In a professional, multidisciplinary environment, while maintaining a broad knowledge of state-of-the-art technology, equipment and systems the Privacy and Security Officer is responsible for the administration of the information security program and maintaining the confidentiality, integrity and availability of data within the organization’s information systems for the Health Information Exchange. The Privacy and Security Officer has oversight of the risk assessment process, development of policies, standards, and procedures, testing, and security reporting processes. The Privacy and Security Officer oversees the computer systems infrastructure to safeguard protected health information (PHI) and business information assets following HIPAA guidelines. The Privacy and Security Officer provides periodic updates to the board or senior management. The Privacy and Security Officer Role is supported through HealthInsight’s Privacy and Security Management Program.

• Responsible for implementing, managing and enforcing information security derivatives within regulatory mandates to protect PHI including, the Health Insurance Portability and Accountability Act, the American Recovery and Reinvestment Act provisions
• Ensures the ongoing integration of information security with business strategies and privacy requirements
• Works closely with operational and support units for ongoing optimal application of technology functionality to protect PHI, including the identity management program
• Leads information security awareness and training initiatives to educate workforce about policies, procedures and information risks; coordinates with state-based information systems security officers
• Conducts risk analyses to assess the probability of risks occurring and the impact on the organization
• Creates an information security risk mitigation plan based on sound risk analysis
• Performs ongoing security audits to assess effectiveness of policies/procedures and systems security safeguards
• Works with contractual and other activities with vendors, outside consultants, business associates, and other third parties to improve information security practices
• Leads the security incident response team in prevention, investigation, mitigation, and reporting activities; ensures appropriate enforcement sanctions for information security breaches
• Responsible for budget related activities for the security program
• Manages complaint and incident preventative and investigative programs related to security policies
• Carries out periodic security risk assessments in conjunction with privacy requirements
• Manages the security audit program; coordinates action plans for applicable departments to make improvements, when necessary
• Documents and maintains risk analysis and remediation actions taken by the organization to reduce information security risks
• Manages retention of performance improvement activity documentation for security functions and compliance responsibilities
• Recommends system enhancements via capital and operational budget planning to keep pace with privacy and security and technology advances
• Coordinates security survey regulatory activities and participates in accreditation surveys with external survey bodies
• Participates in HealtHIE Nevada’s internal quality improvement activities as appropriate
• May delegate certain duties to appropriate individuals

• Bachelor’s degree in information systems, computer sciences, health information management or related field, plus two years of experience in health care including public health, or other health care-related profession; or a Master’s degree in health care-related field plus one year of experience in health care including health informatics, public health, or other health care-related profession; or a relevant combination of education and experience
• Health Information Technology and/or information technology experience desirable but not required
• Certified Information System Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Healthcare Privacy and Security (CHPS) or other related security certifications preferred
• Availability to travel as necessary

• Two years of experience and skill in word processing, basic spreadsheet and presentation software applications; familiarity with database software programs (Microsoft Office).
• Excellent oral and written communications skills.
• Excellent interpersonal and problem-solving skills.
• Ability to organize and coordinate multiple simultaneous tasks in a team environment.
• Knowledge of health care and clinical information system related standards
• Knowledge of information security standards, rules and regulations related to information security and data confidentiality (e.g. HIPAA, FISMA, NIST, etc.)
• Knowledge of risk assessment and management methodology and principles for risk identification, analysis, and mitigation