Senior Privacy Impact Assessment Specialist

CYNET SYSTEMS - 421 Jobs

Toronto, ON

Posted today

Job Details:

Full-time

Entry Level

Benefits:

Wellness Programs

Job Description:
Responsibilities:

The Privacy Specialist is responsible for the delivery of the privacy and authorities analysis, including management of issues and risks to ensure successful and on-time completion of deliverables.
Gather and develop requirements in order to create and maintain the privacy and authorities analysis.
Articulate and prioritize issues and risks and recommends mitigation strategies for decision makers.
Conducting/Completing Privacy Impact Assessments and associated documentation.
Providing Privacy Consultation on a diverse range of complex, multi-stakeholder health privacy issues and Information Technology (IT) initiatives.
Identify and assess privacy risks, including developing risk mitigation plans.
Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements.
Reviewing and advising on agreements, including data sharing agreements.
Developing privacy requirements for new or changing components.
Providing privacy advisory and support to the product team.

Skills:

Expert knowledge of privacy policies and legislative processes.
Health Protection and Promotion Act (HPPA), Freedom of Information and Protection of Privacy Act (FIPPA) and Personal Health Information Protection Act (PHIPA) and associated Health Information Custodian (HIC) requirements.
Knowledge of immunization workflows and associated authorities models will be of significant benefit.
Certifications like Certified Information Privacy Professional (CIPP) is an asset.
Project Management, or related professional designation (PMP) an asset.
Excellent Communication skills both verbal and written, and strong stakeholder engagement skills.
Past experience with jurisdictional public health programs (example: Immunizations) will be of significant benefit.

Required Experience / Evaluation Criteria:

Minimum 3 years health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects. 20 Points
Minimum 5 years direct operational level privacy experience in a health sector and/or IT environment or both. 20 Points
Minimum 5 years experience in developing privacy policies and procedures, requirements, or controls. 20 Points
Minimum 5 years experience drafting and reviewing privacy requirements for data sharing agreements. 15 Points
Familiarity with the Personal Health Information Protection Act (PHIPA), and requirements related to Health Information Network Provider (HINP) and Electronic Service Provider (ESP). 10 Points
Familiarity with Application Programming Interface (API) functionality and management. 7.5 Points
Familiarity with Electronic Medical Record (EMR) or Pharmacy Management System (PMS) infrastructure, design, and data flows. 7.5 Points

Deliverables Include:

A preliminary privacy and authorities analysis to determine the achievement of the objectives and smooth and timely execution of the project including.
Confirmation of the impacted authorities to permit the collection/contribution of administered vaccinations from all intended health care provider types (hospitals, primary care, pharmacies, public health, long term care etc.).
Confirmation of the data purpose to support the direct delivery of health care (EHR purposes).
Confirmation of authority to disclose of the same data to those health care providers accessing the EHR is permitted.
Documentation of the provisions of patients rights to withdraw consent for the disclosure of their data submitted to the EHR by way of a consent directive are maintained.
The determination of the custodianship of the data submitted to the EHR.
Documentation of authorities required to disclose the data from the EHR to an immunization registry / repository.
Documentation of all other requirements the Prescribed Organization are subject to by its regulator can be achieved.
Over the duration of the engagement, the Privacy Specialist will support work already in progress, as well as deliver a Privacy Impact Assessment on the Immunization Repository.
Work with the project and product teams on risk mitigation of PIA findings as required under PHIPA.
Support work related to updating and/or developing new agreements.

Save