Chief Privacy Officer: Job Description, Salary and Career Outlook

man interacting with a holographic lightboard touching a padlock icon and the words data protection

Due to regulations mandated by the Health Insurance Portability and Accountability Act (HIPAA), healthcare organizations are required to designate a privacy official dedicated to compliance with privacy laws.

In many organizations, that official is a Chief Privacy Officer (CPO), an executive position charged with developing and implementing the policies a company will adhere to in protecting customer and employee data.

With the General Data Protection Regulation (GDPR) going into effect in the European Union, there is no shortage of need for privacy professionals working in any business that comes into contact with European consumers, healthcare included. GDPR requires companies to have data protection professionals in place, just as HIPAA does.

Privacy is a hot topic in light of recent high-profile cases of data misusage and breaches. According to the International Association of Privacy Professionals (IAPP), this environment has created a heavy demand for privacy professionals.

Job Duties for a CPO

CPOs play an important role developing and managing budgets, prioritizing projects, planning strategies, execution, and procedures related to compliance with regulatory requirements regarding privacy. They also lead staff development and create a culture of serving business units effectively.

In addition to this, HIMSS North America also lists the following responsibilities under the CPO:

  • Works with organization senior management, security and corporate compliance officer to establish governance for the privacy program
  • Serves in a leadership role for privacy compliance
  • Collaborates with the information security officer to ensure alignment between security and privacy compliance programs including policies, practices and investigations
  • Acts as a liaison to the information systems department
  • Establishes, with the information security officer, an ongoing process to track, investigate and report inappropriate access and disclosure of protected health information
  • Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation and remediation
  • Conducts related ongoing compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions
  • Takes a lead role to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organization and legal practices and requirements
  • Participates in the development, implementation, and ongoing compliance monitoring of all business associates and business associate agreements to ensure all privacy concerns, requirements, and responsibilities are addressed.

This is not an exhaustive list of the duties a CPO may have to execute, merely some of this position’s core functions. The CPO must also work with the organization’s human resources department to ensure compliance with privacy policies and apply punishments to employees and business associates who fail to do so.

Job Growth and Salary

The BLS does not list data specific to the position of chief privacy officer. However, marketplace trends and industry developments seem to indicate that these professionals will be in demand in the coming years.

A 2014 report from the IAPP found that 33% of Fortune 1000 companies planned to create positions focused on privacy in the coming years.

The IAPP also conducted its bi-annual salary review of privacy professionals, including CPOs, in 2017. It concluded that the average salary of CPOs had continued to grow from 2015 numbers, with the average CPO earning a base salary of $188,200 per year.

Education and Skills

Given the extent of knowledge and experience required regarding state and federal privacy laws, these professionals commonly come from legal or regulatory backgrounds. While a bachelor’s degree is all that is required, a master’s degree in fields related to health information management is preferred, according to HIMSS.

Required skills include effective communication through both written and verbal formats, the ability to exert influence over employees who are not direct reports, knowledge of international privacy laws, investigative and analytical skills as well as the ability to manage teams through conflict resolution, consensus building and meeting management.

Additional certifications that can prove useful include the IAPP’s CIPP, CIPM and CIPT certificates as well as the CHPS certification from the American Health Information Management Association (AHIMA).

*National long-term projections may not reflect local and/or short-term economic or job conditions, and do not guarantee actual job growth. Information provided is not intended to represent a complete list of hiring companies or job titles, and program options do not guarantee career or salary outcomes. Students should conduct independent research for specific employment information.

YES! Please send me a FREE guide with course info, pricing and more!
Facebook
Twitter
LinkedIn

Academic Calendar

SPRING II – 2024

Application Deadline February 16, 2024
Start Date March 4, 2024
End Date April 28, 2024

SUMMER I – 2024

Application Deadline  April 12, 2024
Start Date  April 29, 2024
End Date  June 23, 2024

SUMMER II – 2024

Application Deadline June 7, 2024
Start Date June 24, 2024
End Date August 18, 2024

FALL I – 2024

Application Deadline  August 2, 2024
Start Date  August 19, 2024
End Date  October 13, 2024

FALL II – 2024

Application Deadline September 27, 2024
Start Date October 14, 2024
End Date December 8, 2024

Get Our Program Guide

If you are ready to learn more about our programs, get started by downloading our program guide now.