Rx2000HIPAA Digest, Volume 35 #1 From: paulsmith@dwt.com Subject: RE: Tools for HIPAA Preparation and Security Education #2 From: john.keller@choa.org Subject: Job Description for Privacy Officer #3 From: anaveira@mercymiami.org Subject: Re: Job Description for Privacy Officer #4 From: tony@sleekcom.com Subject: Re: Job Description for Privacy Officer #5 From: Mary.Cooley@rsacompanies.com Subject: RE: Job Description for Privacy Officer #6 From: RMonson@LHS.ORG Subject: RE: Job Description for Privacy Officer #7 From: Clara.Chandler@sfmed.org Subject: RE: Job Description for Privacy Officer #8 From: ASIAGIAN@ahs.llumc.edu Subject: RE: Job Description for Privacy Officer ********** Message #1 ********** From: paulsmith@dwt.com To: "'Rx2000HIPAA@rx2000.org'" Subject: RE: Tools for HIPAA Preparation and Security Education Date: Fri, 7 Jul 2000 17:32:34 -0700 I understand CPRI has database under development, for release shortly. They are nonprofit. www.cpri-host.org Paul Smith Davis Wright Tremaine paulsmith@dwt.com -----Original Message----- From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] Sent: Wednesday, July 05, 2000 8:24 AM To: Rx2000HIPAA@rx2000.org Subject: RE: Tools for HIPAA Preparation and Security Education Our organization purchased the "HIPAA Early View" from North Carolina Healthcare and Communications Alliance, Inc. From my initial evaluation of the tool, it looks like an excellent assessment and compliance tracking tool (Access database). The web site is www.nchica.org Susan M. DelTurco Security Specialist Heritage Valley Health System sdelturco@hvhs.org -----Original Message----- From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] Sent: Friday, June 30, 2000 9:38 AM To: Rx2000HIPAA@rx2000.org Subject: Tools for HIPAA Preparation and Security Education Has anyone began development of a database that they will be using to track their HIPAA compliance progress? Would you be willing to share that information? I am also looking for information on either an internet/intranet or e-mail education tool that will allow us to distribute information and a short quiz. Once the quiz is complete, e-mail back to the department who distributed the information or enter the information into a database that the employee has completed the online education. Has anyone seen such a tool? Thanks Lisa R. Cavitt Information Services Southern Illinois Healthcare E-Mail: lisa.cavitt@sih.net ********** Message #2 ********** From: john.keller@choa.org To: "'Rx2000HIPAA@rx2000.org'" Subject: Job Description for Privacy Officer Date: Mon, 10 Jul 2000 16:34:09 -0400 Due the significance of all the security and privacy changes that will evolve as part of HIPAA, Senior management at our hospital facility is envisioning the need for a fulltime "privacy officer" position after HIPAA has been implemented. Has anyone else thought about this? If so, has anyone put together a job description for this position? John Keller Children's Healthcare of Atlanta Atlanta, GA john.keller@choa.org ********** Message #3 ********** From: anaveira@mercymiami.org To: Subject: Re: Job Description for Privacy Officer Date: Tue, 11 Jul 2000 10:11:49 -0400 From what I've seen and heard, many organizations are not waiting for = HIPAA implementation, and have already created a position of this nature. It is always better to be ahead of the curve, and having someone that can = understand the regulations and help implement them once they are published is extremely valuable. Whether it is an IT Security Officer or an IT = Security Administrator, one thing is for sure, this position will need to = have good technical and even better interpersonal skills. =20 What has me a bit restless is that since this is such a new position, some = health organizations have no clue what to pay for someone with these = qualities. In addition to a job description, does anyone have any idea of = what salary range a person with these responsibilities would fall in or = maybe even a means by which to help HR personnel see the importance of = such position? Thank you, Alex Naveira Information Systems Mercy Hospital of Miami anaveira@mercymiami.org >>> 07/10/00 04:34PM >>> Due the significance of all the security and privacy changes that will evolve as part of HIPAA, Senior management at our hospital facility is envisioning the need for a fulltime "privacy officer" position after HIPAA has been implemented. Has anyone else thought about this? If so, has = anyone put together a job description for this position? John Keller Children's Healthcare of Atlanta Atlanta, GA john.keller@choa.org=20 ********** Message #4 ********** From: tony@sleekcom.com To: Subject: Re: Job Description for Privacy Officer Date: Tue, 11 Jul 2000 09:17:22 -0500 Ditto. We've also considered the fact that security will probably become a "full-time" position. I would love to see a job description for this position. Tony Boyte Project Manager/Systems Specialist King's Daughters Medical Center tboyte@kdmc.org ----- Original Message ----- From: To: Sent: Monday, July 10, 2000 3:34 PM Subject: Job Description for Privacy Officer Due the significance of all the security and privacy changes that will evolve as part of HIPAA, Senior management at our hospital facility is envisioning the need for a fulltime "privacy officer" position after HIPAA has been implemented. Has anyone else thought about this? If so, has anyone put together a job description for this position? John Keller Children's Healthcare of Atlanta Atlanta, GA john.keller@choa.org ********** Message #5 ********** From: Mary.Cooley@rsacompanies.com To: "'Rx2000HIPAA@rx2000.org'" Subject: RE: Job Description for Privacy Officer Date: Tue, 11 Jul 2000 16:13:53 -0600 Another issue to add to Alex's comments is the reporting structure for the position. You want the position to report through an executive sponsor rather than an IS or Business Unit group leader in order to add clout to the process. As far as pay level, the Security Officer should be at senior manager or director level. Remember they will be wielding their considerable interpersonal skills by making busy people define and document data/system access requirements and by interpreting government mandates that have real