DSHS Privacy Officer

About The Position

Requirements

• Working knowledge of HIPAA, information privacy, federal and state privacy laws, and/or compliance with regulatory directives.
• Effective interpersonal and leadership skills.
• Experience preparing oral and written reports, managing projects, and facilitating meetings.
• Ability to prepare effective correspondence and reports for diverse audiences, including executives and senior managers.
• Ability to collect, analyze information and solve work problems.
• Ability to make independent judgments and provide guidance to agency staff.
• Graduation from an accredited four-year college or university with major course work in public policy, public administration, public health, political science, legal studies, information management or a related discipline is required.
• Professional certification in information privacy, information security, or compliance is required or must be attained within twelve months of hire.
• Preference will be given to candidates who hold the Certified Information Privacy Professional (CIPP/US) certification is required, however other relevant professional certifications will be considered.

Nice To Haves

• Working knowledge of public health and/or health and human services programs is preferred.
• Experience developing policies and regulations is preferred.
• A master’s or other graduate degree is preferred.
• Privacy-related work experience may be considered in lieu of education on a year-for-year basis.

Responsibilities

• Serves as DSHS Privacy Officer, agency point of contact, and subject matter expert for all privacy-related matters.
• Oversees daily privacy operations and activities of the privacy program for the agency.
• Leads and oversees incident response management for the agency by responding to actual or suspected privacy incidents, which includes coordinating with appropriate agency staff and stakeholders to investigate, analyze, make breach determinations, and report breaches as required by system, agency, state and/or federal laws to regulatory authorities and others as appropriate.
• Develops recommendations for corrective actions.
• Maintains proper documentation in the privacy incident management system.
• Assists in the development and maintenance of a comprehensive data breach/privacy incident plan.
• Coordinates and oversees agency compliance by conducting privacy threshold assessments, privacy impact assessments, and cybersecurity impact assessments of agency information systems, applications, and new software requests.
• Establishes and maintains effective working relationships with agency leadership, divisions, programs, and staff, as well as with inter-agency partners, local health departments, and other external entities.
• Coordinates, reviews, and/or researches and responds to privacy-related inquiries from internal and external customers, including overseeing the agency HIPAA (Health Insurance Portability and Accountability Act) mailbox.
• Provides privacy subject matter expertise for designated program privacy coordinators, workgroups, and committees.
• Researches current privacy frameworks, principles, and industry standards and develops recommendations for implementation of new solutions and/or improvement opportunities.
• Works to integrate privacy practice into routine business operations by developing and implementing privacy controls, policies, standards, guidelines, and operating procedures.
• Maintains agency wide privacy policies, notices of privacy practices, policy supplements, and internal procedures.
• Coordinates and/or reviews privacy and security controls.
• Monitors for and proposes solutions to privacy risks through incident response management and consultation with program areas.
• Monitors, reviews, and analyzes privacy-related legislation.
• Tracks employee compliance with annual, mandated privacy training.
• Gathers, organizes, and quantifies privacy and security surveys and questionnaire responses to improve privacy training.
• Provides regular reports to agency leadership.
• Coordinates with HHSC (Health and Suman Services Commission) Privacy Division to develop and implement privacy policies, procedures, standards, and controls.
• Coordinates with HHSC Privacy Division to develop and implement privacy awareness and compliance activities, such as training and communications.
• Performs other duties as assigned. Other duties as assigned include but are not limited to active participation and/or support to meet the agency’s obligations for disaster response and/or recovery or continuity of operations activation. Such participation may require an alternate shift pattern, assignment, and/or location

Benefits

• DSHS offers insurance coverage and other benefits available through the State of Texas Group Benefits Plan administered by the Employee Retirement System of Texas (ERS).