The Protected Health Information Security Officer – (Security Analyst IV) is responsible for building a strategic and comprehensive information security program for Texas A&M University that minimizes risk and ensures integrity, confidentiality and availability of electronic protected health information (ePHI).
Duties Performed: Assist the Privacy Officer, as needed, in incident response management and breach determination and notification process under Health Insurance Portability and Accountability Act (HIPAA) and applicable state requirements. Work closely with the Privacy Officer on compliance issues to ensure alignment between security and privacy compliance and serve as the official point of contact to the Office of the Vice President and Chief Information Officer on health information security compliance matters ensuring the organization is compliant.
Overseeing and ensuring compliance with administrative, technical and physical safeguards in accordance with applicable federal and state laws, including HIPAA Security Rule; developing, implementing and maintaining information security policies, standards and procedures; providing privacy training and education related to the security of ePHI; performing initial and ongoing information security risk assessments; evaluating security trends, evolving threats, risks and vulnerabilities and applying tools to mitigate as necessary; monitoring program compliance; ensuring organization has audit controls to monitor activity on electronic systems that contain or use ePHI; and overseeing periodic monitoring and reviewing of audit records.
Cooperate with governmental agencies and other legal entities on compliance reviews or investigations. Maintain current knowledge of applicable federal and state security laws, licensing and certification requirements and accreditation standards.
Participate in training and professional development sessions. Perform other duties as assigned.
Required Education and Experience: Bachelor’s degree in information systems or related healthcare field. Eight years of experience related to information technology security, which includes three years of experience in healthcare information technology security.
Preferred Education and Experience: Higher degree in information systems or related healthcare field. Experience working with legal, audit, and compliance professionals. Experience with electronic health record platforms. Experience in developing and administering an information security program. Experience in an academic medical center or institution of higher education.
Preferred Licenses, Certifications, or Registrations: Certification in Healthcare Privacy and Security (CHPS) and/or other healthcare related industry related credential. Information Security certifications such as the Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Manager Certification (CISM).
Required Special Knowledge, Abilities, and Skills: Knowledge and experience in state and federal information security laws and applicable regulations, including but not limited to HIPAA, including NIST. Demonstrated excellent project management, written and oral communication skills, presentation and facilitation skills. Ability to work independently, prioritize and work on deadline. Ability to effectively persuade and negotiate with peer level or senior managers and/or with external agencies on compliance issues. Ability to travel to attend/present training and coordinate compliance activities. Must be able to work in a collaborative team environment. Ability to multi-task and work cooperatively with a diverse range of people. Must have strong interpersonal skills.
Preferred Special Knowledge, Abilities, and Skills: Experience with EPIC, an electronic health record platform.
Additional Salary Information: Commensurate - Starting salaries for positions may be negotiable based on qualifications.