RQ00485 Privacy Impact Assessment (PIA) Specialist Senior

Toronto - Canada

Monthly Salary: CAD 101 - 101

Experience Required: 5-8years

Posted on: 23 hours ago

Vacancies: 1 Vacancy

Job Summary

Deliverables:

The Senior Privacy Impact Assessment (PIA) Specialist will be required to work with the appropriate teams to:

Conduct/complete Privacy Threshold Assessments and associated documentation
Conduct/complete Privacy Impact Assessments and associated documentation
Provide Privacy Consultation on a diverse range of complex multi-stakeholder health privacy issues and Information Technology (IT) initiatives throughout the product/service development and deployment life cycle
Develop risk mitigation plans
Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
Review and advise on agreements including data sharing agreements

Deliverables:

Over the duration of the engagement the Senior Privacy (PIA) Specialist will support work already in progress as well as new work on Privacy Impact Assessments;
Work with the project and product teams on risk mitigation of PIA findings as required under PHIPA;
Support work related to update and/or developing new agreements;
Other duties as required. Note that knowledge of current privacy and data protection policy and legislation especially Ontarios Personal Health Information Protection Act (PHIPA) will be critical to ensure success.

Responsibilities:

The Senior Privacy Impact Assessment (PIA) Specialist will lead and support various IT and data and analytics initiatives including:

Develop privacy policies and procedures
Conduct privacy impact assessments for medium to high complex initiatives
May be required to support investigating privacy incidents patient inquiries and privacy requests of any kind
Identify and assess privacy risks
Provide privacy advisory and support to business teams
Lead and/or participate in OH regional or provincial committees or project teams as the privacy Subject Matter Expert
Identify privacy requirements
Develop strong relationships with various internal and external stakeholders to foster a culture of privacy
Respond and provide advice and legislative interpretation for information and access requests consent management requests complaints or inquiries appeals and privacy issues under the Personal Health Information Protection Act 2004 and the Freedom of Information and Protection of Privacy Act.
Support privacy program projects and activities to improve the efficiency and effectiveness of the Privacy Office
Develop and deliver privacy training for Ontario Health
Other duties as required

Requirements

Must Haves:

Minimum of 5 years health privacy experience conducting privacy impact assessments on medium to high complexity projects
Minimum 5 years experience developing privacy policies and procedures requirements or controls
Familiarity with the Personal Health Information Protection Act 2004 (PHIPA) and its related requirements for Prescribed Entities Prescribed Persons Health Information Network Providers (HINP) and Electronic Service Providers (ESP)

Nice to Have:

Minimum 5 years direct operational level privacy experience preferably in a health sector and/or IT environment
Familiarity with EMR (Electronic Medical Record) or HIS (Health Information System) infrastructure design and data flows
Familiarity with Application Programming Interface (API) functionality and management
Familiarity with Public Key Infrastructure (PKI)

Desired Skills:

Completion of a university undergraduate or masters degree in health policy IT security law or a related discipline
Demonstrated knowledge and experience of access and privacy requirements and practices preferably related to the health and public sectors
Recognized security certification or designation is an asset
Excellent knowledge of privacy and security concepts trends and issues. This will include an understanding of their impact on business processes as well as skill with interpretation and communication of principles and compliance requirements
Knowledge and ability to interpret Ontarios Personal Health Information Protection Act 2004 (PHIPA)
Knowledge and ability to interpret Ontarios Freedom of Information and Protection of Privacy Act (FIPPA)
Analytical skills to understand the current and future access and privacy implications of policies decisions and business initiatives
Thorough understanding of privacy-by-design and best practices
Experience with conducting and/or providing oversight for Privacy Impact Assessments and Privacy Threshold Assessments including developing privacy requirements risk mitigation plans corporate policies and developing and/or delivering training content
Knowledge of technology architecture and infrastructure digital health solutions and services enterprise and corporate IT including information and cyber security preferred
Working knowledge of digital health technologies and information security industry standards
Excel in a fast-paced and project focused environment
Exceptional analytic and creative problem-solving abilities
Good understanding of related disciplines such as IT system design policy development (privacy or security) business architecture legal processes Freedom of Information administration business analysis risk management project management
Knowledge of Information Technology concepts and processes that impact the protection of personal information including (but not limited to) Internet tools system interfaces information security information architecture and data flows
Excellent Communication skills both verbal and written and strong stakeholder engagement skills
Time Management with the ability to manage tight deadlines and prioritize multiple projects

