University of Utah Job Description
Job Summary
Responsible for developing a comprehensive HIPAA compliant training, education, and awareness program for University Health Sciences. Also responsible for privacy policy development and maintenance; the design of privacy policy education, training, and awareness activities, and coordinating investigation and reporting of privacy incidents.
Qualifications
Bachelor’s degree in Educational Development, Business, Public Administration, Healthcare Administration, Information Systems Management, or a related field or equivalency; and five years of progressive experience in the field or in a related area. Demonstrated human relations and effective communication skills required.
CISSP, GIAC, CIPP or other security certifications is preferred. Experience in higher education or healthcare is also preferred.
Applicants must demonstrate the potential ability to perform the essential functions of the job as outlined in the position description.
Disclaimer
This job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job.
Essential Functions
1. Develop comprehensive regulatory training, education, and awareness program for University Health Sciences including the Hospital and Clinics, with a focus on privacy and information security.
2. Conduct, coordinate, schedule, and evaluate privacy and information security training programs.
3. Develop and design training materials, lesson plans, outlines, manuals, and other necessary privacy and information security training documentation. Amend and revise materials as necessary, in order to adapt to changes that occur.
4. Conduct various training projects including (but not limited to): Required annual regulatory training; New/updated policy training; New Employee Orientation; Quarterly Privacy and Information Security Champions; End-user privacy and information security requirements; specialty regulatory training, and Administrative and leadership curriculum.
5. Assists Privacy Team in the development & maintenance of privacy policy.
6. Participate in enforcing HIPAA privacy and security regulations and University of Utah policies through investigations, interviews, analysis and reporting.
7. Participate in quality improvement activities and implementation in the department and organization.
8. Recommend business process improvements to enhance privacy and security efficiency. Provide guidance and assist with business process improvement efforts and initiatives.
9. Coordinate with other departments, units and colleges within the University Health Sciences, Hospital & Clinics, in privacy and information security training outreach.
10. Actively participate in higher education privacy and information security community such as Educause, REN-ISAC, ATD, etc.
11. Apprise the community at large of University of Utah Health Care Hospital and Clinics’ commitment, implementation and enforcement of privacy and information security principles.
12. Perform other related duties as assigned.
Comments
Knowledge/Skills/Abilities required of this position include:
Demonstrated leadership and management skills in working on projects with others. Knowledge of information security and privacy standards (e.g., ISO 27001/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.). Demonstrated leadership in identifying training issues and solutions. Strong interpersonal skills. Ability to manage workflow support. A wide degree of creativity and latitude.
Work Environment and Level of Frequency typically required
Nearly Continuously: Office environment.
Physical Requirements and Level of Frequency that may be required
Nearly Continuously: Sitting, hearing, listening, talking.
Often: Repetitive hand motion (such as typing), walking.
Seldom: Bending, reaching overhead.
