DUTIES & RESPONSIBILITIES:

Operational Compliance

• Responsible for the effective deployment of the organizational HIPAA policy
• Responsible for developing, implementing and maintaining the HIPAA Compliance Program within the account
• Monitors and reviews the effectiveness of the documented management system and ensures that all security procedures within the area of responsibility are carried out correctly to ensure compliance with security policies and standards
• Responsible in ensuring that privacy policies and procedures are communicated and understood by the team
• Responsible for effective incident management practices within the scope of HIPAA
• Responsible for identifying the risks associated with the identified assets and development of appropriate controls for its mitigation
• Assesses the adequacy and coordinates the implementation of specific information security within the area of responsibility
• Ensures protection of individual assets and ensure understanding of the team on the security processes and control
• Conducts periodic checks and reconciliation of people assets (User IDs, Voice IDs, Headcount and Access withdrawal) and check if these assets are properly accounted for
• Conducts periodic spot checks on implementation of Information Security and Floor Management (ISFM)
• Conducts periodic checks of the account to ensure that everybody in the program is complying with the rules set by the program
• Conducts regular updates on the organizational policies and procedures
• Conduct internal quality audits, report results, monitor actions, and ensure that all audited non-conformances are followed-up and closed
• Report security incidents as quickly as possible
• Monitors significant changes in the exposure of information assets to major threats
• Identifies the risks and appropriate controls associated with the identified assets
• Promotes visibility of business support for information security throughout the organization
• Encourage the members of his team to report any observed or suspected security weaknesses in, or threats to systems or services
• Perform regular process/compliance audits in adherence to set procedures and security policies, regulatory/contractual requirements, and the ISMS and QMS standards

Configuration Management

• Responsible to control all changes/revision requests for assigned program. Monitors changes that have been made on existing process and procedures and reviews the account?s/group?s shared folder

General Safety and Security

• Protects the organization?s assets by upholding the principles of the Quality Information Security Management System (QISMS)
• Ensures confidentiality, integrity, and availability of information critical to fulfilling the organization?s business functions
• Remain compliant with the relevant business, local and international regulatory and legislative requirements particularly the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) as appropriate