University of Utah Job Description
Job Summary
This position is responsible for privacy policy development and maintenance; auditing; monitoring compliance with University privacy policy and applicable law; and coordinating investigation and reporting of privacy incidents. The position will assist in the design of privacy policy education, training, and awareness activities.
Qualifications
Bachelor’s degree in Business, Public Administration, Healthcare Administration, Information Systems Management, or a related field or equivalency (one year of education can be substituted for two years of related work experience) is required; and five years of progressive experience in computing, privacy, and information security, including experience with internet technology and privacy and security issues.
Master’s degree in healthcare related field or JD is preferred. Experience in healthcare is also preferred. CUOO/IT, CIPP/UT, CISSP, GIAC, or other security certifications are desired.
Applicants must demonstrate the potential ability to perform the essential functions of the job as outlined in the position description.
Disclaimer
This job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job.
Essential Functions
1. Develop and publish privacy policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
2. Assist in the analyses and evaluation of privacy trends and implementation of policy and regulatory requirements.
3. Accesses and utilizes information and support resources to help advise peers and the institution.
4. Conducts Privacy Breach Investigations.
5. Contributes to and promotes the administrative, outreach, and clinical activities of the Privacy Office.
6. Implements training activities and promotes awareness of information privacy, patient privacy rights, and ultimately patient safety.
7. Supports all levels of staff, faculty and students by responding to questions, and helps facilitate process improvements where deficiencies exist.
8. Leads project teams in the identification of pertinent privacy issues, and prepares comprehensive project plans and timelines for process improvements.
9. Keeps abreast of latest privacy issues and trends.
10. Prepares documentation, including updates of department policies and procedures, reports, web content, and notifications.
11. Actively participates in professional privacy communities such as Educause, HCCA, AHIMA, etc.
12. Conducts privacy compliance audits and prepares written and oral reports on these audits for leadership.
13. Coordinates the implementation of Business Associate and Third Party Network Access Agreement.
14. Recommends business process improvements to enhance security and efficiency. Provides guidance and assists with business process improvement efforts and initiatives.
Comments
Knowledge/Skills/Abilities required of this position include:
Knowledge of privacy information and security standards (e.g. ISO, 27001/27002, etc.), rules and regulations related to information security and data confidentiality (e.g. FERPA, HIPAA, FISMA, etc.). Excellent customer service skills. Strong interpersonal skills. Ability to work flexible hours. Ability to manage workflow support. Strong mentoring and supervision/leadership skills.
Work Environment and Level of Frequency typically required
Nearly Continuously: Office environment.
Physical Requirements and Level of Frequency that may be required
Nearly Continuously: Sitting, hearing, listening, talking.
Often: Repetitive hand motion (such as typing), walking.
Seldom: Bending, reaching overhead.