As a not-for-profit organization, Partners HealthCare is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women’s Hospital and Massachusetts General Hospital, Partners HealthCare supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities. Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research.
We’re focused on a people-first culture for our system’s patients and our professional family. That’s why we provide our employees with more ways to achieve their potential. Partners HealthCare is committed to aligning our employees’ personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development—and we recognize success at every step.
Our employees use the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
The Information Security and Privacy (IS&P) Analyst is a key team member in Dana-Farber Cancer Institute’s (DFCI’s) information security and privacy programs and activities. The Analyst is accountable to the Information Security Officer within Information Services. The Analyst is responsible for helping manage the Information Security program, including handling routine information security investigations, reporting, monitoring, and improvement efforts. The Analyst is primarily responsible for assisting with special IS&P projects, risk management activities, preparing training and education materials, and conducting outreach measures. The Analyst will monitor and develop IS&P policies and in risk assessment activities. The Analyst will work in coordination with the Privacy Officer, Chief Compliance Officer and Chief Information Officer. The Analyst will assist the Privacy Officer as needed, including support in privacy investigations, monitoring, and developing IS&P policies.
Principal Duties and Responsibilities
• At the Information Security Officers’ direction, conduct information security and privacy incident investigations, including:
• prepare intake documentation, contact, interview, and research data of information security and privacy incident;
• use risk assessment form to determine breach and reporting requirements;
• identify root causes of issues, assess trends, and recommend operational and policy/procedural changes; and
• prepare documentation of entire process and a summary report to the Information Security and Privacy Officers.
• Perform surveys, assessments, inventory and gap analyses of existing Institute and departmental-level policy and procedures according to information security and privacy standards.
• Assist in planning, conducting, supervising and documenting IS&P projects, audit, workplans from inception to completion and provide a summary report to the appropriate parties.
• Assist in performing vendor risk management activities by collaborating with third-parties in fulfillment of new and recurring Vendor Management risk assessments and periodic audits.
• Present effective recommendations for improved controls and operating efficiency throughout the DFCI network.
• Facilitate and promote activities with the Institute’s Communication Department to foster information security and privacy awareness at DFCI.
• In conjunction with the Information Security and Privacy Officers, develop and conduct department-specific IS&P training and education.
• Investigate and document all medical record audits findings and provide a summary report to the appropriate parties.
• Respond to requests for information regarding IS&P policies.
• Work with team to create web site improvements.
• Work with the Information Services and Privacy Officers on projects to improve and support information security and privacy safeguards and functionality.
• Assist in any U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) and other federal and state entities in any information security and privacy program audits, inquiries or investigations.
• Enhance professional growth and development by participating in educational programs, distributing and reading current literature and conducting and participating in in-service meetings and workshops.
• Maintain current knowledge of applicable federal and state privacy laws and accreditation standards, and monitor advancements in information privacy technologies to assist with organizational adaptation and compliance.
• Use the Partners HealthCare values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration
• Other duties as assigned
Bachelor’s degree (B.A. /B.S) or equivalent combination or education and experience in computer sciences, business administration, or equivalent discipline from an accredited college or university required.
Five plus (5+) years IT experience
Three (3) to Five (5) years of experience with information security, privacy and confidentiality, and/or health information management.
Knowledge of HIPAA, HITECH, and the NIST 800-53/30 and FIPS series publications
Preferred: Certified HealthCare Information Security and Privacy Practitioner (HCISPP); Registered Health Information Technician or Administrator (RHIT/RHIA); Project Management Professional (PMP); and/or experience working in an academic medical center.
• Strong commitment to maintain patient confidentiality and privacy.
• Ability to work with all levels of staff and clinicians including but not limited to attorneys, department heads, chiefs of staff, information systems, security, and human resources.
• Knowledge of and experience in working with federal and state IS&P laws, including but not limited to those pertaining to access, release of information, and release control technologies.
• Commitment and ability to:
• work in a team-based environment;
• handle patient interactions/communication with extreme care, patience and consideration; and
• create an environment with open channels of communication within the Institute with workforce members, patients and others.
• Possess excellent organization, attention to detail, facilitation, technical and analytical skills.
• Approach problems with curiosity and open-mindedness and offer new ideas, solutions and/or options.
• Demonstrate discretion, diplomacy, and good judgment.
• Possess strong communication and presentation skills; clearly and concisely express ideas in groups and one-to-one conversations, formal and informal documents.
• Adapt writing and communications styles to fit the audience.
• Project management and change management skills; ensuring projects come to fruition from inception to completion.
• MS Office (Word, Excel, Access, PowerPoint) expertise and knowledge of or ability to learn electronic medical record auditing software.
Partners HealthCare is an Equal Opportunity Employer & by embracing diverse skills, perspectives and ideas, we choose to lead. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law.