corporate risks for non-compliance. They will also be making corporate policy decisions that have long term effect. Mary Cooley Manager Strategic Solutions RSA Companies mary.cooley@rsacompanies.com -----Original Message----- From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] Sent: Tuesday, July 11, 2000 8:12 AM To: Rx2000HIPAA@rx2000.org Subject: Re: Job Description for Privacy Officer In addition to a job description, does anyone have any idea of what salary range a person with these responsibilities would fall in or maybe even a means by which to help HR personnel see the importance of such position? ********** Message #6 ********** From: RMonson@LHS.ORG To: "'Rx2000HIPAA@rx2000.org'" Subject: RE: Job Description for Privacy Officer Date: Tue, 11 Jul 2000 15:31:28 -0700 The SANS Institute at http://www.sans.org/newlook/home.htm has a 1999 Salary Survey for Security Professionals and a couple of job descriptions Security Job Descriptions. I have found this site to be a valuable resource for my own education on security issue. Thank you, Rob Monson, System Analyst Information Resource Dept. Legacy Health System Portland, Oregon Ph#: 503.415.5889 Email: rmonson@lhs.org -----Original Message----- From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] Sent: Tuesday, July 11, 2000 7:12 AM To: Rx2000HIPAA@rx2000.org Subject: Re: Job Description for Privacy Officer From what I've seen and heard, many organizations are not waiting for HIPAA implementation, and have already created a position of this nature. It is always better to be ahead of the curve, and having someone that can understand the regulations and help implement them once they are published is extremely valuable. Whether it is an IT Security Officer or an IT Security Administrator, one thing is for sure, this position will need to have good technical and even better interpersonal skills. What has me a bit restless is that since this is such a new position, some health organizations have no clue what to pay for someone with these qualities. In addition to a job description, does anyone have any idea of what salary range a person with these responsibilities would fall in or maybe even a means by which to help HR personnel see the importance of such position? Thank you, Alex Naveira Information Systems Mercy Hospital of Miami anaveira@mercymiami.org ********** Message #7 ********** From: Clara.Chandler@sfmed.org To: "'Rx2000HIPAA@rx2000.org'" Subject: RE: Job Description for Privacy Officer Date: Wed, 12 Jul 2000 09:26:20 -0400 If you go to this website http://www.sans.org/newlook/resources/index.htm you can find (among many other things!) job descriptions & sample security policies. This is not a healthcare specific site, but a "general" security site. Clara Chandler Web/Security Administrator South Fulton Medical Center East Point, Georgia (404) 305 4918 clara.chandler@sfmed.org My mind works like lightning. One brilliant flash and it is gone. -----Original Message----- From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] Sent: Tuesday, July 11, 2000 10:12 AM To: Rx2000HIPAA@rx2000.org Subject: Re: Job Description for Privacy Officer From what I've seen and heard, many organizations are not waiting for HIPAA implementation, and have already created a position of this nature. It is always better to be ahead of the curve, and having someone that can understand the regulations and help implement them once they are published is extremely valuable. Whether it is an IT Security Officer or an IT Security Administrator, one thing is for sure, this position will need to have good technical and even better interpersonal skills. What has me a bit restless is that since this is such a new position, some health organizations have no clue what to pay for someone with these qualities. In addition to a job description, does anyone have any idea of what salary range a person with these responsibilities would fall in or maybe even a means by which to help HR personnel see the importance of such position? Thank you, Alex Naveira Information Systems Mercy Hospital of Miami anaveira@mercymiami.org >>> 07/10/00 04:34PM >>> Due the significance of all the security and privacy changes that will evolve as part of HIPAA, Senior management at our hospital facility is envisioning the need for a fulltime "privacy officer" position after HIPAA has been implemented. Has anyone else thought about this? If so, has anyone put together a job description for this position? John Keller Children's Healthcare of Atlanta Atlanta, GA john.keller@choa.org ********** Message #8 ********** From: ASIAGIAN@ahs.llumc.edu To: "'Rx2000HIPAA@rx2000.org'" Subject: RE: Job Description for Privacy Officer Date: Wed, 12 Jul 2000 11:23:13 -0700 Agree with you there, and in addition, the position will need to have some background on Health Information Management and the states and feds regulations. As with salary, perhaps using industry standard would be a good start. Alvin Siagian Asiagian@ahs.llumc.edu Loma Linda University Medical Center Information Security Administrator Phone: 909.558.3265 -----Original Message----- From: Rx2000HIPAA@rx2000.org [SMTP:Rx2000HIPAA@rx2000.org] Sent: Tuesday, July 11, 2000 7:12 AM To: Rx2000HIPAA@rx2000.org Subject: Re: Job Description for Privacy Officer From what I've seen and heard, many organizations are not waiting for HIPAA implementation, and have already created a position of this nature. It is always better to be ahead of the curve, and having someone that can understand the regulations and help implement them once they are published is extremely valuable. Whether it is an IT Security Officer or an IT Security Administrator, one thing is for sure, this position will need to have good technical and even better interpersonal skills. What has me a bit restless is that since this is such a new position, some health organizations have no clue what to pay for someone with these qualities. In addition to a job description, does anyone have any idea of what salary range a person with these responsibilities would fall in or maybe even a means by which to help HR personnel see the importance of such position? Thank you, Alex Naveira Information Systems Mercy Hospital of Miami anaveira@mercymiami.org