NCDHHS- PSO IT Security Specialist

NC DHHS Privacy and Security Office (PSO) requiring services of an Electronic Health Record System (EHREPIC) IT Security lead to assist DSOHF.

The Epic/EHR Security Coordinator is responsible for overseeing and ensuring the security of the organizations Epic Electronic Health Record (EHR) system. This role involves managing access controls conducting security audits developing security policies and ensuring compliance with healthcare regulations such as HIPAA and HITECH. The Epic/EHR Security Coordinator will work closely with IT clinical and compliance teams to secure patient data and protect the integrity of the EHR system.

Key Responsibilities:

Security Management & Compliance:

Ensure the Epic EHR system is secure and compliant with federal state and organizational security policies including HIPAA HITECH and other applicable regulations.

Monitor and enforce the appropriate use of Epic EHR access controls ensuring that users have the correct level of access based on their roles.

Conduct regular security audits of the Epic EHR system identifying and mitigating risks or vulnerabilities.

Develop and maintain security policies procedures and guidelines specific to the Epic EHR environment.

Coordinate with the stakeholders to implement and maintain security tools such as firewalls intrusion detection/prevention systems and encryption mechanisms as applicable to the EHR system.

Access Controls & User Management:

Oversee user provisioning and deprovisioning ensuring appropriate access to the Epic system for all employees and contractors.

Manage and audit rolebased access controls (RBAC) for the Epic system ensuring that users have the correct level of access for their duties.

Ensure that system logs and user access records are maintained for auditing purposes and work with internal audit teams to ensure compliance.

Incident Response & Risk Management:

Respond to and investigate security incidents related to the Epic EHR system ensuring timely resolution and proper reporting to relevant stakeholders.

Perform risk assessments on new modules or integrations within the Epic EHR identifying potential security vulnerabilities and developing mitigation strategies.

Coordinate with clinical IT and legal teams on breach notification processes in compliance with regulatory requirements.

Collaboration & Coordination:

Collaborate with the Epic implementation and optimization teams to ensure that security measures are integrated into the deployment of new Epic features updates and thirdparty applications.

Work closely with other members of the IT security team to ensure alignment between EHR security and overall organizational cybersecurity strategies.

Participate in governance and compliance meetings offering insights and reports on EHR security.

Continuous Improvement:

Stay informed about emerging security threats technologies and best practices related to EHR systems.

Recommend improvements and optimizations to the Epic EHR security environment based on industry trends and emerging threats.

Qualifications:

Education:

Bachelor s degree in information technology Computer Science Cybersecurity or a related field. Relevant work experience may substitute for formal education.

Epic Certifications (Security Fundamentals Security Administration and Data Courier) preferred.

Security Certifications (e.g. CISSP CISM HCISPP) are highly desirable.

Experience:

35 years of experience in IT security preferably within the healthcare industry.

Prior experience with Epic or EHR systems is preferred.

Experience with HIPAA compliance healthcare IT security audits and risk management.

Knowledge of rolebased access control (RBAC) identity management and data encryption as it relates to healthcare information systems.

Skills:

Strong understanding of EHR systems.

Proficient in healthcare regulations and standards including HIPAA HITECH and meaningful use.

Excellent problemsolving and analytical skills.

Strong communication skills capable of working across departments and with clinical teams.

Ability to manage security incidents and respond to them efficiently.

Familiarity with healthcare IT infrastructure including networking firewalls and database security.

Working Conditions:

May require occasional travel to different healthcare facilities within the organization.

Oncall availability for security incidents.

Required/Desired Skills
SkillRequired /DesiredAmountof Experience57 years of experience in IT security preferably within the healthcare industry.Required7YearsExperience updating privacy and security policies based on gaps found through an assessment process.Required7YearsExperience Performing risk assessments based on NIST 80053 Rev 4. HIPAASSA and IRS Pub 1075. Required7YearsKnowledge of rolebased access control (RBAC) identity management and data encryption as it relates to healthcare information systems.Required7YearsStrong understanding of EHR systems (EPIC or similar systems).Required7YearsProficient in healthcare regulations and standards including HIPAA HITECH and meaningful use.Required7YearsExcellent problemsolving and analytical skills.Required7YearsAbility to manage security incidents and respond to them efficiently.Required7YearsFamiliarity with healthcare IT infrastructure including networking firewalls and database security.Required7YearsStrong communication skills capable of working across departments and with clinical teams.Required7Years
Questions
No.QuestionQuestion1Absences greater than two weeks MUST be approved by CAI management in advance and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirementQuestion2All work must be completed on site at the clients discretion. Do you accept this requirementQuestion3Please list candidates email address HERE that will be used when submitting ERTR.Question4Please indicate how soon this candidate is available to start work. Vendors are encouraged to submit candidates that are available for the duration of the assignment.Question5Vendor must disclose to the agency if the candidate will be subcontracted at the time of submission. Do you accept this requirementQuestion6Vendor must notify the agency if any portion of the requirements listed in this task order are to be outsourced to other countries. Do you accept this requirementQuestion7Candidates submitted above the bill rate of may not be considered. Do you accept this requirementQuestion8Please confirm you have thoroughly validated and attest to the accuracy of the credentials listed throughout this candidate s VectorVMS profile and resume pursuant to Section 5.2.5 of ITS009440. Do you confirm