Required Experience:

Minimum 3 years health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects.
Minimum 5 years direct operational level privacy experience in a health sector and/or IT environment or both.
Minimum 5 years experience in developing privacy policies and procedures requirements or controls.
Minimum 5 years experience drafting and reviewing privacy requirements for data sharing agreements.
Familiarity with the Personal Health Information Protection Act (PHIPA) and requirements related to Prescribed Person Authority Prescribed Entity Authority Health Information Network Provider (HINP) and Electronic Service Provider (ESP).
Familiarity with Application Programming Interface (API) functionality and management.
Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure design and data flows.

Required Skills:

Must Haves: Minimum of 5 years health privacy experience conducting privacy impact assessments on medium to high complexity projects Minimum 5 years experience developing privacy policies and procedures requirements or controls Familiarity with the Personal Health Information Protection Act 2004 (PHIPA) and its related requirements for Prescribed Entities Prescribed Persons Health Information Network Providers (HINP) and Electronic Service Providers (ESP) Nice to Have: Minimum 5 years direct operational level privacy experience preferably in a health sector and/or IT environment Familiarity with EMR (Electronic Medical Record) or HIS (Health Information System) infrastructure design and data flows Familiarity with Application Programming Interface (API) functionality and management Familiarity with Public Key Infrastructure (PKI) Desired Skills: Completion of a university undergraduate or masters degree in health policy IT security law or a related discipline Demonstrated knowledge and experience of access and privacy requirements and practices preferably related to the health and public sectors Recognized security certification or designation is an asset Excellent knowledge of privacy and security concepts trends and issues. This will include an understanding of their impact on business processes as well as skill with interpretation and communication of principles and compliance requirements Knowledge and ability to interpret Ontarios Personal Health Information Protection Act 2004 (PHIPA) Knowledge and ability to interpret Ontarios Freedom of Information and Protection of Privacy Act (FIPPA) Analytical skills to understand the current and future access and privacy implications of policies decisions and business initiatives Thorough understanding of privacy-by-design and best practices Experience with conducting and/or providing oversight for Privacy Impact Assessments and Privacy Threshold Assessments including developing privacy requirements risk mitigation plans corporate policies and developing and/or delivering training content Knowledge of technology architecture and infrastructure digital health solutions and services enterprise and corporate IT including information and cyber security preferred Working knowledge of digital health technologies and information security industry standards Excel in a fast-paced and project focused environment Exceptional analytic and creative problem-solving abilities Good understanding of related disciplines such as IT system design policy development (privacy or security) business architecture legal processes Freedom of Information administration business analysis risk management project management Knowledge of Information Technology concepts and processes that impact the protection of personal information including (but not limited to) Internet tools system interfaces information security information architecture and data flows Excellent Communication skills both verbal and written and strong stakeholder engagement skills Time Management with the ability to manage tight deadlines and prioritize multiple projects Required Experience: Minimum 3 years health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects. Minimum 5 years direct operational level privacy experience in a health sector and/or IT environment or both. Minimum 5 years experience in developing privacy policies and procedures requirements or controls. Minimum 5 years experience drafting and reviewing privacy requirements for data sharing agreements. Familiarity with the Personal Health Information Protection Act (PHIPA) and requirements related to Prescribed Person Authority Prescribed Entity Authority Health Information Network Provider (HINP) and Electronic Service Provider (ESP). Familiarity with Application Programming Interface (API) functionality and management. Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure design and data flows.

Deliverables:The Senior Privacy Impact Assessment (PIA) Specialist will be required to work with the appropriate teams to: Conduct/complete Privacy Threshold Assessments and associated documentationConduct/complete Privacy Impact Assessments and associated documentationProvide Privacy Consultation o...

Deliverables:

The Senior Privacy Impact Assessment (PIA) Specialist will be required to work with the appropriate teams to:

Conduct/complete Privacy Threshold Assessments and associated documentation
Conduct/complete Privacy Impact Assessments and associated documentation
Provide Privacy Consultation on a diverse range of complex multi-stakeholder health privacy issues and Information Technology (IT) initiatives throughout the product/service development and deployment life cycle
Develop risk mitigation plans
Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
Review and advise on agreements including data sharing agreements

Deliverables:

Over the duration of the engagement the Senior Privacy (PIA) Specialist will support work already in progress as well as new work on Privacy Impact Assessments;
Work with the project and product teams on risk mitigation of PIA findings as required under PHIPA;
Support work related to update and/or developing new agreements;
Other duties as required. Note that knowledge of current privacy and data protection policy and legislation especially Ontarios Personal Health Information Protection Act (PHIPA) will be critical to ensure success.

