eHealth Ontario is the organization enabling physicians and health care providers establish and maintain electronic health records (EHRs) for all of Ontario’s 13 million residents.
The Privacy Specialist will closely collaborate with eHealth Ontario programs/projects and stakeholders to provide privacy leadership, direction and expertise on a diverse range of complex, multi-stakeholder privacy issues/challenges that are transforming the eHealth landscape. The Privacy Specialist will contribute to the development and maturing of the privacy program and the consulting and assurance practices to improve the efficiency and effectiveness of privacy governance, risk identification and management, legislative compliance, privacy-related agreement frameworks and terms, and privacy policies, procedures, practices, and standards.
Your Chance to Shine
- Manage privacy deliverables and deadlines in support of eHealth projects and providing ongoing consultation for projects as well as corporate and operational activities;
- Analyze proposed solutions architecture, technology, design and IT development processes to identify potential privacy risks, and to recommend options that enhance the adoption of privacy solutions and business processes in the EHR;
- Provide leadership and analysis to respond to and provide advice and legislative interpretation for information and access requests, complaints or inquiries, appeals and privacy issues under the Personal Health Information Protection Act, 2004 and the Freedom of Information and Protection of Privacy Act;
- Promote the understanding and adoption of privacy requirements, safeguards, solutions, products and tools through meetings with the Agency’s decision makers, systems owners, and end users;
- Foster the “privacy by design” principles by ensuring that privacy is built into all systems, processes, and policies undertaken by the organization;
- Act as an ambassador for the Privacy Office by managing project level stakeholder relationships, providing high caliber guidance and direction on privacy-related issues for internal and external stakeholders;
- Provide leadership through mentoring, coaching and providing a quality assurance function to privacy analysts;
- Conduct and provide oversight and direction on the conduct of privacy impact assessments (PIAs) and other privacy assessments, which in turn will provide input into eHealth Ontario’s risk management processes;
- Provide leadership, direction and analysis for the investigation and resolution of privacy incidents, breaches, risks and vulnerabilities;
- Identify, analyze and recommend options for risk management to the Privacy office management team and stakeholders;
- Contribute to the development, efficiency and maturing of the privacy program;
- Develop and conduct privacy training, and presentations for internal and external stakeholders as required.
Your Skills Make the Difference
- Hold a university undergraduate in health information technology, law, public policy or related field preferred. Graduate level or professional degree an asset.
- Industry recognized privacy certifications such as CIPP/C required.
- 5-7 years of relevant experience in privacy and risk management with a demonstrated knowledge of privacy principles, practices, risk management frameworks, technologies, programs and procedures.
Knowledge & Skills:
- Advanced knowledge and direct operational level privacy experience preferably in a health sector and/or IT environment with respect to:
- Ontario’s Personal Health Information Protection Act, 2004 (PHIPA)
- Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA)
- Canadian Standards Association Privacy code (CSA) and the impact and obligations arising from legislation/CSA code on the various individuals and organizations managing personal and personal health information in the health care system broadly;
- Strong understanding and ability to interpret and communicate Risk Management concepts;
- Extensive knowledge and experience spanning topics of relevance to privacy and the business of electronic health records (EHR) and architecture;
- Experienced with PIA methodologies and other risk assessment methodologies and tools;
- Understanding, from a privacy perspective, of agreements frameworks and privacy-related terms applicable to an eHealth environment, and eHealth Ontario’s relationships with stakeholders, data consumers and third parties;
- Exceptional analytical, research, problem solving, business, leadership, writing, and communications skills;
- Ability to learn rapidly, and go deep as needed, on a wide spectrum of topics;
- Proven ability to work independently to manage and prioritize, effectively, multiple competing projects/initiatives to meet the needs of Agency’s clients.