JOB DESCRIPTION: Data Security Coordinator

WINCHESTER HOSPTIAL

JOB DESCRIPTION: Data Security Coordinator

SECTION 1: POSITION SUMMARY

A. DEPARTMENT(S): Information Systems

B. JOB CODE42553

C. JOB GRADE123

D. FLSA STATUSExempt

E. JOB SUMMARY:Contributes to the Hospital’s missionby ensuring that the hospital’s computer systems are secure from unauthorized access or alternations and compliant with HIPAA, other healthcare and professional ethics standards and regulations. As a member of the Hospital’s leadership team,acts as a key contributor to system processes and collaborates with all facets of IS and organizationalareas to ensure required and Hospital established security related goals are met.

F. QUALIFICATIONS:

Education

Required: Bachelor’s degree in Computer Science or related field

Experience

Required:

• Three (3) years of IT security experience
• Key involvement in IS/IT project implementation

Preferred:

• Demonstrated ability to lead, organize and/or instruct
• Healthcare IT experience

Other Skills/Knowledge

Required:

• Demonstrated competency in networking technology and network security, i.e. firewalls, IDS, IPS, VPN, Encrypton, TCPIP protocols
• Comprehensive knowledge of information security standards and regulations including security and data confidentiality for the broad spectrum of IS/IT technology, hardware/systems, access and uses
• Superior analytical and problem solving skills
• Ability to document and communicate technical information clearly and concisely
• Ability to identify and engage key stakeholders and build commitment and buyin to change
• Ability to work independently, setting and adjusting priorities to meet deadlines and objectives
• Ability to work in a fast-paced environment requiring 24/7 support
• Ability to remain current in the ever-changing field of IS/IT
• Ability to document processes, procedures and network designs clearly and accurately for distribution to other internal teams and to our customers

• For safety and quality reasons, must be able to read, write and communicate effectively in English with patients, visitors and fellow members of the hospital team.

G. LICENSES, REGISTRATIONS, CERTIFICATIONS:

Preferred: Security related certifications, such as CISSP or GIAC

H. LIFE SUPPORT CERTIFICATION REQUIRED: N/A

I. POPULATION SPECIFIC REQUIREMENTS: N/A

J. OTHER JOB REQUIREMENTS:

Professional Commitment Requirements: Keep abreast of developments in the field and/or licensure through continuing education, participation in professional organizations or a combination of both.

On-call: May be contacted off-hours for urgent security breach issues

Schedule requirements: Generally a day shift schedule; however, schedule variations will occur based on hospital’s needs

Travel requirements: As needed, may travel between hospital locations

K. REPORTING RELATIONSHIPS:

• Reports tothe Director of Information Services
• Responsible for supervising the work of others

SECTION 2: PROMISE COMMITMENT

When patients enter WinchesterHospital, they are entrusting us with a responsibility that is otherwise normally their own--the responsibility for their health, well-being, and often, their lives. To honor that trust, all WinchesterHospital employees are expected to demonstrate the PROMISE behaviors of WinchesterHospital in every encounter with patients, coworkers, and the community. PROMISE is an acronym for the following:

Promoting Teamwork

Respect

Ownership

Maintaining a Positive Attitude

Initiative

Safety and Quality

Empathy

All WinchesterHospital employees are expected to exemplify the PROMISE behaviors.WinchesterHospital leaders are also expected to reinforce the Hospital’s PROMISE standards by coaching staff and if necessary taking corrective action.

SECTION 3: COMPLIANCE COMMITMENT

WinchesterHospital maintains a Compliance Program to ensure that employees comply with all laws, regulations and Joint Commission and other licensure and accreditation standards that apply to our business. The Code of Business Conduct is a vital part of the Compliance Program. Employees must be familiar with the Compliance Program and Code of Business Conduct and must comply with their requirements, and the requirements of any other laws and regulations, policies and procedures affecting the performance of their job. If applicable, employees are expected to comply with standards of conduct outlined by the oversight organization(s)of their profession.

SECTION 4: JOB FUNCTIONS

Consistent with the PROMISE principles and inherent in a hospital environment, employees must be flexible in meeting patients’ and the Hospital’s needs. While the list below describes the primary functions of this job, all employees at WinchesterHospital need to recognize that an essential element of their job is the ability to respond to unanticipated and/or changing situations. This may result in assuming responsibilities or tasks which are not on this list.

As a member of the Information Systems team, this supervisor is responsible for the following:

Operations:

• Oversees and directs the day-to-day Information Systems security program to ensure the hospital maintains compliance with federal and state mandates.
• Uses performance improvement methodologies to constantly improve processes by removing variation and waste.
• Continually monitors the program’s key indicators’ outcomes. Uses this information to constantly improve program operations.
• Remains current on supervisory and the field’s best practices and trends.

Growth:

• Builds effective relationships with physicians to optimize effectiveness of the program.

