HIPAA Security Analyst- Visa Independent

IT Business Analyst Responsibilities

• Requirements Gathering: Collaborates with clinical staff and administrators to define what the system must do, such as managing Electronic Health Records (EHR) or billing.
• Process Optimization: Identifies bottlenecks in patient flow or data entry and recommends technical solutions to streamline these tasks.
• User Support & Training: Translates complex technical features into actionable training for doctors, nurses, and administrative staff.

Security Analyst Responsibilities

• Focuses on the protection of Electronic Protected Health Information (ePHI) and regulatory compliance.
• Risk Assessments: Conducts regular audits to identify vulnerabilities in the system’s architecture, data flows, and third-party integrations.
• Access Management: Implements "least-privilege" access and Multi-Factor Authentication (MFA) to ensure staff only see the patient data necessary for their specific roles.
• Incident Response: Detects and responds to security threats, such as phishing or data breaches, and leads the recovery process while documenting findings for legal compliance.
• Vendor Oversight: Manages Business Associate Agreements (BAAs) with system vendors to ensure they meet the organization's security standards

Qualifications

• Regulatory Knowledge: Deep understanding of HIPAA Security Rule and NIST frameworks.
• Interoperability: Knowledge of standards like HL7 or FHIR to ensure the patient system communicates securely with other healthcare platforms.
• Critical Thinking: Balancing "clinical usability" with "risk reduction"—ensuring security measures don't slow down life-saving patient care
• Extensive Security experience especially in pharma space dealing with Patient data
• Effective collaboration with product, data, and business teams
• Good communication and documentation skills and can work with executive leadership on daily basis
• Good functional and domain knowledge of Pharma domain

Healthcare Specific Certifications (Good Plus)

• HCISPP (HealthCare Information Security and Privacy Practitioner): The gold standard for this specific role; it covers healthcare risk, governance, and the legal aspects of patient data.
• C PHIMS (Certified Professional in Healthcare Information and Management Systems): Focuses on the "Business Analyst" side—improving clinical outcomes through better technology management.

Core Security & Audit (Must have)

• CISSP (Certified Information Systems Security Professional): Best for high-level security strategy and architecture.
• CISA (Certified Information Systems Auditor): Critical for the "Analyst" side, focusing on auditing system controls and reporting.

Process & Business Analysis (Must have)

• CBAP (Certified Business Analysis Professional): For mastering requirements gathering and process modeling.
• ITIL 4 Foundation: Useful for understanding how to manage IT services in a high-stakes environment like a hospital

Essential Compliance Documentation Prior Experience (Must have)

• SRA (Security Risk Assessment): A living document that identifies where ePHI is stored, transmitted, or at risk. This is a mandatory HIPAA requirement.
• BAA (Business Associate Agreements): Contracts with third-party vendors) ensuring they also follow strict security standards