Role Description
The HIPAA Subject Matter Expert supports the Health and Human Services (HHS), Office for Civil Rights (OCR) promoting the right to access health information and protection of the privacy and security of this information. These highly trained and highly skilled consultants and analysts are integral to the success and performance of OCR and to further OCRβs mission.
Qualifications
-
Minimum educational experience is a Bachelorβs degree from an accredited university with a focus on Cybersecurity, Computer Science, Information Sciences, or other comparable fields of study.
-
Preference will be given to candidates with relevant industry certifications from CISSP, CISM, CIPP/CIPT/CIPT.
Requirements
-
Must be able to obtain and maintain the required customer clearance for access to systems, facilities, equipment, and property.
-
Ten (10) years of relevant cybersecurity experience is preferred.
-
Experience in auditing and generating audit reports is required.
-
Fundamental knowledge of basic systems analysis.
-
Knowledge of a broad range of relevant computer systems, applications, and/or related equipment.
-
Knowledge of computer security procedures and protocol.
-
Basic knowledge of advanced operating system, network, or application management tasks.
-
Knowledge of current technological developments/trends in area of expertise.
-
Knowledge of federal copyright laws as they pertain to the use of computer software.
-
Ability to integrate emerging technologies and applications into the current environment and to identify technical specifications to meet user needs including operating system and network or application configuration.
-
Skills in planning, organizing, and adapting within a multi-tasking environment.
-
Strong interpersonal skills, flexibility, and customer service orientation.
-
Ability to gather facts and data for technical proposals and to expand upon them or develop alternatives and to evaluate emerging technologies and identify their potential impact within the existing environment.
-
Ability to analyze complex computer problems and provide solutions.
-
Ability to communicate effectively, both orally and in writing.
-
Ability to communicate technical information to non-technical personnel.
-
Ability to develop and deliver presentations.
Key Duties and Responsibilities
-
Reviews security and privacy complaints, data breach notification and cybersecurity incident reports and other correspondence and evidence to determine whether complaints, self-reported breaches or breach notification reports indicate non-compliance with the HIPAA Security Rule.
-
Evaluates and determines the technical sufficiency of submissions from HIPAA covered entities and business associates in response to data and documentation requests.
-
Documents processes, standard operating procedures and system requirements; develops reports summarizing the analysis along with formulating recommendations for OCR to consider for future action.
-
Develops written reports with technical security analyses, summaries, and recommendations for action, reports on root causes of problems, efficiency, and support needs.
-
Provides expertise in the development and evaluation of health information privacy policies and technologies, specifically regarding protected health information; deidentified/re-identified health information; limited data sets.
-
Provides subject matter expert analysis, evaluation, and recommendations based on national security standards (NIST), industry best practices from the International Organization for Standardization and implementation specifications of the HIPAA Security Rule.
-
Provides DIN designing, implementing, and managing information security, data protection, and risk management programs, including policies, procedures, and controls for protected health information based on HIPAA requirements.
-
Provides advisory expertise in the areas of risk analyses, vulnerability assessments, incident response, security architecture, physical security, business continuity and disaster recovery, enterprise mobility, threat intelligence and analysis, security awareness and online safety, and resolution of highly complex security projects and issues.
-
Works well with programmers, developers, content managers, and other key personnel in an interactive development situation.
Physical Demands
Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic. The physical demands described here are representative of those that must be met by an employee to perform successfully the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job.
Benefits
-
Medical
-
Dental
-
Vision
-
401(k) Immediate Vesting
-
Professional Development Assistance
-
Legal Aid Assistance Program
-
Family Planning/Fertility Assistance
-
Personal Time Off
-
Observance of Federal Holidays
-
Employee Assistance Program (EAP)
-
Training and Development Opportunities
*Please note, that this position is contingent upon the award or funding. The essential duties, experience, education requirements, and salary are subject to change.*
The estimated pay range for this role is $125K to $135K, with the final offer contingent on location, skillset, and experience.