service Loan Forgiveness Program. For more information, go to https://www.colorado.gov/pacific/dhr/student-loan-forgiveness-programs . Our Values: We believe in a people-first approach: To serve the people of Colorado, we develop a culture and work environment that creates an energized, inspired, and healthy team capable of giving their best to Coloradans. Balance creates quality of life: We want our team to be resilient through a supportive workplace that values flexibility, health and wellness, and employee engagement. We hold ourselves accountable: We take responsibility through our actions, programs, and results for the state of health and human services in Colorado. Transparency matters: We are open and honest with employees, our partners, the Coloradans we serve, and the public. We are ethical: We abide by what is best for those we serve by doing what is right, not what is easy. Collaboration helps us rise together: We work together with all partners, employees, and clients to achieve the best outcomes for Coloradans. We are committed to increasing the diversity of our staff and providing culturally responsive programs and services. Therefore, we encourage responses from people of diverse backgrounds and abilities. ADAA Accommodations: CDHS is committed to the full inclusion of all qualified individuals. As part of this commitment, our agency will assist individuals who have a disability with any reasonable accommodation requests related to employment, including completing the application process, interviewing, completing any pre-employment testing, participating in the employee selection process, and/or to perform essential job functions where the requested accommodation does not impose an undue hardship. If you have a disability and require reasonable accommodation to ensure you have a positive experience applying or interviewing for this position, please direct your inquiries to our ADAAA Coordinator, Nancy Schmelzer, at cdhs_ada@state.co.us or call 1-800-929-0791. ~THE STATE OF COLORADO IS AN EQUAL OPPORTUNITY EMPLOYER~   Toll Free Applicant Technical Support (https://cdhs.colorado.gov/information-for-job-applicants#technical-support) The State of Colorado offers permanent employees a variety of benefits including medical, dental, life and disability insurance, as well as a comprehensive leave program. Please click the following link for detailed information: www.colorado.gov/pacific/dhr/benefits Please note that each agency's contact information is different; therefore, we encourage all applicants to view the full, official job announcement which includes contact information and class title. Select the job you wish to view, then click on the "Print" icon. 01 The bottom of this job announcement provides links to additional information on how to apply, the assessment process, toll free applicant technical support, and about how the State of Colorado is an equal opportunity employer. Please acknowledge below that you have read the information provided in these links. + This information is available to me and I have read this information. + I am unable to access the links with this information on the job posting. (If you select this option, please contact the recruiter, whose information is listed on this announcement, so that they can send this information directly to you.) 02 Your legal name is used in the hiring process for background checks. Did you use your full legal name in your application? If not, please update your information before submitting your application. + Yes + No 03 If you are a current or former State of Colorado employee, please list your employee number (starts with 997...). Failure to provide this requested information may render your application incomplete, and you may no longer be considered for the position. 04 Former State employees who were disciplinarily terminated or resigned in lieu of termination must disclose the information on the application. In the space below, please provide an explanation as to why the prior termination or resignation should NOT disqualify your application from the current position. 05 This position requires a high level of expertise in privacy regulations, especially HIPAA. How would you approach assessing the BHA's current compliance status? Describe the process you would use to proactively identify potential risks and vulnerabilities and the key metrics or indicators you would use to gauge the organization's overall compliance. 06 A key function of this role is building and maintaining relationships with diverse stakeholders, including internal divisions, external partners, various state agencies and vendors. Describe your approach to building rapport and trust with stakeholders who may have different priorities or perspectives. Provide a specific example of a time you had to collaborate closely with a challenging stakeholder to achieve a shared objective for a critical project. 07 Describe a time you had to communicate a sensitive or complex compliance issue to leadership or a key stakeholder. What was the situation, how did you present the information, and what was the result of that communication? 08 The adoption of new technologies, including artificial intelligence (AI) and machine learning tools, presents unique challenges for privacy and compliance. How would you proactively identify, assess, and mitigate the privacy and security risks associated with the use of AI? Please provide a specific example of a process you would implement to vet and onboard a new AI vendor to ensure they meet HIPAA and other regulatory requirements. 09 Have you reviewed the salary range for this position? If offered, would you accept a salary within that range? Required Question Employer State of Colorado Address See the full announcement by clicking the "Printer" icon located above the job title Location varies by announcement, Colorado, -- Website https://careers.colorado.gov/ Apply Please verify your email addressVerify Email