Government Jobs
Privacy Incident Response Coordinator
Government Jobs, Des Moines, Iowa, United States, 50301
Privacy And Security Incident Response Coordinator
The Iowa Department of Health and Human Services (HHS), Division of Compliance, Bureau of Data Privacy and Strategy is seeking a Privacy and Security Incident Response Coordinator (Executive Officer 3) to join our team! This team has gained a unique lens by serving the entire agency and working with data owners within each Division. This team works hard to bring the concepts of quality improvement to all of its work, to identify creative solutions to help all Iowa HHS team members best serve Iowans, and to facilitate collaborations and partnerships across the entire Iowa HHS agency and other State of Iowa agencies. We're looking for a new team member to help us with these goals! Iowa HHS Privacy and Security Incident Response Coordinator Under the direction of the Bureau Chief, the Iowa HHS Privacy and Security Incident Response Coordinator will serve in an informal leadership role to lead data privacy incident response, provide guidance on HIPAA Security Rule adherence, and advise on agency decision-making related to National Institute of Standards and Technology (NIST) privacy and security standards. This position is the lead data security officer within Iowa HHS and serves as the agency contact with the State of Iowa HIPAA Security Officer (State Chief Information Security Officer) within the Department of Management and the federal Department of Health and Human Services Office of Civil Rights, as required by law to operate a state Medicaid program and other HIPAA covered programs. This team member will lead agency-wide privacy incident response efforts, draft breach notifications, report to federal regulators, handle large-scale privacy breaches, and develop privacy response policies. This position includes the following tasks: Data Incident Response Leadership Role: Manage all Iowa HHS privacy and security incident responses, including potential and actual breaches of confidential information. Primary Contact: Act as the main advisor for Iowa HHS staff on potential and actual privacy breaches of confidential information. Incident Review: Assess privacy incident reports from Iowa HHS staff, HHS contractors, agency partners, and business associates. Determine appropriate actions, including initiating incident response teams, issuing breach notification letters, or reporting to federal regulatory bodies. Collaboration: Collaborate with the Iowa Department of Management to report suspected information security incidents or breaches, interpret necessary actions, and determine if a privacy incident has occurred. Partner with the State of Iowa Chief Information Security Officer to develop and implement joint procedures between information security and privacy functions. Breach Notifications: Draft and approve breach notification letters required by law for HIPAA breaches, 42 CFR Part 2 breaches, and Iowa Code 715C breaches. Federal Reporting: Oversee the reporting of privacy and security incidents to all HHS regulators, including the Federal Department of Health and Human Services, Office of Civil Rights. Serve as the lead agency contact for HIPAA investigations conducted by the federal Office of Civil Rights. Compile and provide documentation required for investigations and represent Iowa HHS during calls and site visits. CMS Reporting: Report privacy incidents concerning CMS dually eligible individuals to the Federal Department of Health and Human Services as required by law. Incident Response Leadership: Lead, coordinate, facilitate, and manage privacy incident response during large-scale incidents or breaches involving 500 or more Iowans. Interagency Coordination: Liaise with other divisions within the agency and other state agencies to coordinate the incident response process. This includes coordination across all Business Associates of HHS. Policy and Plan Development: Develop, implement, and evaluate incident response policies and procedures for Iowa HHS, including collaboration procedures with the Department of Management on privacy and security incidents. Tracking and Metrics: Maintain tracking and performance metrics on privacy incidents for Iowa HHS. Inform leadership about root causes and current issues. Advisory Role: Advise leadership on opportunities for improvement related to privacy incident response. Iowa HHS HIPAA Security Liaison HIPAA Security Oversight: Serve as the agency's principal authority on the requirements and contents of the HIPAA Security Rule. Provide leadership with critical information to ensure adherence to contractual agreements with the Iowa Department of Management. HIPAA Security Status Assessment: Maintain comprehensive knowledge of Iowa HHS's current adherence status regarding the HIPAA Security Rule, utilizing input from the Iowa Department of Management. Vendor Security Requirements: Oversee the completion of all business associates with the Vendor Security Questionnaire (VSQ) requirements, ensuring review and approval by Iowa Department of Management. IT Initiative Guidance: Advise leadership on decision-making and resource allocation for IT initiatives impacting the agency's ability to follow the HIPAA Security Rule. Interdepartmental Collaboration: Foster strong working relationships with the Iowa HHS Privacy Officer and Legal Counsel to resolve issues related to the protection of Iowans' private and confidential information. DOM-DOIT Liaison: Act as the primary liaison between Iowa HHS and the Iowa Department of Management security team, ensuring alignment on security needs and initiatives. Federal Law Monitoring: Stay informed about federal changes impacting the HIPAA Security Rule and ensure Iowa HHS's adherence to these updates. Iowa HHS Privacy and Security Regulatory Coordinator Serve as the lead agency expert on privacy and security requirements and recommendations of the National Institute of Standards and Technology (NIST), providing detailed information on requirements. Advise leadership on essential contract elements with the Iowa Department of Management to ensure conformance with NIST standards, when applicable. Maintain thorough knowledge of Iowa HHS's current adherence status with NIST standards, utilizing input from the Iowa Department of Management. Guide leadership on decision-making and resource allocation for IT initiatives affecting the agency's status with following NIST standards. Oversee privacy and security agreements with federal agencies to access confidential data from entities like the Social Security Administration and other federal eligibility hubs. Collaborate with the Iowa HHS Privacy Officer and Legal Counsel to determine the appropriate use and disclosure of information received through federal agency agreements. Perform other duties as assigned. Benefits Working for the State of Iowa comes with its perks. In addition to a competitive salary, you'll enjoy a comprehensive benefits package designed to support your well-being and professional growth: Health, Dental, and Vision Coverage:
Health and dental insurance packages to keep you and your family healthy at a low cost with outstanding coverage! Paid Time Off:
Take time to recharge with paid time off, including vacation (96 hours/year to begin, increasing with years of service), sick leave (144 hours/year), and paid holidays (9 days/year). Retirement Plans:
Participate in retirement plans such as IPERS (employees contribute 6.29% and the State of Iowa contributes 9.44%) as well as our Retirement Investors Club (RIC), Employer Sponsored Retirement Plan (the State of Iowa matches dollar for dollar up to $75/month). Flexible Spending Accounts:
Take advantage of flexible spending accounts for medical and dependent care expenses. Insurance Coverage:
Benefit from life insurance and free long-term disability insurance for added peace of mind. Employee Assistance Program:
Access resources and support through our Employee Assistance Program for personal and professional challenges. Employee Discount Programs:
Enjoy discounts on a variety of goods and services through our employee discount programs. For additional information on benefits
click here . Background Checks Applicants will be required to complete a background check to be considered for this position. The State of Iowa is an EEO/AA Employer HHS values those with "lived experience" and encourages adults who were fostered as youth, foster parents, and/or parents who were in the DHS system to apply. Minorities, women, persons with disabilities and veterans are encouraged to apply (Hearing and Speech Impaired
Relay Iowa 1-800-735-2942 TDD). Our agency uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit
www.dhs.gov/E-Verify . Minimum Qualification Requirements Applicants must meet at least one of the following minimum requirements to qualify for positions in this job classification: 1) Graduation from an accredited four-year college or university with a degree in any field, and experience equal to five years of full
The Iowa Department of Health and Human Services (HHS), Division of Compliance, Bureau of Data Privacy and Strategy is seeking a Privacy and Security Incident Response Coordinator (Executive Officer 3) to join our team! This team has gained a unique lens by serving the entire agency and working with data owners within each Division. This team works hard to bring the concepts of quality improvement to all of its work, to identify creative solutions to help all Iowa HHS team members best serve Iowans, and to facilitate collaborations and partnerships across the entire Iowa HHS agency and other State of Iowa agencies. We're looking for a new team member to help us with these goals! Iowa HHS Privacy and Security Incident Response Coordinator Under the direction of the Bureau Chief, the Iowa HHS Privacy and Security Incident Response Coordinator will serve in an informal leadership role to lead data privacy incident response, provide guidance on HIPAA Security Rule adherence, and advise on agency decision-making related to National Institute of Standards and Technology (NIST) privacy and security standards. This position is the lead data security officer within Iowa HHS and serves as the agency contact with the State of Iowa HIPAA Security Officer (State Chief Information Security Officer) within the Department of Management and the federal Department of Health and Human Services Office of Civil Rights, as required by law to operate a state Medicaid program and other HIPAA covered programs. This team member will lead agency-wide privacy incident response efforts, draft breach notifications, report to federal regulators, handle large-scale privacy breaches, and develop privacy response policies. This position includes the following tasks: Data Incident Response Leadership Role: Manage all Iowa HHS privacy and security incident responses, including potential and actual breaches of confidential information. Primary Contact: Act as the main advisor for Iowa HHS staff on potential and actual privacy breaches of confidential information. Incident Review: Assess privacy incident reports from Iowa HHS staff, HHS contractors, agency partners, and business associates. Determine appropriate actions, including initiating incident response teams, issuing breach notification letters, or reporting to federal regulatory bodies. Collaboration: Collaborate with the Iowa Department of Management to report suspected information security incidents or breaches, interpret necessary actions, and determine if a privacy incident has occurred. Partner with the State of Iowa Chief Information Security Officer to develop and implement joint procedures between information security and privacy functions. Breach Notifications: Draft and approve breach notification letters required by law for HIPAA breaches, 42 CFR Part 2 breaches, and Iowa Code 715C breaches. Federal Reporting: Oversee the reporting of privacy and security incidents to all HHS regulators, including the Federal Department of Health and Human Services, Office of Civil Rights. Serve as the lead agency contact for HIPAA investigations conducted by the federal Office of Civil Rights. Compile and provide documentation required for investigations and represent Iowa HHS during calls and site visits. CMS Reporting: Report privacy incidents concerning CMS dually eligible individuals to the Federal Department of Health and Human Services as required by law. Incident Response Leadership: Lead, coordinate, facilitate, and manage privacy incident response during large-scale incidents or breaches involving 500 or more Iowans. Interagency Coordination: Liaise with other divisions within the agency and other state agencies to coordinate the incident response process. This includes coordination across all Business Associates of HHS. Policy and Plan Development: Develop, implement, and evaluate incident response policies and procedures for Iowa HHS, including collaboration procedures with the Department of Management on privacy and security incidents. Tracking and Metrics: Maintain tracking and performance metrics on privacy incidents for Iowa HHS. Inform leadership about root causes and current issues. Advisory Role: Advise leadership on opportunities for improvement related to privacy incident response. Iowa HHS HIPAA Security Liaison HIPAA Security Oversight: Serve as the agency's principal authority on the requirements and contents of the HIPAA Security Rule. Provide leadership with critical information to ensure adherence to contractual agreements with the Iowa Department of Management. HIPAA Security Status Assessment: Maintain comprehensive knowledge of Iowa HHS's current adherence status regarding the HIPAA Security Rule, utilizing input from the Iowa Department of Management. Vendor Security Requirements: Oversee the completion of all business associates with the Vendor Security Questionnaire (VSQ) requirements, ensuring review and approval by Iowa Department of Management. IT Initiative Guidance: Advise leadership on decision-making and resource allocation for IT initiatives impacting the agency's ability to follow the HIPAA Security Rule. Interdepartmental Collaboration: Foster strong working relationships with the Iowa HHS Privacy Officer and Legal Counsel to resolve issues related to the protection of Iowans' private and confidential information. DOM-DOIT Liaison: Act as the primary liaison between Iowa HHS and the Iowa Department of Management security team, ensuring alignment on security needs and initiatives. Federal Law Monitoring: Stay informed about federal changes impacting the HIPAA Security Rule and ensure Iowa HHS's adherence to these updates. Iowa HHS Privacy and Security Regulatory Coordinator Serve as the lead agency expert on privacy and security requirements and recommendations of the National Institute of Standards and Technology (NIST), providing detailed information on requirements. Advise leadership on essential contract elements with the Iowa Department of Management to ensure conformance with NIST standards, when applicable. Maintain thorough knowledge of Iowa HHS's current adherence status with NIST standards, utilizing input from the Iowa Department of Management. Guide leadership on decision-making and resource allocation for IT initiatives affecting the agency's status with following NIST standards. Oversee privacy and security agreements with federal agencies to access confidential data from entities like the Social Security Administration and other federal eligibility hubs. Collaborate with the Iowa HHS Privacy Officer and Legal Counsel to determine the appropriate use and disclosure of information received through federal agency agreements. Perform other duties as assigned. Benefits Working for the State of Iowa comes with its perks. In addition to a competitive salary, you'll enjoy a comprehensive benefits package designed to support your well-being and professional growth: Health, Dental, and Vision Coverage:
Health and dental insurance packages to keep you and your family healthy at a low cost with outstanding coverage! Paid Time Off:
Take time to recharge with paid time off, including vacation (96 hours/year to begin, increasing with years of service), sick leave (144 hours/year), and paid holidays (9 days/year). Retirement Plans:
Participate in retirement plans such as IPERS (employees contribute 6.29% and the State of Iowa contributes 9.44%) as well as our Retirement Investors Club (RIC), Employer Sponsored Retirement Plan (the State of Iowa matches dollar for dollar up to $75/month). Flexible Spending Accounts:
Take advantage of flexible spending accounts for medical and dependent care expenses. Insurance Coverage:
Benefit from life insurance and free long-term disability insurance for added peace of mind. Employee Assistance Program:
Access resources and support through our Employee Assistance Program for personal and professional challenges. Employee Discount Programs:
Enjoy discounts on a variety of goods and services through our employee discount programs. For additional information on benefits
click here . Background Checks Applicants will be required to complete a background check to be considered for this position. The State of Iowa is an EEO/AA Employer HHS values those with "lived experience" and encourages adults who were fostered as youth, foster parents, and/or parents who were in the DHS system to apply. Minorities, women, persons with disabilities and veterans are encouraged to apply (Hearing and Speech Impaired
Relay Iowa 1-800-735-2942 TDD). Our agency uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit
www.dhs.gov/E-Verify . Minimum Qualification Requirements Applicants must meet at least one of the following minimum requirements to qualify for positions in this job classification: 1) Graduation from an accredited four-year college or university with a degree in any field, and experience equal to five years of full