The Enterprise Privacy Office is committed to protecting the privacy of patients’ personal health information and promoting a culture of privacy. As a member of the privacy team, the ANALYST, PRIVACY & ACCESS OPERATIONS supports the Supervisor, Privacy and Access Operations in ensuring organizational compliance with relevant privacy legislation, specifically the Health Information Custodian and Health Information Network Provider requirements of the Personal Health Information Protection Act. The Compliance Advisor enhances UHN’s credibility and engenders trust in UHN’s services from a privacy perspective.
The Analyst, Privacy and & Access Operations assists in the day-to-day monitoring of a comprehensive and legally compliant privacy program in a complex healthcare environment, promoting privacy practices and standards through building and conducting, audits, departmental compliance reviews, and developing and delivering privacy and access training.
The Analyst, Privacy and Access Operations must be able to respond to complex situations and understand complex program, system and relationship configurations. The Senior Analyst must have extensive technical knowledge and must be able to use existing analytic tools and also independently identify risks and gaps as new information is presented. The Senior Analyst must be able to effectively communicate complex requirements to a variety of stakeholders and ensure that risks are appropriately mitigated or assumed.
The Analyst, Privacy and Access Operations must be able to confidently provide guidance based on law, best practice, and expanding working knowledge of business requirements. Technical expertise must be significant.
- Interprets laws, regulations, policies, standards, and orders to determine the organization’s rights and obligations
- Recognizes conditions that lead to the application of exceptions to general legal obligations and other teams are engaged to respond appropriately
- Independently identifies and maintains awareness of areas for improving compliance
- Identifies, develops, counsels, recommends and/or implements business processes that maintain or improve organizational privacy compliance, while meeting functional requirements and maintaining business continuity
- Provides analysis of legislative requirements, emerging knowledge, and organizational issues/trends to make recommendations to management
- Performs informal assessments of department’s implementation of privacy and security controls that impact the management of information within the custody and control of the hospital.
- Identifies privacy and security risks within department’s privacy and security controls requiring remediation
- Conducts or coordinates audits of programs, systems and applications, as needed to investigate incidents or respond to concerns by staff, patients or members of the public
- Reviews audit reports received for indications of inappropriate behaviour
Policies and procedure / Tool Development
- Conducts policy gap analysis against legislation and evolving best practices
- Develops and draft policy changes in response to gap analysis
Coordinates consultation and approvals process
- Supports the Corporate Privacy Officer to benchmark, create, implement and evaluate the training plan
- Oversees the acquisition/preparation of training and communications material
- Implements training sessions (i.e. New employee orientation, training refresh, in-services)
- Prepares and distributes privacy communications (e.g. staff awareness initiatives, public messaging)
Responds and offers guidance to patients, public and staff
- Manages patient privacy inquires, complaints, requests for corrections, requests for locking boxes (and some) requests for access in a timely manner and with appropriate sensitivity and good judgment
- Provides technical expertise and responds to inquiries and requests for information on privacy related organizational practices from internal and external stakeholders
- Reviews new or revised government healthcare laws and regulations pertaining to privacy
- Receives or seeks out information on trends, standards, and best practices
Compliance/Monitoring Program Development
- Monitoring for new operational practices
- Managing the Enterprise Privacy & Access Office intranet
- Developing testing/monitoring/auditing strategy
- Assisting with oversight of internal and vendor compliance
Responds to Incidents
- Tracks, investigates and coordinates responses to privacy complaints and incidents
- Identifies all factors relevant to the resolution of an incident or access request including applicable legislation, relevant policies and procedures, clinical and business requirements and obligations to third parties and affected persons
- At minimum, completion of in Health Informatics, Health Administration, Business, Law, Computer Science or related disciplines or recognized equivalent required.
- Graduate degree is an asset.
- At minimum practical and related experience and/or on-the-job training required
- 1+ years’ experience with privacy, and privacy related issues such as information management, information technology, records management (healthcare industry preferred)
- 1+ years of business process and systems analysis and problem resolution (healthcare industry preferred
- Practical working knowledge of privacy and security regulations (e.g. PHIPA, ISO/IEC 27001), trends and issues, with an ability to translate that knowledge to the clinician and patient experience