COVID-19 Vaccination Information

Across UPMC, our guiding principle is to always prioritize the safety of our employees, patients, and members. UPMC believes that vaccination is important, helps protect all, and advocates that everyone who can be vaccinated should be vaccinated.

UPMC complies with all governmental requirements related to local, state, and federal COVID-19 vaccination for employment. The Jan. 13 Supreme Court of the United States decision that the Centers for Medicare & Medicaid Services federal COVID-19 vaccine mandate will move forward requires UPMC to ensure employees either get vaccinated or receive a requested medical or religious exemption.

If you are not yet vaccinated, we urge you to get a vaccine now. You can schedule your COVID-19 vaccination through UPMC or visit a non-UPMC provider or UPMC Urgent Care location.

Proof of vaccination is not required upon hire; however, employees will be responsible for ensuring post-hire compliance by getting vaccinated or requesting a medical or religious exemption.

For more information about UPMC’s response to COVID-19, please visit

Search Our Jobs

   Current UPMC employees must apply in HR Direct

Manager, Patient/Consumer Privacy (PSD Division)

  • Job ID: 365174823
  • Status: Full-Time
  • Regular/Temporary: Regular
  • Hours:
  • Shift: Day Job
  • Facility: Corporate Information Services
  • Department: System Security IT
  • Location: 3600 Forbes Ave, Pittsburgh PA 15213
  • Union Position: No
  • Salary Range: $31.08 to $52.46 / hour


UPMC is looking for a Manager for their Patient/Consumer Privacy (PSD Division). This role will be Remote however would like someone local to the PA area in order to attend onsite meetings a few times a year.


Under the direction of the Sr. Manager, Patient/Consumer Privacy, the Manager, Patient/Consumer Privacy (PSD Division) coordinates and supports the development and management of a robust privacy compliance program for UPMC's Physician Services Division (PSD) and other physician practices within its jurisdiction. This position ensures compliance with all relevant and applicable privacy laws, regulations, standards and requirements in a manner that continually supports the business and operational areas.

Why work at UPMC?

  • At UPMC, we develop strong leaders who support and engage incredible team members. Together, we create an exceptional UPMC Experience for our co-workers and our patients.
  • A recent study showed that UPMC benefits are 20% higher in value than other health care providers in our market. UPMC offers tuition reimbursement, competitive pay, generous paid time off, and much more.
  • AWARD-WINNING WORKPLACE: Ranked #1 for Best Places to Work for Women & Diverse Managers by the Diversity MBA.
  • We have a rewarding career ladder to grow your career with UPMC.


  • Manage team of Privacy Analysts whose primary function is the investigation, review, and logging of privacy complaints and breaches.
  • Conducts and / or coordinates the review of potential privacy violations and security breach investigations.
  • Assists in communications with patients regarding privacy matters (questions, complaints, etc.).
  • Ensures compliance with applicable privacy laws, regulations, standards and practices.
  • Develops, directs, and/or delivers privacy training for various individuals and groups within PSD’s jurisdiction.
  • Oversees and conducts periodic risk assessments and gap analyses for HIPAA and other applicable privacy regulations.
  • Responds to, coordinates responses to and/or assists in responding to governmental privacy inquiries and complaints (including the HHS Office of Civil Rights).
  • Develops and manages effective privacy remediation and corrective action processes to ensure privacy issues are effectively addressed in a timely manner.
  • Maintains the UPMC HIPAA Notice of Privacy Practices, and any other legal or regulatory documents, and ensures distribution to PSD offices.
  • Develops and delivers clear, effective and timely reports and updates for senior management and/or the Board of Directors regarding privacy program effectiveness, initiatives and issues, including all relevant privacy metrics, dashboards and information.
  • Provides clear and effective reports to management, the business, operational areas and other internal/external parties regarding new or prospective privacy laws, regulations, industry standards and best practices.
  • Manages the OPCP PSD Division staff consistent with UPMC's management expectation, policies and directives.
  • Develops and maintain clear and effective policies and procedures that follow applicable laws, regulations, standards and practices.
  • Integrates newly acquired and affiliated organizations and/or practices into UPMC's privacy program.
  • Develops and manages clear and effective privacy monitoring processes to ensure the proper and timely detection of potential privacy issues.
  • Develops communications and awareness materials and performs outreach to ensure compliance with UPMC's privacy policies and directives.
  • Collaborates with other departments, such as Corporate Compliance and the OPCP’s Corporate and Hospital Privacy Division.
  • Assesses the impact of privacy laws applicable to newly acquired and affiliated organization, ensuring that plans are established and executed to address any required changes.
  • Trains new privacy officers and analysts.
  • Performs mandatory reporting within the mandated timeframes.
  • Keeps up-to-date on any new and changing privacy regulations, including all relevant laws, rules, industry standards, organization practices and technology initiatives.
  • Monitors advancements in privacy practices, standards and technologies.
  • Delegates the responsibilities set forth herein as appropriate to OPCP staff and entity privacy officers.




  • Bachelors degree required 5 years of relevant healthcare privacy experience and 2 years of progressive leadership experience in healthcare privacy or a related field required
  • CIPP and/or Healthcare Privacy Compliance certification preferred.
  • Strong subject matter expertise and knowledge of all relevant privacy laws, regulations, industry standards and best practices.
  • Excellent oral, listening and written communication skills.
  • Strong computer and IT skills preferred. Relevant knowledge about information security and the inherent interplay between privacy and cybersecurity preferred.
  • Must have strong analytical and organizational skills as well as problem solving capabilities to ensure that business plans and strategies do not subject the organization to any legal or regulatory violations and/or undue risk or exposure. Strong partnership, relationship, consensus and coalition-building skills required.
  • Strong emotional intelligence and self-awareness required.
  • The role requires a manager who strikes the optimal balance between strategically navigating the compliance requirements and business needs in a manner that is nuanced and mutually reinforcing.
  • Strong strategic, business, operational and leadership mindset and skills required.
  • Highly consultative and partnership-oriented in approach.
  • Strong and reliable judgment and discretion required.
  • Ability to identify and navigate various privacy-related issues independently and self-sufficiently.
  • Strong ethical compass and integrity capital required.

Licensure, Certifications, and Clearances:
CIPP, CHPC, or equivalent certification preferred
Act 34

UPMC is an Equal Opportunity Employer/Disability/Veteran

Total Rewards

More than just competitive pay and benefits, UPMC’s Total Rewards package cares for you in all areas of life — because we believe that you’re at your best when receiving the support you need: professional, personal, financial, and more.

Our Values

At UPMC, we’re driven by shared values that guide our work and keep us accountable to one another. Our Values of Quality & Safety, Dignity & Respect, Caring & Listening, Responsibility & Integrity, Excellence & Innovation play a vital role in creating a cohesive, positive experience for our employees, patients, health plan members, and community. Ready to join us? Apply today.

   Current UPMC employees must apply in HR Direct

Security Alert

We are aware of scams targeting UPMC and other large companies that involve individuals posing as employees to illegitimately conduct interviews and extend false employment offers and payments to gain access to candidates' personal information. Please note that UPMC will not communicate with candidates through third-party email services like Gmail or Yahoo. While some interviews may take place via a video conferencing service, UPMC Talent Acquisition will not conduct interviews via Skype or Google Hangouts. UPMC will never ask for or disburse funds during the recruitment process. If you are hired into a role with a sign-on bonus or similar incentive, funds will be paid to you by UPMC after your start date.

If you suspect you have been a victim of a fraudulent UPMC job offer, please report the attempt using this form.