POSITION SUMMARY
The Identity Access Specialist is responsible for access management and provisioning with emphasis on logical access control. Provisioning of access refers to the process of creating, maintaining, and removing user accounts to various systems, while ensuring the right level of access at the right time. The incumbent will work closely with application stakeholders within TCRHCC to ensure that access is provisioned and processed according to the organization’s established securities, rights, and privileges, service level agreements, and regulatory compliance guidelines. Working under established guidelines, policies and protocols, this position ensures proper access to all types of enterprise applications and data communications systems and services for each customer, including TCRHCC staff, contractors/vendors, and volunteers. The incumbent is expected to execute this function with consistency, accountability, and exceptional customer service. In addition, the incumbent will assist with improving access management and transition access provision to automated solutions.
ESSENTIAL FUNCTIONS:
- Responsible for security analysis related to Identity and access management, including role process re-engineering, software security configuration, testing, implementation, and assist in roll-out.
- Application and user identity and access administration (including maintaining end user security access rules and profiles across multiple systems and platforms)
- Manage user accounts and access permissions for TCRHCC computer systems and applications by reviewing user IDs to determine if they are accurate, complete, approved and appropriate. Contact requestor, manager and/or data owner as necessary. If in order, establish the requested access and notify the user
- Review security reports and research violations. Quickly respond to customer request and work to resolve security concerns in a timely and efficient manner.
- Ensure termination, new hire and transfer procedures are followed and documented.
- Develop and update written procedures for provisioning access
- Ensure Information Security Policy and any other agreements (i.e. Remote Access) have read been signed
- Revalidate access to systems and applications according to schedule.
- Create new databases or spread sheets for user’s ensuring the proper security is applied as necessary, as well as provide access to databases where necessary.
- Assist in the overall security administration initiative for the company.
- Complete IT Security related help desk tickets accurately, completely and in a timely manner.
- Develop key performance indicators to gauge the quantity of IT Security services and report information to Applications Manager and IT Security.
- Provide supporting evidence and documentation for internal and external audits, as well as review audit report and security assessment results to address issues and risks.
- Adherence to established Service Level Agreements, established processes, security controls and corporate policies, when provisioning and de-provisioning.
- Answers incoming calls or requests to provide broad level of support to customers to identify, troubleshoot, and resolve access related issues
- Modify existing access as requested through Information Services’ ticketing system, after approvals per policies
- Assist IT Security Officer (ITSO) in creating scripts to further advance automated provisioning/de-provisioning
- Researching and evaluating new solutions, products and technologies that enhance and improve services
- Promotes activities to foster information Privacy/Security awareness within TCRHCC and related entities.
- Assists ITSO in providing an annual review of incidents and assist in developing plans to enhance TCRHCC IT/HIPAA Privacy/Security program to the IT/HIM/Compliance departments and Senior Leadership team.
- Completes all electronic health record entries accurately and timely pertinent to patient care role.
- Participates in departmental workflow and or testing teams as related to electronic health record or other project initiatives.
- Ensure proper PPE is worn at all times while on duty including but not limited to, face mask, gloves, gown, isolation gown, NIOSH-approved N95 filtering facepiece respirator or higher, if available), and eye or face shield.
- Complete all donning and doffing tasks in a safe acceptable method and discard of used PPE accordingly. (see CDC website for most current updates)
- Complete task training for all routine cleaning and decontamination processes for all surfaces contaminated by a communicable disease to ensure a high level of patient, visitor, employee and external customer satisfaction.
- Performs other related duties as assigned.
MENTAL AND PHYSICAL EFFORT
The physical and mental demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.
Physical:
Exercises independent judgment in applying the guidelines set forth by organization policy, management directives, activities, and operating procedures, and in reaching appropriate decisions for issues not covered by guidelines. Requires an ability to interpret, adapt and apply compliance practices, policies and procedures to meet the requirements of Federal health care law. Must be able to stand, walk and sit for long periods of time; be able to lift up to 20 lbs.; be able to distinguish numbers, letters, and colors; and be able to see, hear, and speak with clarity.
Mental:
Must be able to prioritize and use good judgment. Must have critical thinking skills to problem solve and plan, identify and question issues and information in order to make appropriate assumptions, inferences, implications, and decisions. Must be able to communicate with staff, providers, senior leaders, legal counsel, and external entities.
|
NECESSARY QUALIFICATIONS
Education:
- High School Diploma or G.E.D. or
- Associate degree in Computer Science, Engineering, or Information Services
Experience:
- One year experience in computer related field
- Demonstrated successful experience in the following:
- One year experience working with the E.H.R. application (ex. registration, ambulatory, ED, scheduling, acute care).
- Technical skills (application use of Microsoft Office and Windows operating system, understand/learn system vulnerability, risk assessments and technology gap assessments)
Other Skills and Abilities:
A record of satisfactory performance in all prior and current employment as evidenced by positive employment references from previous and current employers. All employment references must address and indicate success in each one of the following areas:
- Positive working relationships with others
- Possession of high ethical standards and no history of complaints
- Reliable and dependable; reports to work as scheduled without excessive absences
- Ability to weigh business risks and enforce appropriate information Privacy/Security measures
- Ability to read, learn, understand, interpret, communicate, and enforce HIPAA and HITECH laws as well as other regulatory requirements related to information Privacy/Security/privacy
|
Click here for technical assistance.
