Accerta is seeking to recruit a Privacy & Security Officer. This permanent full-time position will start immediately.
The Privacy & Security Officer is responsible for policy development and regulatory compliance. The role oversees the development and adherence to procedures covering data and technical security, privacy, access, and private health information as well as private information. This role will manage the privacy and security function with annual expectations on compliance review, training etc.
Independently navigating through the breach protocol and apply subject matter expertise to assess the magnitude and implications of breach. Create incident reports and other communication mechanisms to rectify the breach.
Monitoring of compliance and controls will be completed daily and monthly. Quality assurance is monitored daily with internal audits conducted monthly. Each will require monthly reports i.e. scorecards with an expectation of communication to the ELT and potentially the plan sponsors and Board of Directors.
Continuous improvement is expected to close the loop on the outcomes of the monitoring activities. Continuous Quality Improvement Plans (CQIPs) will be required to operationalize solutions to reduce the risk of privacy breaches as well as look for ways to improve operational efficiencies.
Privacy & Security:
- Bring a deep knowledge and passion for privacy; innovate and propose new features and functionality related to privacy and data protection
- Provide organizational subject matter expertise on privacy and other data regulatory requirements including federal and provincial privacy legislation in Canada and other jurisdictions as applicable for all phases of implementation of new processes, programs etc.
- Independently create and implement corporate privacy policies, privacy design principles, standards, guidelines, procedural manuals, templates, forms, reporting, privacy requirements and contracts used in business operations
- To conduct privacy impact assessments on strategic business initiatives such as new processes, projects, programs, vendor agreements/arrangements
- Provide advice and/or direction to management and staff in response to verbal and written requests on the access, collection, use, disclosure, retention and destruction of personal and confidential information
- Support the organizational procurement cycle from the initial RFI/RFP to assessment & selection of vendors to contract development and solution implementation to ensure privacy compliance through the completion of privacy impact assessments or as appropriate
- Establish and administer a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the company’s privacy policies and procedures in coordination and collaboration with other similar functions
- Review all system-related information security plans throughout the company to ensure alignment between security and privacy practices, and acts as a liaison to the Information Technology department
- Investigate and resolve all privacy complaints/breaches filed concerning the organizations policies and practices
- Perform periodic information privacy risk assessments and conduct related ongoing compliance monitoring activities in coordination with operations.
- Establish with management and operations a mechanism to track access to protected health information as required by law.
- Internal audit activities (post) include the review of the following on a weekly basis with monthly reporting:
- claims to ensure accurate entry and adjudication is according to Schedules
- payments to ensure they are being paid according to Schedules and eligibility
- predeterminations to ensure appropriate approvals and entry
- manual eligibility updates to ensure accurate entry
- Quality assurance activities will be conducted daily:
- review enrollment loads to ensure accuracy and address identified errors or omissions
- review print files to ensure communications to clients is accurate prior to distribution
Reporting and Continuous Improvement:
- Provide daily and weekly reports on privacy & security, quality assurance and internal audits etc.
- Scorecard creation and updating management / team on quality metrics
- Report on risks and opportunities for process improvements (process mapping techniques)
- Create CQIs – Continuous Quality Improvement Plans
- To direct the work in your area to ensure that it is carried on in a safe and productive manner in compliance with the Occupational Health and Safety Act and that the workers are properly protected from conditions hazardous to their health
- Other duties as assigned
- Vice President & Chief Financial Officer
- Accerta staff
- Plan Sponsors
- Dental Providers (potentially)
- Board of Directors (potentially)
- Clients (potentially)
- Post-Secondary Education
- Relevant certifications and education in privacy & security
- Minimum 5 years in a privacy role within the health sector
- A mix of privacy, technology, project management is ideal
- Private health information and working with public sector bodies
- Bring a depth of technical knowledge and experience assessing privacy, security and regulation breaches;
- The ability to translate that knowledge across the company to deliver relevant and actionable guidance to the business.
- Previous experience in owning and delivering functional specifications and business requirements is an asset
- Strong leadership to provide on the job training to new or less experienced staff and good judgement when providing advice and recommendations on privacy related risks;
- Ability to develop strong working relationships with diverse stakeholders
- Excellent interpersonal skills
- Ability to communicate effectively both orally and in writing
- Logic and analytical skills to solve problems
- Familiarity with database concepts
- Work well within team dynamic
- Ability to cope with pressure and deadlines
- Interest and passion for staying on top of industry trends and best practices