• HIPAA Security Officer

    Job Locations US-NC-Gastonia
    Posted Date 2 weeks ago(4/10/2018 3:17 PM)
    Job ID
    # of Openings
    Information Technology
  • Overview

    Excellent Benefits Package!!!

    Projected Hiring Range:  $47,500 – $50,000


    Closing Date: Open Until Filled


    Primary Purpose of Position: This position serves as the HIPAA Security Officer for the organization and is responsible for the development, management and oversight of HIPAA Security compliance. This position develops, manages, audits, and implements effective policies, practices, and procedures that protect the confidentiality, integrity, and availability of electronic protected health information (e-PHI). This position is responsible for assuring the organization is compliant with the HIPAA Security Rule and other related state and federal requirements around e-PHI, while balancing organizational needs. This position is expected to be the subject matter expert (SME) as it relates to HIPAA Security and related protection of e-PHI.



    Role and Responsibilities:

    • Responsible for the overall management and oversight of e-PHI.
    • Maintains current and appropriate body of knowledge necessary to perform HIPAA Security functions and compliance assurance.
    • Maintains working knowledge of legislative and regulatory initiatives. Interprets and translates requirements for implementation and ongoing management.
    • Develops appropriate e-PHI security policies, standards, tools, guidelines and procedures.
    • Provides meaningful input, prepares effective presentations and communicates HIPAA Security objectives.
    • Participates in short and long-term planning.
    • Oversees, directs, delivers, and/or facilitates delivery of HIPAA Security training and orientation to the Partners workforce as well as volunteers, contractors, business associates, and other appropriate third parties who may have access to e-PHI.
    • Establishes, with management and operations, a mechanism to track access to protected health information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
    • Ensures compliance with security practices and consistent application of sanction referrals for failure to comply with security policies for all individuals in the organization’s workforce, extended workforce, and for all business associates, in cooperation with Human Resources, the HIPAA Privacy Officer, Chief Compliance Officer, and legal counsel, as applicable.
    • Serves as an active member of the Regulatory Compliance Committee.
    • Investigates allegations/concerns of potential noncompliance and works effectively and tactfully to address any identified deficiencies. Assuring case documentation is accurate and appropriately maintained.
    • Participates in external oversight reviews for national accreditation, external quality reviews (EQR) and other regulatory reviews.
    • Maintains current knowledge of applicable federal and state laws and accreditation standards, and monitors. advancements in information security technologies to ensure organizational adaptation and ongoing compliance.
    • Cooperates with the Office of Civil Rights (OCR), the NC DHHS HIPAA Officers, and other oversight agencies related to any compliance reviews or investigations.
    • Assures reporting of applicable HIPAA breaches/incidents to external regulatory agencies as required (ie: OCR & NCDHHS).
    • Performs and/or facilitates HIPAA Security Risk Assessments and audits, developing action plans to address any findings.
    • Leads ongoing HIPAA Security awareness and training efforts to educate the workforce.
    • Works with vendors, outside consultants, and other third parties to improve e-PHI security within the organization.
    • Manages HIPAA Security incident reporting and electronic case management system (currently EthicsPoint).
    • Develops and manages the annual HIPAA Security initiatives of the HIPAA Workplan.
    • Ensures e-PHI access, disaster recovery, business continuity, incident response, and risk management needs of the organization are properly addressed and in compliance with state and federal requirements.
    • Serves as the HIPAA Security Liaison for the organization on the North Carolina Healthcare Information and Communication Alliance (NCHICA) and other external groups as designated.


    Knowledge, Skills and Abilities:

    • Effective negotiation & consensus building skills
    • In-depth understanding of network and system security technology and practices across all major-computing areas (mainframe, client/server, PC/LAN, telephony) with a special emphasis on Internet related technology.
    • A high level of integrity and trust
    • Knowledge of HIPAA, state and federal guidelines on e-PHI privacy, transactions and security, as well as the National Institutes of Standards and Technology (NIST).
    • Working knowledge and understanding of all hardware and software applications applicable to this organization and/or ability to quickly learn
    • Strong technical skills (application and operating systems, vulnerability assessments, security audits, intrusion detection systems, firewalls, data scrubbing, ransomware prevention and response, breach prevention and response, etc.)
    • Excellent interpersonal and communication skills (both orally and in written form)
    • Ability to weigh business risks and enforce appropriate information security measures
    • HIPAA Security experience in the health care industry.
    • Extensive familiarity with health care relevant legislation and standards for the protection of health information and e-PHI privacy.
    • Effective project management skills.
    • A working knowledge of all aspects of information security is essential, as is the ability to apply this knowledge in an open network environment.



    Education and Experience Required:

    Bachelor’s degree in Information Technology or equivalent certification. At least 3 years of HIPAA Security work experience is required, with both public and private sector experience preferred.


    Education and Experience Preferred:

    Preferred Professional certification, e.g. Certified in Healthcare Privacy and Security (CHPS), Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) or other related certification.




    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed