This position is located with the Office of Information Technology (OIT), Health Information Management (HIM) Branch. The purpose of this position is to develop and implement policies and procedures for processing legal, medical documents, insurance and correspondence requests in accordance with federal, state, and local statues as the Privacy Officer. The incumbent reports to the HIM Supervisor (Lead HIM Consultant) or designee.
To qualify for this position, your resume must state sufficient experience and/or education, to perform the duties of the specific position for which you are applying. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; social). You will receive credit for all qualifying experience, including volunteer and part time experience. You must clearly identify the duties and responsibilities in each position held and the total number of hours per week. MINIMUM QUALIFICATIONS GS-14: One (1) year of specialized experience equivalent to at least the GS-13 grade level. Your resume must demonstrate at least one (1) year of specialized experience equivalent to at least the next lower grade level in the Federal service obtained in either the private or public sector performing the following type of work and/or tasks: Managing an institution's Privacy Program to include conducting and completing privacy breach investigations, reviewing and approving Privacy Threshold Analysis (PTA)/Privacy Impact Assessments (PIA) and providing instruction through a privacy training program. Providing recommendations and expert level written opinions in response to inquiries concerning the Privacy Act (PA), Health Insurance Portability & Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, Confidentiality of Substance Use Disorder Patient Records (CFR 42, Part 2) and various other rules, regulations and laws pertaining to the privacy of an institution's data and records. Developing, maintaining and/or managing a Privacy Breach Response Plan. NOTE: Your resume must meet all examples of specialized experience listed above. Time In Grade Federal employees in the competitive service are also subject to the Time-In-Grade Requirements: Merit Promotion (status) candidates must have completed one year of service at the next lower grade level. Time-In-Grade provisions do not apply under the Excepted Service Examining Plan (ESEP). You must meet all qualification requirements within 30 days of the closing date of the announcement.
Privacy Incident Response and Breach Management Serve as a Privacy Officer and as a lead on the Indian Health Service (IHS) Privacy Incident Response Team. Develop and maintain an IHS Breach Response Team. Coordinate breach response exercises and ensure timely reporting of suspected or confirmed privacy breaches. Work with the Senior Agency Official for Privacy (SAOP) to obtain breach notification approvals. Conduct breach risk assessments and maintain breach compliance documentation. Provide support and advice on data loss prevention strategies and the implementation of encryption policies for Personally Identifiable Information (PII). Coordinate the integration of privacy protections in mobile applications and ensure secure encryption practices for applicable devices and systems. Protect the privacy of all PII under the management of the agency. Respond to requests for access to personal information and complaints about privacy violations. Initiate and engage in information technology (I/T) privacy breach investigations relating to the work of individuals employed by IHS directly affecting internal security. Participate in or has access to investigations involving PII and/or Protected Health Information (PHI) to ensure that other employee's duties are discharged honestly and with integrity. Privacy Impact Assessments (PIA) and Compliance Reporting Facilitate Privacy Threshold Analysis (PTA), PIA, and other privacy assessments. Ensure accuracy and compliance prior to Health & Human Services (HHS) SAOP review. Maintain an updated inventory of PIA. Monitor IHS privacy documentation and support ongoing compliance reporting. Work closely with the IHS Chief Information Officer (CIO), Chief Information Security Officer (CISO), Health Information Technology (HIT) Electronic Health Record (EHR) Information System Security Officers and relevant stakeholders to harmonize privacy and cybersecurity policies. Prepare position papers, executive submittals, presentations, memoranda, and other correspondences related to information privacy assurance, enterprise-wide information privacy security and/or system development life cycle policy and standard requirements or modification of existing organizational arrangements. Privacy Program Development and Education Develop, implement, and guide IHS privacy program and services at the Headquarters level to ensure regulatory compliance and address IHS-specific privacy risks. Lead the establishment, monitor, and adjust privacy policies, directives, guidance, standards, and procedures that align with current and emerging HHS requirements of federal and Health Information Management (HIM) privacy regulations from the HHS SAOP. Establish procedures for privacy policy compliance across IHS systems and programs handling PHI. Develop, maintain and oversee mandatory privacy training programs for IHS personnel ensuring compliance with HHS and federal requirements. Develop strategies to provide training and collaborate with the development of processes to mitigate risk. Coordinate with IHS leadership to deliver role-based privacy training for IHS staff members and contractors with updates to reflect regulatory changes.