The Identity Access Specialist is responsible for access management and provisioning with emphasis on logical access control. Provisioning of access refers to the process of creating, maintaining, and removing user accounts to various systems, while ensuring the right level of access at the right time. The incumbent will work closely with application stakeholders within TCRHCC to ensure that access is provisioned and processed according to the organization’s established securities, rights, and privileges, service level agreements, and regulatory compliance guidelines. Working under established guidelines, policies and protocols, this position ensures proper access to all types of enterprise applications and data communications systems and services for each customer, including TCRHCC staff, contractors/vendors, and volunteers. The incumbent is expected to execute this function with consistency, accountability, and exceptional customer service. In addition, the incumbent will assist with improving access management and transition access provision to automated solutions.
- Responsible for security analysis related to Identity and access management, including role process re-engineering, software security configuration, testing, implementation, and assist in roll-out.
- Application and user identity and access administration (including maintaining end user security access rules and profiles across multiple systems and platforms)
- Manage user accounts and access permissions for TCRHCC computer systems and applications by reviewing user IDs to determine if they are accurate, complete, approved and appropriate. Contact requestor, manager and/or data owner as necessary. If in order, establish the requested access and notify the user
- Review security reports and research violations. Quickly respond to customer request and work to resolve security concerns in a timely and efficient manner.
- Ensure termination, new hire and transfer procedures are followed and documented.
- Develop and update written procedures for provisioning access
- Ensure Information Security Policy and any other agreements (i.e. Remote Access) have read been signed
- Revalidate access to systems and applications according to schedule.
- Create new databases or spread sheets for user’s ensuring the proper security is applied as necessary, as well as provide access to databases where necessary.
- Assist in the overall security administration initiative for the company.
- Complete IT Security related help desk tickets accurately, completely and in a timely manner.
- Develop key performance indicators to gauge the quantity of IT Security services and report information to Applications Manager and IT Security.
- Provide supporting evidence and documentation for internal and external audits, as well as review audit report and security assessment results to address issues and risks.
- Adherence to established Service Level Agreements, established processes, security controls and corporate policies, when provisioning and de-provisioning.
- Answers incoming calls or requests to provide broad level of support to customers to identify, troubleshoot, and resolve access related issues
- Modify existing access as requested through Information Services’ ticketing system, after approvals per policies
- Assist IT Security Officer (ITSO) in creating scripts to further advance automated provisioning/de-provisioning
- Researching and evaluating new solutions, products and technologies that enhance and improve services
- Promotes activities to foster information Privacy/Security awareness within TCRHCC and related entities.
- Assists ITSO in providing an annual review of incidents and assist in developing plans to enhance TCRHCC IT/HIPAA Privacy/Security program to the IT/HIM/Compliance departments and Senior Leadership team.
- Completes all electronic health record entries accurately and timely pertinent to patient care role.
- Participates in departmental workflow and or testing teams as related to electronic health record or other project initiatives.
- Ensure proper PPE is worn at all times while on duty including but not limited to, face mask, gloves, gown, isolation gown, NIOSH-approved N95 filtering facepiece respirator or higher, if available), and eye or face shield.
- Complete all donning and doffing tasks in a safe acceptable method and discard of used PPE accordingly. (see CDC website for most current updates)
- Complete task training for all routine cleaning and decontamination processes for all surfaces contaminated by a communicable disease to ensure a high level of patient, visitor, employee and external customer satisfaction.
- Performs other related duties as assigned.
Demonstrate accuracy, thoroughness, and identification of methods to improve and promote quality by setting priorities and managing work within time frames. Plans and carries out assignments independently and resolves problems within the broad framework of designated policies, laws, regulations through the use of sound management principles and practices. Many inquires require initiative, good judgment, and effective administration to take timely correct action and to determine whether identified risks are of a nature that is acceptable to TCRHCC policy and Senior Leadership.
MENTAL AND PHYSICAL EFFORT
The physical and mental demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.
Exercises independent judgment in applying the guidelines set forth by organization policy, management directives, activities, and operating procedures, and in reaching appropriate decisions for issues not covered by guidelines. Requires an ability to interpret, adapt and apply compliance practices, policies and procedures to meet the requirements of Federal health care law. Must be able to stand, walk and sit for long periods of time; be able to lift up to 20 lbs.; be able to distinguish numbers, letters, and colors; and be able to see, hear, and speak with clarity.
Must be able to prioritize and use good judgment. Must have critical thinking skills to problem solve and plan, identify and question issues and information in order to make appropriate assumptions, inferences, implications, and decisions. Must be able to communicate with staff, providers, senior leaders, legal counsel, and external entities.
Ensures that periodic risk assessments and ongoing monitoring of key elements of the IT/HIPAA Privacy/Security program are monitored; including privacy notice, consent, authorization, business partner agreements/practices, minimum necessary information, disclosure, and reviews all system-related information security plans throughout the organization's network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department.
TCRHCC is located within the Navajo Nation and, in accordance with Navajo Nation law, has implemented a Navajo/Indian Preference in Employment Policy. Pursuant to this Policy, applicants who are enrolled members of the Navajo Nation and who meet the necessary qualifications for this position will be given preference in hiring and employment for this position and applicants who are enrolled members of any other tribe who meet the necessary qualifications will be given secondary preference.
In performance of their respective tasks and duties, all employees at TCRHCC are expected to conform to the following:
- Adhere to all professional and ethical behavior standards of the healthcare industry.
- Interact in an honest, trustworthy and dependable manner with patients, employees and vendors.
- Possess cultural awareness and sensitivity.
All employees must uphold all principles of confidentiality and patient care to the fullest extent. This position has access to sensitive information and a breach of these principles may be grounds for immediate termination.
I have read the qualifications and requirements for the position of Identity Access Specialist. To the best of my knowledge, I believe I can perform these duties.
- High School Diploma or G.E.D Equivalent or
- Associate degree in Computer Science, Engineering, or Information Services
- One year experience in computer related field
- Demonstrated successful experience in the following:
- One year experience working with the E.H.R. application (ex. registration, ambulatory, ED, scheduling, acute care).
- Technical skills (application use of Microsoft Office and Windows operating system, understand/learn system vulnerability, risk assessments and technology gap assessments)
Other Skills and Abilities:
A record of satisfactory performance in all prior and current employment as evidenced by positive employment references from previous and current employers. All employment references must address and indicate success in each one of the following areas:
- Positive working relationships with others
- Possession of high ethical standards and no history of complaints
- Reliable and dependable; reports to work as scheduled without excessive absences
- Ability to weigh business risks and enforce appropriate information Privacy/Security measures
- Ability to read, learn, understand, interpret, communicate, and enforce HIPAA and HITECH laws as well as other regulatory requirements related to information Privacy/Security/privacy
Bachelor’s Degree in MIS, Computer Science, Engineering, Information Services, HIM or Business Administration.
- Experience with Active Directory (Delegation of Authority, Group Policy, Organizational Units, Security Groups, Permissions)
- Experience in administration of user and role provisioning, connectors, workflow, certificate management, session management, encryption technologies, LDAP (MS Active Directory and OID).
- Certifications in A+, NET+, and PRIVACY/SECURITY+.