Planning:

• Provides operational insights and trend data to the Director to help build comprehensive and accurate short and long-term strategic and operational plans for the program.
• Addresses technical infrastructure issues, including but not limited to, facilities, equipment and information systems. Evaluates and recommends infrastructure related decisions to optimize short and long-term success of the program.
• Monitors the program’s/staff members’ achievement of goals and likelihood of achieving goals. Together with the Director,takes corrective action as needed.
• Passes along communications, so to ensure all staff members understand their contribution to achieving program and Hospital goals.

Fiscal Management:

• Provides operational insights and trend data to the Director to help build comprehensive and accurate operational and capital budget plans.
• Monitors status on budget achievement on an ongoing basis and makes recommendations for possible corrective action. Researches and communicates budget variances.
• Educates staff on the status of the department budget and seeks their involvement and buy-in to improve fiscal success.

People Developer

• Schedules the staff effectively. Makes recommendations concerning optimum short and long-term staffing for the program.
• Together with the Director, selects the best possible candidates. Properly orients and coaches staff so they can be successful in their jobs and within the WinchesterHospital culture.
• Provides ongoing performance feedback to employees to effectively coach for optimum short and long-term performance, including but not limited to, completing comprehensive, accurate, and on-time performance evaluations.
• Recognizes and rewards staff.
• When appropriate, disciplines staff.
• Fosters an environment of continuous learning.

Employee Retention

• Creates an open, supportive environment that encourages staff members to share opinions, concerns, and suggestions. Holds regular meetings and/or communicates to keep the staff informed.
• Addresses employee concerns and suggestions in a timely, sensitive and constructive manner.
• Optimizes the success of the Hospital Employee Opinion Survey process by encouraging participation and honest feedback and then utilizing the EOS results to assess and communicate the department’s feedback. Implements approved actions on the identified opportunities for improvement.

Physician Satisfaction

• Serves as a liaison with WinchesterHospital medical and administrative staff on matters related to the security program.
• Collaborates with practitioners to optimize the program’s effectiveness and efficiency, with an effort to fulfill the physician schedule and operational preferences.
• Endeavors to incorporate physician feedback and suggestions in operational decisions and initiatives. Addresses concerns raised in the Physician Satisfaction Survey process as directed by the Director.
• Mediates to resolve employee relations and employee-physician issues. Keeps the Director informed of such issues.

Customer Satisfaction

• Recommends ways to measure customer satisfaction. Uses approved measures to constantly improve customer satisfaction.
• Addresses customer’s concerns that could not be resolved at the staff level.

Policies, Procedures and Regulatory Compliance

• Assists in developing and implementing clear and concise program policies and procedures to ensure the safe and efficient operations of the program.
• Educates staff on department and Hospital policies and procedures. Monitors and addresses non-compliance.
• Stays current with all regulatory issues pertinent to the program’s issues and operations, which may include but are not limited to, HIPAA, The Joint Commission, Department of Public Health, Department of Labor, and OSHA oversight.
• Ensures the program is in compliance with regulatory requirements including but not limited to ensuring policy and procedure manuals meet requirements.

Process Improvement and Change Implementation

Leads and participates in committees and teams.

• Fosters an environment of collaboration and continual improvement.

SECTION 5: DEPARTMENT SPECIFIC JOB FUNCTIONS

• Designs and implements a security program for the Hospital. Leads system security related projects. Creates and updates comprehensive policies, procedures and technical documentation.
• Identifies system and applications risks and recommends appropriate actions to minimize vulnerability and ensure compliance with regulatory requirements.
• Collaborates throughout IS and the hospital to foster a commitment to system security and ensure security issues are incorporated into system deployment plans and processes.
• Designs, implements and/or works through other resources to provide information security awareness training for all users of our information technology.
• Implements procedures to monitor and document security infractions and resolution. Identifies and communicates trends and concerns to the appropriate parties based on the urgency.
• Monitors and administers day-to-day security technologies. Responds to and resolves intrusion detection alerts.
• Conducts regular and comprehensive security audits. Participates in security breach investigations; when necessary, collaborating with HR and/or Security.
• Recommends antivirus security options.
• Implements upgrades and new products/technologies as necessary, ensuring proper integration throughout the hospital’s devices and platforms.
• Provides advice on, assists with and troubleshoots network and systems issues related to data and systems security.

• Identifies trends and opportunities for system/procedural changes and/or education and makes recommendations to Director. Implements operations and performance improvement initiatives related to systems’ security.
• Acts as the system security/IS liaison and expert on department and interdepartmental projects.

• Views the system users as the customer and collaborates with them to address their needs and security concerns. Does all possible to minimize downtime and frustration.

SECTION 6: PHYSICAL AND MENTAL REQUIREMENTS/CONDITIONS

• The employee needs to have the physical and mental abilities to perform the duties of the position listed above using the PROMISE behaviors.
• The list below is intended to describe the physical and sensory ability requirements of the position; however those requirements may vary, sometimes considerably, based on meeting patient and operational needs.

WinchesterHospital16/30/13-jtc