PSO IT Security Specialist

NC DHHS Privacy and Security Office (PSO) requiring services of an Electronic Health Record System (EHREPIC) IT Security lead to assist DSOHF.

• The Epic/EHR Security Coordinator is responsible for overseeing and ensuring the security of the organizations Epic Electronic Health Record (EHR) system.
• This role involves managing access controls conducting security audits developing security policies and ensuring compliance with healthcare regulations such as HIPAA and HITECH.
• The Epic/EHR Security Coordinator will work closely with IT clinical and compliance teams to secure patient data and protect the integrity of the EHR system.

Key Responsibilities:

Security Management & Compliance:

• Ensure the Epic EHR system is secure and compliant with federal state and organizational security policies including HIPAA HITECH and other applicable regulations.
• Monitor and enforce the appropriate use of Epic EHR access controls ensuring that users have the correct level of access based on their roles.
• Conduct regular security audits of the Epic EHR system identifying and mitigating risks or vulnerabilities.
• Develop and maintain security policies procedures and guidelines specific to the Epic EHR environment.
• Coordinate with the stakeholders to implement and maintain security tools such as firewalls intrusion detection/prevention systems and encryption mechanisms as applicable to the EHR system.

Access Controls & User Management:

• Oversee user provisioning and deprovisioning ensuring appropriate access to the Epic system for all employees and contractors.
• Manage and audit rolebased access controls (RBAC) for the Epic system ensuring that users have the correct level of access for their duties.
• Ensure that system logs and user access records are maintained for auditing purposes and work with internal audit teams to ensure compliance.

Incident Response & Risk Management:

• Respond to and investigate security incidents related to the Epic EHR system ensuring timely resolution and proper reporting to relevant stakeholders.
• Perform risk assessments on new modules or integrations within the Epic EHR identifying potential security vulnerabilities and developing mitigation strategies.
• Coordinate with clinical IT and legal teams on breach notification processes in compliance with regulatory requirements.

Collaboration & Coordination:

• Collaborate with the Epic implementation and optimization teams to ensure that security measures are integrated into the deployment of new Epic features updates and thirdparty applications.
• Work closely with other members of the IT security team to ensure alignment between EHR security and overall organizational cybersecurity strategies.
• Participate in governance and compliance meetings offering insights and reports on EHR security.

Continuous Improvement:

• Stay informed about emerging security threats technologies and best practices related to EHR systems.
• Recommend improvements and optimizations to the Epic EHR security environment based on industry trends and emerging threats.

Qualifications:

Education:

• Bachelors degree in information technology Computer Science Cybersecurity or a related field. Relevant work experience may substitute for formal education.
• Epic Certifications (Security Fundamentals Security Administration and Data Courier) preferred.
• Security Certifications (e.g. CISSP CISM HCISPP) are highly desirable.

Experience:

• 35 years of experience in IT security preferably within the healthcare industry.
• Prior experience with Epic or EHR systems is preferred.
• Experience with HIPAA compliance healthcare IT security audits and risk management.
• Knowledge of rolebased access control (RBAC) identity management and data encryption as it relates to healthcare information systems.

Skills:

• Strong understanding of EHR systems.
• Proficient in healthcare regulations and standards including HIPAA HITECH and meaningful use.
• Excellent problemsolving and analytical skills.
• Strong communication skills capable of working across departments and with clinical teams.
• Ability to manage security incidents and respond to them efficiently.
• Familiarity with healthcare IT infrastructure including networking firewalls and database security.

Working Conditions:

• May require occasional travel to different healthcare facilities within the organization.
• Oncall availability for security incidents.