The Petaluma Health Center’s mission is to provide high quality health care, with access for all, in Southern Sonoma County. The Center accomplishes this mission through collaborative, innovative programs, services and referral resources that meet the economic needs of the entire community.
The Petaluma Health Center is an eight-time award winner in the North Bay Business Journal’s Best Places to Work for 2017, 2016, 2015, 2014, 2013, 2012, 2011 and 2009 and we were named as one of '2015 Healthiest Companies in the North Bay' by the North Bay Business Journal.
We are a Federally Qualified Health Center (FQHC) that provides primary medical care and mental health services to residents of Petaluma, Rohnert Park, Cotati, Penngrove and surrounding areas. We are organized as a private, non-profit corporation and governed by a consumer and community led Board of Directors.
For more information about us, please visit us at www.phealthcenter.org.
Position Title: Director of Information Technology
Summary of the Role: The Director of Information Technology is responsible for the overall planning, organizing, and execution of all IT functions. This includes directing all IT operations to meet HIPAA requirements as well as the support and maintenance of existing applications and development of new technical solutions. The Director of Information Technology will oversee the following areas: implement & manage IT services; lead and manage the IT department; manage risk, quality improvement and compliance; ensure HIPAA compliance and assume the role of Security Officer. This role reports to the Chief Financial Officer.
Areas of Responsibility:
- Works with Leadership to develop, implement and manage IT services.
- Project Management
- Application and hardware management and participates on all hardware and software evaluations and maintains vendor contracts
- Ensures great user experience
Leadership / Management:
- Manages IT department with the integrity, honesty and knowledge needed to promote the culture, values and mission of Petaluma Health Center
- Manages IT staff, recruiting, training, and ensuring high employee engagement, and accurate timekeeping and reporting,
Quality Improvement/ Risk Management and Compliance:
- Ensures robust QI and PI departmental program, establishing goals and PDSA cycles within the IT department to continually improve services
- Partners with stakeholders to analyze and make data-driven recommendations for process improvement
- Implements systems that minimize and mitigate risks to the organization.
- Ensure the HIPAA security plan is current and meets all regulatory and safety guidelines
- Directs education programs for staff
- Complete risk analyses and periodically review and revise
- Implement contingency plans such as emergency mode operations (finding alternate locations to run critical applications like billing, appointment scheduling or electronic medical records)
- Implement security incident reporting, investigating, sanctions
- Managing system technology to support information security and privacy requirements
- Maintaining the confidentiality, integrity, and availability of data as the security and privacy integrate
- Developing and maintaining security and privacy policies and procedures including management of security risk assessments, the program budget, security complaints and incident activity, and enforcement
- Providing workforce security and privacy training and awareness
- Applying industry standards and best practices
- Providing external compliance assurances and security survey activity
- Developing Business continuity planning
- Developing, implementing, and maintaining the organization's protected health information privacy and security policies, procedures and guidelines in compliance with federal and state laws and accreditation standards, and in coordination with organization leadership, the privacy and HIPAA compliance oversight structure, and legal counsel
- Setting the direction and providing the vision for the privacy compliance program. Planning, implementing, and directing ongoing privacy and data security risk activities
- Reporting on the status of the privacy and data security program
- Measuring effectiveness, performance, and quality of the program to the board, system leadership, and HIPAA and compliance oversight. Also, providing input, recommendations, and guidance on privacy and security issues.
- Coordinating an ongoing compliance auditing and monitoring program of workforce members, business associates, and trading partners to ensure organizational privacy and security policies and procedures are up to date and maintained to address concerns, requirements, and responsibilities
- Establishing and administering a process for the receipt, documentation, receiving, tracking, and investigation of compliance violations against the organization's privacy and data security practices and provide recommendations and execute actions for said violations.
- Investigating and monitoring all complaints to ensure the consistent application of sanctions for failure to comply with privacy practices
- Reviewing all organizational information security and privacy plans to ensure alignment between security and privacy practices
- Collaborating with leadership, key departments, and committees and structures to ensure the implementation, maintenance, enforcement, and update of appropriate documentation (for example, NPP, authorization forms, and investigation forms) as needed in compliance with federal laws, state laws, and relevant accreditation standards
- Performing and directing risk assessments (i.e. protected information privacy and security audits, policies and procedures , trend analyses, audits, projects, and violation investigations) to ensure organizational compliance Ensure organizational compliance with legal, ethical, regulatory, accreditation, licensing, certification requirements, and other administrative requirements regarding privacy and data security, and implementation of supporting administrative , physical, and technical safeguards
- Cooperating with the Office for Civil Rights and other investigative agencies in coordination with organization officers in responding to external
- Conducting compliance reviews or investigations
- Routinely evaluate security and audit processes.
- All IT support staff, including supervisors and technicians.