Location: Albany NY
Duration: 18 months
Positions: 1
Mandatory Requirements
1. Three years of legal experience with significant responsibility for developing and implementing policies and procedures that ensure compliance with federal, state, or local laws and regulations, and data systems security and data administration. Preferably a lawyer.
2. Three years experience in information privacy laws, access, release of information and release control technologies within a state supervised, locally administered program. Three years experience working directly with HIPAA security.
3. Demonstrated strong written and oral communication skills.
4. Three years experience working with Program and Technical
requirements and their impacts on one another, and the facilitation of communications between users, IT staff and stakeholders.
5. Bachelor’s Degree
6. Two years of work related experience is required
7. Experience in organizing, analyzing and understanding business
processes and workflows, developing procedures manuals, etc.
8. Two references
Job Description:
The Division of Juvenile Justice and Opportunities for Youth electronic system, the Juvenile Justice Information System (JJIS) now includes medical information regarding services that were provided by OCFS staff. This change has created the need for HIPAA compliance; the sharing of medical and mental health information is a requirement of the DOJ settlement. We are working with the NYS Office of Mental Health (OMH) to incorporate Mental Health staff and their information with OCFS staff. OMH requires that our systems be HIPAA compliant.
We may not be able to have this working relationship with OMH, and would have difficulty with HIPAA compliance, without this person dedicated to developing procedures and rules for OCFS to become HIPPA compliant.
In addition to the HIPAA compliance the incumbent will be responsible for ensuring the agency adheres to the policies, procedures and standards put forth by the New York State Cyber Security and Critical Infrastructure Coordination Office (CSCIC), Office of Technology (OFT) as well as various regulations and Executive Orders, in order to keep OCFS data secure. The incumbent, with the help of a project team, will develop and maintain information security policies, standards and procedures for the agency along with providing security training and awareness programs that educate OCFS employees, contractors and vendors with regard to OCFS’ information security requirements. The position will be responsible for reviewing and assessing new technology and applications that are developed or used by the agency to support the agency’s mission.
This person will be responsible for monitoring regulatory requirements, developing HIPAA privacy and security programs, and implementing appropriate strategies to promote compliance. Therefore the position would need to posses legal experience and knowledge of HIPAA-related rules and regulations; techniques of administrative and organizational systems analysis; principles and practices of project planning, monitoring, and evaluation; methods of research including the use of automated systems. The position will direct staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and IT risks, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of policies and procedures.
This person will inform and monitor requirements for contingency plans for medical data security including data backup plans, disaster recovery, emergency mode operation plans, and applications and data criticality analyses; works with affected departments to develop physical safeguards for data security such as facility access and security procedures, contingency procedures for disaster recovery, and a recording process for maintenance related to security
This person would receive and respond to complaints regarding alleged breaches of the Agency’s HIPAA policies and procedures; ensures complaints are acted upon in a timely manner; coordinates and conducts investigations into complaints; recommends appropriate corrective measures, including sanctions if justified by the results of the investigation.
No comments:
Post a Comment