Responsibilities:

The Senior Privacy Impact Assessment (PIA) Specialist will lead and support various IT and data and analytics initiatives including:

Develop privacy policies and procedures
Conduct privacy impact assessments for medium to high complex initiatives
May be required to support investigating privacy incidents patient inquiries and privacy requests of any kind
Identify and assess privacy risks
Provide privacy advisory and support to business teams
Lead and/or participate in OH regional or provincial committees or project teams as the privacy Subject Matter Expert
Identify privacy requirements
Develop strong relationships with various internal and external stakeholders to foster a culture of privacy
Respond and provide advice and legislative interpretation for information and access requests consent management requests complaints or inquiries appeals and privacy issues under the Personal Health Information Protection Act 2004 and the Freedom of Information and Protection of Privacy Act.
Support privacy program projects and activities to improve the efficiency and effectiveness of the Privacy Office
Develop and deliver privacy training for Ontario Health
Other duties as required

Requirements

Must Haves:

Minimum of 5 years health privacy experience conducting privacy impact assessments on medium to high complexity projects
Minimum 5 years experience developing privacy policies and procedures requirements or controls
Familiarity with the Personal Health Information Protection Act 2004 (PHIPA) and its related requirements for Prescribed Entities Prescribed Persons Health Information Network Providers (HINP) and Electronic Service Providers (ESP)

Nice to Have:

Minimum 5 years direct operational level privacy experience preferably in a health sector and/or IT environment
Familiarity with EMR (Electronic Medical Record) or HIS (Health Information System) infrastructure design and data flows
Familiarity with Application Programming Interface (API) functionality and management
Familiarity with Public Key Infrastructure (PKI)

Desired Skills:

Completion of a university undergraduate or masters degree in health policy IT security law or a related discipline
Demonstrated knowledge and experience of access and privacy requirements and practices preferably related to the health and public sectors
Recognized security certification or designation is an asset
Excellent knowledge of privacy and security concepts trends and issues. This will include an understanding of their impact on business processes as well as skill with interpretation and communication of principles and compliance requirements
Knowledge and ability to interpret Ontarios Personal Health Information Protection Act 2004 (PHIPA)
Knowledge and ability to interpret Ontarios Freedom of Information and Protection of Privacy Act (FIPPA)
Analytical skills to understand the current and future access and privacy implications of policies decisions and business initiatives
Thorough understanding of privacy-by-design and best practices
Experience with conducting and/or providing oversight for Privacy Impact Assessments and Privacy Threshold Assessments including developing privacy requirements risk mitigation plans corporate policies and developing and/or delivering training content
Knowledge of technology architecture and infrastructure digital health solutions and services enterprise and corporate IT including information and cyber security preferred
Working knowledge of digital health technologies and information security industry standards
Excel in a fast-paced and project focused environment
Exceptional analytic and creative problem-solving abilities
Good understanding of related disciplines such as IT system design policy development (privacy or security) business architecture legal processes Freedom of Information administration business analysis risk management project management
Knowledge of Information Technology concepts and processes that impact the protection of personal information including (but not limited to) Internet tools system interfaces information security information architecture and data flows
Excellent Communication skills both verbal and written and strong stakeholder engagement skills
Time Management with the ability to manage tight deadlines and prioritize multiple projects

Required Experience:

Minimum 3 years health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects.
Minimum 5 years direct operational level privacy experience in a health sector and/or IT environment or both.
Minimum 5 years experience in developing privacy policies and procedures requirements or controls.
Minimum 5 years experience drafting and reviewing privacy requirements for data sharing agreements.
Familiarity with the Personal Health Information Protection Act (PHIPA) and requirements related to Prescribed Person Authority Prescribed Entity Authority Health Information Network Provider (HINP) and Electronic Service Provider (ESP).
Familiarity with Application Programming Interface (API) functionality and management.
Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure design and data flows.

Required Skills: