The Information Privacy Advisor is a subject matter expert, risk evaluator, and leader in interpreting and applying information privacy legislation, standards, and principles in a complex hybrid electronic information and technical healthcare environment. Collaborating with multiple stakeholders operating in a complex healthcare environment, with multi-site responsibilities, the Information Privacy Advisor acts as a liaison and consultant to clinical and business areas to support and promote the confidentiality of personal health information.
The Information Privacy Advisor assists in the development and delivery of privacy audits, education, and awareness initiatives. The Information Privacy Advisor assists Interior Health (IH) management and staff to ensure that information privacy is considered throughout the design or re-design of programs or services, projects, and initiatives; conducts investigations of privacy incidents or complaints; and develops reports and briefings on the status of privacy programs. The Information Privacy Advisor may also represent the Manager and IH on local and/or provincial committees, working groups, and activities.
TYPICAL DUTIES AND RESPONSIBILITIES:
- Provides interpretation and expert advice, both verbally and in writing, to internal staff, physicians, and management on access and privacy legislation and international and eHealth information management standards and principles, with a special emphasis on analyzing privacy risk and application of privacy conscious behaviours into clinical, research, and operations support business workflows.
- Develops, assesses, implements, manages, and makes recommendations on privacy policies, procedures, and processes. This involves the preparation of reports, updates, and briefings for presentations. Reviews and provides input into other related policies and processes to ensure consistency with established policies.
- Facilitates and supports the completion of privacy impact assessments to evaluate whether programs, services, projects, and initiatives comply with privacy requirements; recommends mitigation strategies where necessary.
- Maintains expert knowledge of current information legislation, standards, and information management and privacy trends and issues, including new eHealth directions by the Ministry of Health and other jurisdictions in order to effectively support privacy innovations in healthcare delivery.
- Acts as a project manager on assigned privacy-related projects by developing project plans and charters; identifying major milestones, associated tasks, and timelines; managing deliverables and evaluating outcomes. Acts as a liaison with all staff/physicians across IH, as well as external partners, to enforce and promote privacy practices.
- Analyzes complex information through acute problem-solving to manage and investigate privacy incidents or complaints; develops reports, action plans, and response communications on mitigation strategies; liaises with the Office of Information Privacy Commissioner (OIPC) as required.
- Assists in the development and management of information-sharing agreements with internal and external stakeholders.
- Supports management and staff/physicians to address privacy issues for purposes such as research, education, and quality improvement initiatives.
- Liaises with provincial and federal government agencies, regulatory bodies, legal representatives, external companies and partners, other health care institutions, and the general public as required to gather, provide, and/or clarify information needs or meet reporting requirements.
- Maintains current awareness of privacy trends and legislative changes by monitoring federal and provincial legislation; conducts industry comparisons; and attends seminars and workshops.
- Develops tracking and measurement systems for privacy and security incidents, evaluating the effectiveness of education/training and awareness programs.
- Fosters strong relationships with Risk Management, FOI/Release, Clinical, Business, Research, Education, Communications, and Information Management/Information Technology staff to implement strategic initiatives or directives.
- Builds partnerships with colleagues in other organizations and associations ensuring legislative compliance is met and privacy standards and best practices are adhered to.
- Assists in identifying areas of training needs for personnel within the department.
- Performs other related duties as assigned.
Education, Training, and Experience
Graduation from a recognized degree or diploma program in Health Information Science, Information Management, or a related field with 3 to 5 years of recent, related experience.
Currently enrolled or successfully completed Information Access & Protection of Privacy program (University of Alberta) or holds certification as a Certified Information Privacy Professional/Canada (CIPP/C) or other Canadian industry-recognized privacy certification or at least 1 year of recent, related experience.