Privacy and Security Officer at HealthInsight

• Responsible for implementing, managing and enforcing information security derivatives within regulatory mandates to protect PHI including, the Health Insurance Portability and Accountability Act, the American Recovery and Reinvestment Act provisions
• Ensures the ongoing integration of information security with business strategies and privacy requirements
• Works closely with operational and support units for ongoing optimal application of technology functionality to protect PHI, including the identity management program
• Leads information security awareness and training initiatives to educate workforce about policies, procedures and information risks; coordinates with state-based information systems security officers
• Conducts risk analyses to assess the probability of risks occurring and the impact on the organization
• Creates an information security risk mitigation plan based on sound risk analysis
• Performs ongoing security audits to assess effectiveness of policies/procedures and systems security safeguards
• Works with contractual and other activities with vendors, outside consultants, business associates, and other third parties to improve information security practices
• Leads the security incident response team in prevention, investigation, mitigation, and reporting activities; ensures appropriate enforcement sanctions for information security breaches
• Responsible for budget related activities for the security program
• Manages complaint and incident preventative and investigative programs related to security policies
• Carries out periodic security risk assessments in conjunction with privacy requirements
• Manages the security audit program; coordinates action plans for applicable departments to make improvements, when necessary
• Documents and maintains risk analysis and remediation actions taken by the organization to reduce information security risks
• Manages retention of performance improvement activity documentation for security functions and compliance responsibilities
• Recommends system enhancements via capital and operational budget planning to keep pace with privacy and security and technology advances
• Coordinates security survey regulatory activities and participates in accreditation surveys with external survey bodies
• Participates in HealtHIE Nevada’s internal quality improvement activities as appropriate
• May delegate certain duties to appropriate individuals