Position Summary
The Epic Security Analyst is responsible for the design, configuration, implementation, and ongoing support of user security within the Epic Electronic Health Record (EHR) system. The analyst ensures that access to Epic applications complies with organizational policies, regulatory requirements (e.g., HIPAA), and Epic best practices. This role collaborates with application teams, compliance, and IT security to maintain a secure and efficient access control environment.
Key Responsibilities
Configure and maintain user security templates, roles, and permission sets within Epic.
Perform access provisioning and de-provisioning for end-users, ensuring compliance with organizational security policies.
Conduct regular audits of user access, roles, and login activity.
Support the implementation of security changes during Epic upgrades, new module implementations, and optimization projects.
Collaborate with Epic Application Analysts to align role design with operational workflows.
Troubleshoot and resolve access-related issues in Epic and integrated systems.
Participate in security design reviews for new Epic applications and integration projects.
Document security configurations, workflows, and procedures.
Assist with incident response related to unauthorized access or security breaches.
Maintain confidentiality and ensure compliance with HIPAA and other regulatory standards.
Required Qualifications
Education: Bachelor's degree in Information Technology, Computer Science, Healthcare Administration, or related field (or equivalent experience).
Experience:
4-8 years of experience in Epic security administration or healthcare IT security.
Experience with healthcare regulatory standards (HIPAA, HITECH).
Technical Skills:
Strong understanding of Epic user role concepts, templates, and categories.
Familiarity with Active Directory and identity management systems.
Knowledge of IT security best practices and compliance frameworks.
Mandatory Epic Certifications
(One or more of the following required based on role scope)
Epic Security Coordinator Certification (also known as Epic User Security Certification) - Mandatory
Epic Hyperspace Configuration Certification (optional but preferred)
EpicCare Ambulatory or Inpatient Module Certification (optional, adds value for workflow understanding)
Epic User Provisioning and Access Management Training (Epic Learning Portal course completion mandatory)
Note: Certification must be maintained in good standing with Epic (i.e., current version training completion within Epic UserWeb).
Preferred Qualifications
Prior experience supporting Epic Security in a hospital or health system environment.
Familiarity with compliance auditing (SOX, HITRUST).
Experience using ServiceNow or similar ITSM tools for access requests and incidents.
Excellent analytical, communication, and problem-solving skills.
#INDCAN
