Healthcare/HIPAA Compliance Leader - Information Services
Location: Indianapolis, IN
YOUR JOURNEY AT CROWE STARTS HERE:
At Crowe, you have the opportunity to deliver creative solutions to today’s complex business issues. Crowe’s accounting, consulting, and technology personnel are widely recognized for their in-depth expertise and understanding of sophisticated process frameworks and enabling technologies, along with their dedication to delivering measurable results that help clients build business value. Our focus on emerging technology solutions along with our dedication to internal career growth and exceptional client value has resulted in a firm that is routinely recognized as a “Best Place to Work.” We are 75 years strong and still growing. Come grow with us!Qualifications
ABOUT THE TEAM:
Information Services (IS): Information Services manages the firm's infrastructure design and security, project management office, architecture, enterprise application services, client service and infrastructure and administration.
At Crowe, we know that great people is what makes a great firm. We value our people and offer employees a comprehensive benefits package.
HOW YOU CAN GROW:
We will nurture your talent in an inclusive culture that values diversity. You will have the chance to meet on a consistent basis with your Career Coach that will guide you in your career goals and aspirations.
MORE ABOUT CROWE:
Crowe (www.crowe.com) is one of the largest public accounting, consulting and technology firms in the United States. Crowe uses its deep industry expertise to provide audit services to public and private entities while also helping clients reach their goals with tax, advisory, risk and performance services. Crowe is recognized by many organizations as one of the country's best places to work. Crowe serves clients worldwide as an independent member of Crowe Global, one of the largest global accounting networks in the world. The network consists of more than 200 independent accounting and advisory services firms in more than 130 countries around the world.
1. Responsible for the oversight of healthcare information security and privacy protocols to protect individual health information:
• Maintain current and appropriate body of knowledge necessary to perform the healthcare information security and privacy oversight function
• Effectively apply healthcare information security and privacy management knowledge to enhance the security of Crowe networks, systems and services processing or storing healthcare-related data
• Maintain working knowledge of Federal and State legislative and regulatory initiatives. Interpret and translate requirements for implementation and compliance
• Assist in developing and implementing appropriate healthcare information security and privacy policies, standards, guidelines, and procedures
• Work effectively with BU/DU/SDU Leaders and serves as a conduit to Crowe’s Firmwide Leader Information Security, and Privacy, Information Security Oversight Committee, other information security personnel and the committee process
• Provide meaningful input, prepare effective presentations and communicate healthcare information security and privacy objectives and requirements
• Participate in short and long-term planning
• Monitor the Firm’s Healthcare Information Security and Privacy Program compliance and effectiveness in coordination with the Firm’s other compliance and operational assessment functions
• Collaborate with the Firm’s Learning & Talent Development team to deliver healthcare security and privacy training and orientation to all Crowe partners, employees, interns, contractors, and other appropriate third parties
• Establish with BU management and operations a mechanism to track access to protected health information, within the purview of the organization and as required by law. And to allow qualified individuals to review or receive a report on such activity
• Monitors compliance with healthcare information security and privacy practices and initiates consistent application of sanctions for failure to comply with policies, processes or other standards for all individuals in the organization’s workforce, extended workforce, and for all business associates, in cooperation with the Firmwide Leader of Information Security and Privacy, BU management, Talent Services, Firm Risk Management, and Legal, as applicable
• Initiate, facilitate and promote activities to foster healthcare information security and privacy awareness within the organization and related entities
• Serves as a liaison to the organization’s Information Security Oversight Committee on healthcare related issues. Also serves as the information security and privacy liaison for internal owner/users of systems used to support healthcare industries or deliver services that involve healthcare related data.
• Review all system-related healthcare information security and privacy plans throughout the firm to ensure alignment with healthcare security and privacy practices, and acts as a liaison to the Firm’s Business Units, Delivery Units, and Sub- Delivery Unit
• Assist with, and assumes a leadership role in investigations of healthcare information privacy violations and/or computer system breach. Work effectively as a member of the Firm’s incident response team with BU management, Firmwide Risk Management, Legal, and law enforcement to address these instances
• Review instances of noncompliance and works effectively and tactfully to correct deficiencies. If prompt resolution cannot be obtained, escalating the issue to the Firmwide Leader Information Security and Privacy and the appropriate BU management
• Maintain current knowledge of applicable federal and state privacy/security laws and accreditation standards, and monitor advancements in information security technologies to ensure organizational adaptation and compliance
• Serve as healthcare information privacy/security advisor/consultant to the firm supporting all BU/DU/SDU’s
• Assist Firm Risk Management, Legal and BU management with compliance reviews or investigations by the Office of Civil Rights, other external regulatory agencies, or firm clients
2. Responsible for the management of healthcare information privacy/security personnel as applicable:
• Work with Firmwide Leader, Information Privacy/Security to determine positions and personnel necessary to accomplish healthcare information privacy/security goals. Request positions, screens personnel and takes the lead in the interviewing and hiring process
• Develop meaningful job descriptions. Communicate expectations and actively coach personnel for success.
• Prioritize and assign tasks and review work performed. Challenge staff to better themselves and advance the level of service provided.
• Provide meaningful feedback to staff on an on-going basis and formally appraises performance annually.
3. Responsible for promoting open lines of communications within the organization:
• Serve as an internal consultant to the firm on healthcare related privacy and security matters
• Collaborate with other information security and privacy team members as needed or directed
• Make recommendations for the improvement of operational processes and procedures within the Information Security and Privacy team and within other BU’s support healthcare clients
4. Responsible for keeping abreast of local, state and federal rules and regulations related to the healthcare industry:
• Stay informed of latest web/internet tools and standards
• Seek out new ways of improving technical skills
5. Responsible for performing other duties assigned but not limited to the following:
• Special projects as assigned
6. Work collaboratively with firm business leaders to ensure compliance with healthcare data security and privacy policies and procedures according to IT General Controls, and other regulatory and/or contractual requirements (SOC 1 / 2, GDPR).