IT Business Systems Analyst I HS Office of Institution Integrity
East Carolina University
Location: Greenville, North Carolina
Internal Number: 47369
The Regulatory Compliance Specialist must interpret various federal and state regulations/statutes and policies as needed to support compliance initiatives. Interpretation of various regulations and applying them is paramount to the job responsibilities. This position must identify, prioritize, and provide guidance on high priority university risks that are associated with non-compliance and be able to provide guidance to all levels of employees.
The Regulatory Compliance Specialist (RCS) helps develop, implement, and manage University-wide projects including: privacy and security business and program functionalities, external vendor relationships, liaison between various clinics and/or departments, education efforts, and various risk analysis and management activities. This employee is responsible for University compliance initiatives while collaborating among all divisions within the University to ensure HIPAA compliance and risk determinations specific to a) the mission of the University b) information security standards c) university policies and d) federal laws and regulations.
Provide resource level support to the University in HIPAA compliance for adherence to administrative, technical and physical security requirements and security industry security standards (ISO 27002, NIST, NIH) for HIPAA compliance; review technical, physical and administrative controls for existing, updated and new HIPAA systems and applications for HIPAA Security compliance; conduct business analyses to ensure the business and technical requirements for HIPAA systems have been addressed and integrated into design and function of systems and applications; perform technical and functional application security review for HIPAA systems that store, access or process protected health information (PHI) to determine the existing application security controls and if they meet required controls; assist in university information security incident response and reporting as required; conduct information security gap analyses and audits to determine gap between required security controls as specified by HIPAA security regulation, security industry standards, existing security controls, and federal/state laws.
The position will perform HIPAA Privacy investigations to determine the validity of incidents, complaints, or suspicious activities. Privacy investigations involve conducting interviews to gather information related to the complaint or suspicious activity. The Regulatory Compliance Specialist will work independently to gather information across multiple systems during investigations and must exhibit a detail-oriented methodology. Collaborate with Vidant Medical Center staff to compile evidence in investigations as needed. Provide resource level support to the University in HIPAA Privacy compliance for adherence to the HIPAA Privacy Rule; Research and monitor the Office for Civil Rights (OCR) guidance and proposed modifications on the HIPAA Privacy Rule and Breach Notification Rule for new regulations or requirements affecting the University's HIPAA compliance programs. This position will perform HIPAA Privacy walkthroughs as needed and on an annual basis to ensure all ECU healthcare components are meeting requirements outlined in the HIPAA Privacy Rule.
The Regulatory Compliance Specialist will oversee the University's HIPAA training and education program. Provide specific training to all university staff to address trends as needed.
Collaborate with ITCS to help ensure workforce members receive communications regarding compliant solutions and security controls to ensure all controls are implemented prior to approving the use of appropriate information security applications, storage devices, and internal or hosted systems. Provide guidance and communication related to HIPAA to ITCS security staff as appropriate.
This position will evaluate high risks HIPAA privacy and security compliance issues and determine how best to mitigate those risks. Evaluate business and program application systems' functionality to identify gaps, while measuring the solution impacts to business operations. Review options and serve as a liaison and consultant to identify options for workflows based on security guidance. Conduct HIPAA security risk assessments and issue mitigation recommendations to reduce risks as specified by NIST Risk Management Framework.
Serve as the ECU Regulatory Compliance Specialist and assist in managing the daily HIPAA activities under the guidance of the ECU Chief Integrity Officer. Advise ITCS and management across the University on HIPAA privacy and security compliance initiatives and practices. Research and monitor the Office for Civil Rights (OCR) guidance and proposed modification on Business Associate Agreements (BAA) for new regulations or requirements affecting the University's HIPAA compliance programs including policies, standards, or procedures.
This employee will collaborate with multiple University personnel, including a very strong relationship with ECUITCS Security Office. This employee will collaborate with ITCS Security to ensure federal HIPAA regulations and university policies are being met at the University.
Also, provide support and maintain a strong relationship with ECUITCS, the Office of Research Integrity and Compliance, Office of Internal Auditing, ECU Legal Affairs, other University leadership, and external parties on information security or privacy compliance requirements.
Assist in various University committees to represent and provide guidance regarding HIPAA compliance standards. Serve on University and UNC systems information security committees. Report to external regulatory bodies as appropriate. Develop and maintain University HIPAA
Privacy and Security policies, standards, and procedures to meet requirements as specified by HIPAA regulations; assist in OII's website efforts. Other duties as assigned.
Special Instructions To Application:
East Carolina University requires applicants to submit a candidate profile online in order to be considered for the position. In addition to submitting a candidate profile online, please submit online the required applicant documents:
Curriculum Vitae Letter of Interest List of Three References (noting contact information)
Bachelor's degree or equivalent combination of education and experience.
Full time or Part time: Full Time
Position Location (city): Greenville
Position Number: 500244
Organizational Unit Overview:
The HIPAA Security office manages the University's HIPAA security information compliance program. It ensures University compliance with federal and state HIPAA security regulations and standards, internal and state HIPAA audits, policy development and enforcement, user awareness and education, incident response and recovery, and user account security for administrative systems. The mission of HIPAA Security is to establish a strong compliance program and a secure environment that safeguards the University's protected health information.
To be a national model for student success, public service and regional transformation, East Carolina University uses innovative learning strategies and delivery methods to maximize access; prepares students with the knowledge, skills and values to succeed in a global, multicultural society; develops tomorrow's leaders to serve and inspire positive change; discovers new knowledge and innovations to support a thriving future for eastern North Carolina and beyond; transforms health care, promotes wellness, and reduces health disparities; and improves qualify of life through cultural enrichment, academics, the arts, and athletics. We accomplish our mission through education, research, creative activities, and service while being good stewards of the resources entrusted to us. East Carolina University delivers on the promise of opportunity. We open doors. We improve lives. We transform the present, and we discover the future. In these ways and more, we serve our community, our state, our nation and our world as together we reach toward our greatest potential. Tomorrow starts here.