Privacy Impact Assessment PIA Specialist 0331-0615
Privacy Impact Assessment PIA Specialist 0331-0615
Posted on :
04-06-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
HM Note: This contract role is remote and candidates can work remotely. Candidates must reside in Ontario Canada. Candidates resume must include first and last name.
Description
Background Information
- The purpose of this procurement of a Senior Privacy (PIA) Specialist is to acquire a contingent resource to act as a dedicated privacy subject matter expert to assist with supporting privacy matters related home and community care including Ontario Health Team (OHT) deployment.
- Ontario Health is seeking a Privacy resource to ensure that Ontario Health maintains compliance with its legal and contractual privacy obligations and builds privacy into the design of projects that involve personal health information (PHI) thus reducing risk for the organization and protecting the trust and privacy of individuals whose PHI we manage.
Must haves:
- Minimum of 3 years health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;
- Minimum and nbsp;5 years direct operational level privacy experience preferably in a health sector and/or IT environment
- Minimum 5 years experience drafting and reviewing privacy requirements for data sharing agreements
- Familiarity with the Personal Health Information Protection Act (PHIPA) and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)
Responsibilities:
- Develop privacy policies and procedures
- Conduct privacy impact assessments for medium to high complex initiatives and/or implement mitigations activities in response to recommendations from PIAs
- Identify and assess privacy risks
- Provide privacy advisory and support to business teams
- Lead and/or participate on Ontario Health regional or provincial committees or project teams as the privacy Subject Matter Expert (SME)
- Identify privacy requirements
- Develop strong relationships with various internal and external stakeholders to foster a culture of privacy
- Respond and provide advice and legislative interpretation for information and access requests consent management requests complaints or inquiries appeals and privacy issues under the PHIPA and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;
- Support privacy program projects and activities to improve the efficiency and effectiveness of the Privacy Office
- Other duties as required
and nbsp;
and nbsp;
Desired Skills:
- Completion of a university undergraduate or masters degree in health policy IT security law or a related discipline
- Demonstrated knowledge and experience of access and privacy requirements and practices preferably related to the health and public sectors
- Excellent knowledge of privacy and security concepts trends and issues. This will include an understanding of their impact on business processes as well as skill with interpretation and communication of principles and compliance requirements
- Knowledge and ability to interpret of Ontarios Personal Health Information Protection Act 2004 (PHIPA)
- Knowledge and ability to interpret Ontarios Freedom of Information and Protection of Privacy Act (FIPPA)
- Analytical skills to understand the current and future access and privacy implications of policies decisions and business initiatives and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;
- Experience with conducting and/or providing oversight for Privacy Impact Assessments including developing privacy requirements risk mitigation plans corporate policies and developing and/or delivering training content
- Working knowledge of digital health technologies and information security industry standards
- Excel in a fast-paced and project focused environment
- Exceptional analytic and creative problem-solving abilities
- Good understanding of related disciplines such as IT system design policy development (privacy or security) business architecture legal processes Freedom of Information administration business analysis risk management project management
- Knowledge of Information Technology concepts and processes that impact the protection of personal information including (but not limited to) Internet tools system interfaces information security information architecture and data flows
- Excellent communication skills both verbal and written and strong stakeholder engagement skills
- Time management with the ability to manage tight deadlines and prioritize multiple projects and nbsp; and nbsp; and nbsp;
and nbsp;
Required Experience / Evaluation Criteria: and nbsp; and nbsp;
- Minimum of 3 years health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects: 20 pts
- Minimum 5 years direct operational level privacy experience preferably in a health sector and/or IT environments: 20 pts
- Minimum 5 years experience drafting and reviewing privacy requirements for data sharing agreements: 20 pts
- Minimum 5 years experience developing privacy policies and procedures requirements or controls: 20 pts
- Familiarity with the Personal Health Information Protection Act (PHIPA) and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP): 20 pts
Total Capabilities Criteria: 100 Points
and nbsp;
Deliverables:
- Over the duration of the engagement the Senior Privacy (PIA) Specialist will support work already in progress to implement mitigations plans in response to open PIAs related to home and community care and the Client and Related Health Information System (CHRIS) that supports this sector;
- Support development of risk assessments and identification of other privacy considerations related to OHT deployment and transfer of records;
- Work with the project and product teams and/or CHRIS tenants on risk mitigation of PIA findings as required under PHIPA;
- Develop policies and procedures to support CHRIS use for home and community care modernization;
- Support work related to update and/or developing new agreements;
- Support onboarding and analysis of privacy readiness assessments;
- Support development of governance models to support ongoing CHRIS privacy operations/collaboration with OHTs;
- Knowledge of current policy/legislation will be critical to ensure that we are collecting the relevant information.
Deliverables include:
- Conducting/Completing Privacy Impact Assessments and associated documentation
- Providing Privacy consultation on a diverse range of complex multi-stakeholder health privacy issues and Information Technology (IT) initiatives related to home and community care modernization and OHT deployment
- Developing risk mitigation plans
- Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
- Reviewing and advising on agreements including data sharing agreements
- Developing privacy requirements for new or changing projects
Knowledge Transfer Details:
- The resource will ensure full knowledge transfer is provided to the Ontario Health team before end of engagement. Some of this might occur at the end of the engagement but will also be shared as information is obtained/consolidated. Key deliverables will be shared with team.
- The resource must provide all related documentation as part of knowledge transfer protocol. Documents will be reviewed by the appropriate leads and signed off by manager/director.
- The resource will work collaboratively with the Ontario Health team throughout the assignment and ensure key deliverables milestones and documentation are shared.
- A walkthrough of any demos development etc. will be required before the end of the engagement.
and nbsp;
Must Haves:
- Minimum of 3 years health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;
- Minimum and nbsp;5 years direct operational level privacy experience preferably in a health sector and/or IT environment
- Minimum 5 years experience drafting and reviewing privacy requirements for data sharing agreements
- Familiarity with the Personal Health Information Protection Act (PHIPA) and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
