The HIPAA Security Specialist helps develop, implement, and manage University-wide HIPAA Security projects to include: developing project specifications, writing requests for proposals, determining and allocating internal and external resources, managing external vendors, and meeting timeline expectations.
This employee is responsible for HIPAA security and compliance initiatives and collaborates among divisions within the University to ensure information systems are implemented in accordance with a) the mission of the University, b) HIPAA security standards c) University Policies and d) Federal and State laws and regulations.
Provide oversight, guidance, training, and detailed support to HIPAA Systems Administrators and other employees for HIPAA system security implementation, maintenance, risk assessments, and support; develop and provision HIPAA security awareness training and programs across the University; document and track University HIPAA systems; examine the appropriateness and adequacy of current security awareness program and modify to meet HIPAA security needs for the University.
Collaborate with ITCS to help ensure workforce members receive communications regarding compliant solutions and security controls to ensure all controls are implemented prior to approving the use of appropriate information security applications, storage devices, and internal or hosted systems.
Coordinate and organize additional education, meetings, and sessions to assist workforce members with HIPAA security compliance issues.
Research the latest technology advances related to HIPAA security, provide support and a strong relationship with the Office of Research Integrity and Compliance, Internal Auditing and Management Advisory Services, ECU Legal Affairs, other University departments and leadership, and external parties on HIPAA security compliance requirements.
This employee will collaborate with multiple University personnel, including a very strong relationship with ECUITCS to ensure federal HIPAA regulations and university policies are being met at the University.
Assist the HIPAA Security Officer with initiatives to ensure compliance across the University. Provide resource level support to the University in HIPAA security compliance for adherence to administrative, technical and physical security requirements; research HIPAA regulation and security industry security standards (ISO 27002, NIST, NIH) for HIPAA compliance; review technical, physical and administrative controls for existing, updated and new HIPAA systems and applications for HIPAA Security compliance; conduct business analyses to ensure the business and technical requirements for HIPAA systems have been addressed and integrated into design and function of systems and applications; perform technical and functional application security review for HIPAA systems that store, access or process protected health information (PHI) to determine the existing application security controls and if they meet required controls; conduct information security gap analyses to determine gap between required security controls as specified by HIPAA security regulation, security industry standards, existing security controls, and federal/state laws. Research, create, develop and enforce security policies, practices, standards and procedures that ensure the protection of University information and HIPAA systems as specified by ISO 27002 Information Security Standard, NIST standard, and other state and federal statutes; provide ITCS and distributed IT resources guidance in interpreting HIPAA security compliance requirements and performing application and system HIPAA security assessments.
Serve as the ECUHIPAA Security Specialist and assist in managing the daily HIPAA security activities as well as assist in managing all HIPAA security responsibilities under the guidance of the ECUHIPAA Security Officer. Advise IT and management across the University on HIPAA privacy and security compliance initiatives and practices. Manage and implement University-wide information projects inclusive of developing project specifications, determining and allocating internal and external resources and meeting timeline expectations.
Produce various reports as needed in order to fulfill research of compliance standards. Provide guidance and communication related to HIPAA to IT Security staff as appropriate. Assist in University information security incident response and reporting as required, and participate in HIPAA security incident responses as required.
Assist in research, investigate sensitive data issues for lost or stolen devices. Analyze and report on high risk information security, privacy, and compliance issues to workforce members.
Respond to HIPAA security issues; investigate HIPAA security violations and issue corrective actions for compliance as required by University Incident Response protocols; assist in coordinating responses to state and internal audits; meet with campus departments and consult on HIPAA security and compliance issues; and respond to requests from external agencies.
Assist in and or chair various University committees to represent and provide guidance regarding HIPAA Security compliance standards.
Serve on University and UNC systems information security committees. Report to external regulatory bodies as appropriate. Develop and maintain University HIPAA Security policies, standards and procedures to meet requirements as specified by HIPAA regulation; assist in Office's website developing and maintaining efforts.
Other duties as assigned.
Special Instructions To Application:
East Carolina University requires applicants to submit a candidate profile online in order to be considered for the position. In addition to submitting a candidate profile online, please submit online the required applicant documents:
Curriculum Vitae Letter of Interest List of Three References (noting contact information)
Masters degree in a information technology field or health information technology or Bachelors degree in a information technology or health information technology field and two yrs experience.
Full time or Part time: Full Time
Position Location (city): Greenville
Position Number: 500159
Organizational Unit Overview:
The HIPAA Security section within the Office of Institutional Integrity manages the University's HIPAA securitycompliance program.
It ensures University compliance with federal and state HIPAA security regulations and standards, internal and state HIPAA audits, policy development and enforcement, user awareness and education, incident response and recovery, and user account security for HIPAA systems. The mission of HIPAA Security is to establish a strong compliance program and a secure environment that safeguards the University's electronic protected health information (ePHI).
To be a national model for student success, public service and regional transformation, East Carolina University uses innovative learning strategies and delivery methods to maximize access; prepares students with the knowledge, skills and values to succeed in a global, multicultural society; develops tomorrow's leaders to serve and inspire positive change; discovers new knowledge and innovations to support a thriving future for eastern North Carolina and beyond; transforms health care, promotes wellness, and reduces health disparities; and improves qualify of life through cultural enrichment, academics, the arts, and athletics. We accomplish our mission through education, research, creative activities, and service while being good stewards of the resources entrusted to us. East Carolina University delivers on the promise of opportunity. We open doors. We improve lives. We transform the present, and we discover the future. In these ways and more, we serve our community, our state, our nation and our world as together we reach toward our greatest potential. Tomorrow starts here.