EHR Security Analyst

The Virginia Department of Health (VDH) enterprise level EHR Security Analyst will be responsible for providing help shaping the security profiles and access controls for the EHR along with providing support Tier 1 to the EHR end users on related areas.EHR Security Analyst/ Application Support Specialist

The EHR Security Analyst is responsible for managing and help define user access policies, security policies and role-based permissions within the EHR. This role will work closely with the EHR Application team, ISO Team and HIPAA compliance officer among others to ensure that the application is compliance with HIPAA standards, organizational security policies and best practices.

Key Responsibilities

· Map and maintaining EHR positions definitions, which includes, Millenium Positions, Preferences and OHPAC Security groups with VDH Positions.

· Monitor and enforce appropriate use of EHR Access Control Positions and Policies, ensuring that users have the correct level of access based on their roles and their job functions.

· Work with EHR Security Officer, IT Technical team, Support Team and EHR Core team to help define and automate user provisioning and offboarding procedures.

·Monitor and conduct internal security audits of the EHR application to identify and mitigate risks and/or vulnerabilities detected.

·Work with EHR Security Officer to develop and maintain security policies, procedure and guidelines related to the Application.

·Work with EHR Security Officer and ISO Office and EHR Core team to define and complete security documentation and downtime procedures according with VDH Security guidelines.

·Work with EHR Security Officer to respond and investigate security incidents related to EHR Application ensuring timely resolution and proper reporting to stakeholders.

·Collaborate with the EHR implementation and optimization teams to ensure that security measures are integrated into the deployment of new features, updates, and third-party applications.

·Stay informed about emerging security threats, technologies, and best practices related to EHR systems.

·Recommend improvements and optimizations to the EHR security environment based on industry trends and emerging threats.

·Monitor user behavior by using tools like P2Sentinel to determine trends and possible incidents.

·Work with EHR Security Officer and EHR Core team to assist on internal and external audits.

·Participate in Cerner/OHPAC upgrades, security patches and system maintenance to ensure ongoing security.

·Participate in the Domain Strategy for EHR Application.

·Stay up to date with security updates, best practices and regulatory changes.

Required Experience

·Three plus years of IT experience desired.

·Strong Understanding of EHR Systems

·Understanding of HIPAA, HITECH, meaningful user and other healthcare security regulations.

·Experience with Active Directory (AD), single sign-on (SSO), multi-factor authentication(MFA), and identity management solutions.

·Strong analytical, problem-solving, and troubleshooting skills related to Cerner/OHPAC security and access issues.

·Excellent communication and collaboration skills to work with IT teams, compliance officers, and end users.

·Familiarity with healthcare IT infrastructure, including networking, firewalls, and database security.

·Knowledge of Discern and ccl.