logo

View all jobs

IPAA Consulting Project Manager

State Of NC, NC


 
Conduct a HIPAA privacy and security gap analysis and prepare a written report that includes specific prioritized short and long-term recommendations for HIPAA privacy and security compliance for each campus covered entity and for the University. Vendor will conduct in person meetings with key stakeholders and University leadership to deliver assessment of findings.Associated activities required in support of this objective include: oConduct a thorough Analysis. The Analysis will specifically evaluate the current standing of Appalachian State practices in relation to HIPAA Privacy and Security rules. This will include current University operations and policy status as compared to HIPAA Privacy and Security Rule standard and specific steps to strengthen our HIPAA program. The analysis must include: Identification and verification of University covered entities. Administration policies and Procedures in all HIPAA covered entities, connected offices and departments Physical facility and office conditions in all HIPAA covered entities, connected offices and departments.Information technologies in use by all HIPAA covered entities, connected offices and departments.o Conduct onsite visits of all involved branches/programs in order to evaluate physical structures to determine if building or space modifications are required to comply with HIPAA Privacy and Security regulations.oInterview selected management and staff members regarding common privacy and security related practices within branches/programs and between branches/programs to include, but not be limited to, disposal, storage, and encryption practices or procedures.oInterview selected IT and covered entity staff members oIdentify all information systems and communication networks that store, maintain, or transmit ePHI and determine compliance with HIPAA Privacy and Security regulations.oEvaluate the potential risks (to include the cost of failure related to privacy or security breaches and related public communication costs) associated with how the different divisions/programs collect, use, manage, house, disclose and dispose of information and evaluate options or changes to current practices in order to meet HIPAA Privacy and Security regulations.o Review the University incident response plan including reporting and response practices, procedures and policies for sufficiency for HIPAA related requirements.oReview University Human Resources policies, procedures and practices for HIPAA Privacy and Security compliance, including the review of all HIPAA-related agreements for new hires, student/faculty practitioners, research agreements, volunteers etc.oConduct a Cost-Benefit-Risk evaluation on any options that may limit or reduce the number of University CEs via changes to billing and remuneration for services.oProvide a list of prioritized actions needed to address any identified deficiencies including an assessment of required effort and resource recommendations in terms of staffing, technology, or other elements required to address aforementioned actions and objectives.

Conduct a thorough Analysis. The Analysis will specifically evaluate the current standing of Appalachian State practices in relation to HIPAA Privacy and Security rules. This will include current University operations and policy status as compared to HIPAA Privacy and Security Rule standard and specific steps to strengthen our HIPAA program. The analysis must include: Identification and verification of University covered entities. Administration policies and Procedures in all HIPAA covered entities, connected offices and departments Physical facility and office conditions in all HIPAA covered entities, connected offices and departments.Information technologies in use by all HIPAA covered entities, connected offices and departments.o Conduct onsite visits of all involved branches/programs in order to evaluate physical structures to determine if building or space modifications are required to comply with HIPAA Privacy and Security regulations.oInterview selected management and staff members regarding common privacy and security related practices within branches/programs and between branches/programs to include, but not be limited to, disposal, storage, and encryption practices or procedures.oInterview selected IT and covered entity staff members oIdentify all information systems and communication networks that store, maintain, or transmit ePHI and determine compliance with HIPAA Privacy and Security regulations.oEvaluate the potential risks (to include the cost of failure related to privacy or security breaches and related public communication costs) associated with how the different divisions/programs collect, use, manage, house, disclose and dispose of information and evaluate options or changes to current practices in order to meet HIPAA Privacy and Security regulations.o Review the University incident response plan including reporting and response practices, procedures and policies for sufficiency for HIPAA related requirements.oReview University Human Resources policies, procedures and practices for HIPAA Privacy and Security compliance, including the review of all HIPAA-related agreements for new hires, student/faculty practitioners, research agreements, volunteers etc.oConduct a Cost-Benefit-Risk evaluation on any options that may limit or reduce the number of University CEs via changes to billing and remuneration for services.oProvide a list of prioritized actions needed to address any identified deficiencies including an assessment of required effort and resource recommendations in terms of staffing, technology, or other elements required to address aforementioned actions and objectives.


Vendor will commit to having report ready within no more than 30 days following the completion of all associated activities pertaining to the assessment. Vendor will be able to verbally present findings and answer questions related to report to diverse audiences (technical, governance, executive leadership).At completion of engagement, Vendor will provide sample templates for policies and procedures needed to address identified administrative objectives.


 
More Openings
Licensed Practical Nurse
Physical Therapist/ Injury Management
Share This Job
Powered by