PSO IT Security Specialist

Key Responsibilities:

Security Management & Compliance:

· Ensure the EHR system is secure and compliant with federal, state, and organizational security policies, including HIPAA, HITECH, and other applicable regulations.

· Monitor and enforce the appropriate use of EHR access controls, ensuring that users have the correct level of access based on their roles.

· Conduct regular security audits of the EHR system, identifying and mitigating risks or vulnerabilities.

· Develop and maintain security policies, procedures, and guidelines specific to the EHR environment.

· Coordinate with the stakeholders to implement and maintain security tools, such as firewalls, intrusion detection/prevention systems, and encryption mechanisms, as applicable to the EHR system.

Access Controls & User Management:

· Oversee user provisioning and de-provisioning, ensuring appropriate access to the system for all employees and contractors.

· Manage and audit role-based access controls (RBAC) for the system, ensuring that users have the correct level of access for their duties.

· Ensure that system logs and user access records are maintained for auditing purposes, and work with internal audit teams to ensure compliance.

Incident Response & Risk Management:

· Respond to and investigate security incidents related to the EHR system, ensuring timely resolution and proper reporting to relevant stakeholders.

· Perform risk assessments on new modules or integrations within the EHR, identifying potential security vulnerabilities and developing mitigation strategies.

· Coordinate with clinical, IT, and legal teams on breach notification processes in compliance with regulatory requirements.

Collaboration & Coordination:

· Collaborate with the EHR implementation and optimization teams to ensure that security measures are integrated into the deployment of new features, updates, and third-party applications.

· Work closely with other members of the IT security team to ensure alignment between EHR security and overall organizational cybersecurity strategies.

· Participate in governance and compliance meetings, offering insights and reports on EHR security.

Continuous Improvement:

· Stay informed about emerging security threats, technologies, and best practices related to EHR systems.

· Recommend improvements and optimizations to the EHR security environment based on industry trends and emerging threats.

Qualifications:

Education:

· Bachelor’s degree in information technology, Computer Science, Cybersecurity, or a related field. Relevant work experience may substitute for formal education.

· Security Certifications (e.g., CISSP, CISM, HCISPP) are highly desirable.

Experience:

· 3-5 years of experience in IT security, preferably within the healthcare industry.

· Prior experience with EHR systems is preferred.

· Experience with HIPAA compliance, healthcare IT security audits, and risk management.

· Knowledge of role-based access control (RBAC), identity management, and data encryption as it relates to healthcare information systems.

Skills:

· Strong understanding of EHR systems.

· Proficient in healthcare regulations and standards, including HIPAA, HITECH, and meaningful use.

· Excellent problem-solving and analytical skills.

· Strong communication skills, capable of working across departments and with clinical teams.

· Ability to manage security incidents and respond to them efficiently.

· Familiarity with healthcare IT infrastructure, including networking, firewalls, and database security.

---

Working Conditions:

· May require occasional travel to different healthcare facilities within the organization.

· On-call availability for security incidents.

Requirements