What You’ll Do

Privacy Program Leadership & Governance 

• Lead the development, implementation, and continuous improvement of the organization’s enterprise-wide privacy program across all facilities and affiliated entities  

• Establish scalable governance structures, including defined roles, responsibilities, and accountability across corporate and facility-level operations  

• Develop and maintain privacy policies, procedures, and standardized workflows aligned with regulatory requirements and operational needs  

• Build frameworks to support privacy oversight in a multi-site, multi-state environment  

Regulatory Compliance & Risk Management 

• Ensure compliance with applicable laws and regulations, including:  

• Health Insurance Portability and Accountability Act (HIPAA)  

• 42 CFR Part 2  

• State-specific privacy and behavioral health confidentiality laws  

• Interpret and operationalize complex regulatory requirements in environments involving shared services and cross-entity data flows  

• Conduct enterprise-wide HIPAA risk assessments and implement mitigation strategies  

• Monitor regulatory developments and update organizational practices accordingly  

Incident Response & Investigations 

• Manage software systems used to intake, investigate, and resolve privacy incidents and potential breaches  

• Conduct breach risk assessments and determine notification obligations  

• Coordinate with legal, compliance, IT/security, and affiliated entities on privacy incident response and remediation  

• Identify root causes and implement corrective actions to prevent recurrence  

Data Use Strategy Oversight  

• Advise on privacy implications of strategic initiatives, including:  

• New service lines and facility expansions  

• Joint ventures and partnership arrangements  

• Digital health, telehealth, data analytics, and artificial intelligence initiatives  

• Review and structure data use agreements, authorizations, and minimum necessary determinations  

• Provide practical, risk-based guidance to enable compliant data use while supporting business objectives  

Monitoring and Auditing 

• Design and execute privacy monitoring and auditing activities, including system access reviews and compliance with data sharing restrictions  

• Track, analyze, and report privacy risks, trends, and key performance indicators to senior leadership  

• Identify systemic issues and drive enterprise-wide corrective actions  

Training and Education 

• Develop and deliver privacy training programs tailored to clinical, operational, and affiliated entity staff  

• Administer and maintain privacy policies in Acadia’s policy management system, ensuring all privacy-related codes, policies, and procedures are current, accurately documented, and accessible to employees 

• Promote a culture of privacy awareness and accountability, particularly in behavioral health settings  

• Provide ongoing guidance and real-time support to leadership and frontline teams  

Cross-Functional Collaboration 

• Partner with compliance, legal, IT/security, clinical leadership, operations, and business development to align privacy practices with organizational goals  

• Support enterprise initiatives requiring privacy input, including system implementations, integrations, and partnerships 

Joint Ventures and Business Development Oversight  

• Design and implement privacy frameworks for joint ventures, partnerships, and affiliated entities  

• Determine appropriate entity classifications (e.g., covered entity vs. business associate) and structure compliant data sharing arrangements  

• Establish governance models for privacy oversight across partially owned or managed entities  

• Identify and mitigate risks related to:  

• Cross-entity data sharing  

• Shared systems (e.g., EMRs)  

• Blurred operational boundaries (e.g., shared staff or services)  

• Partner with legal and business development on transaction structuring, diligence, and post-close integration  

STANDARD EXPECTATIONS: 

• Must be able to maintain productive working relationships and treat fellow employees with respect. 

• Has contact with: All levels of Acadia Healthcare employees, outside vendors/consultants, and occasionally, regulatory bodies 

• Review and synthesize complex regulations and data into clear, actionable reporting 

• Support Acadia Healthcare's mission to provide high-quality behavioral healthcare services while maintaining the highest standards of compliance and ethics 

EDUCATION/EXPERIENCE/SKILL REQUIREMENTS: 

• Bachelor’s degree in healthcare administration, law, public health, or a related field required  

• 8–12+ years of experience in healthcare privacy, compliance, or regulatory roles  

• Deep knowledge of HIPAA and 42 CFR Part 2 

• Familiarity with electronic medical record (EMR) systems and privacy controls 

• Demonstrated experience supporting privacy programs in multi-site/multi-state healthcare organizations, including joint ventures or affiliated networks  

• Strong understanding of data governance, data sharing frameworks, and regulatory risk in complex organizational structures  

• Experience conducting privacy investigations, risk assessments, and audits  

• Ability to interpret complex regulations and translate them into practical, operational guidance  

• Strong analytical, problem-solving, and decision-making skills  

• Excellent written and verbal communication skills, with the ability to influence across all levels of the organization  

• Proven ability to work independently and exercise sound judgment in a fast-paced healthcare environment 

• Experience in Behavioral Health or Substance Use Disorder compliance preferred 

LICENSES/DESIGNATIONS/CERTIFICATIONS: 

• PREFERRED: CIPP/US, CHC, CHPC 

SUPERVISORY REQUIREMENTS:  

​​This position is an Individual Contributor​ 

While this job description is intended to be an accurate reflection of the requirements of the job, management reserves the right to add or remove duties from particular jobs when circumstances  
(e.g. emergencies, changes in workload, rush jobs or technological developments) dictate.