RQ00514 Sr. Privacy Impact Assessment Specialist

RQ00514 - Sr. Privacy Impact Assessment (PIA) Specialist

1-year contract

ONSITE 5 days a week (subject to HM discretion) - Toronto

Background Information:

The purpose of this procurement is to acquire Senior Privacy (PIA) Specialists to provide dedicated privacy subject matter expertise to assist with supporting privacy matters related to a number of key Information Technology projects including but not limited to provincial Electronic Health Record (EHR) initiatives Provincial Viewers Pb4P initiatives.

Deliverables include but are not limited to:

The Senior Privacy Impact Assessment (PIA) Specialist will be required to work with the appropriate teams to:

Conduct/complete Privacy Threshold Assessments and associated documentation

Conduct/complete Privacy Impact Assessments and associated documentation

Provide Privacy Consultation on a diverse range of complex multi-stakeholder health privacy issues and Information Technology (IT) initiatives throughout the product/service development and deployment life cycle

Develop risk mitigation plans

Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements

Review and advise on agreements including data sharing agreements

Responsibilities:

The Senior Privacy Impact Assessment (PIA) Specialist will lead and support various initiatives include but not limited to:

Develop privacy policies and procedures

Conduct privacy impact assessments for low to high complex initiatives

Investigations of privacy incidents patient inquiries and privacy requests as required

Identify and assess privacy risks

Provide privacy advisory support to business teams

Lead and/or participate in Agency regional or provincial committees or project teams as the privacy Subject Matter Expert

Identify privacy requirements

Develop strong relationships with various internal and external stakeholders to foster a culture of privacy

Respond and provide advice and legislative interpretation for information and access requests consent management requests complaints or inquiries appeals and privacy issues under the Personal Health Information Protection Act 2004 and the Freedom of Information and Protection of Privacy Act.

Support privacy program projects and activities to improve the efficiency and effectiveness of the Privacy Office

Develop and deliver privacy training for the Agency

Other duties as required

Desired Skills:

Completion of a university undergraduate or masters degree in health policy IT security law or a related discipline

Demonstrated knowledge and experience of access and privacy requirements and practices preferably related to the health and public sectors

Recognized security certification or designation is an asset

Excellent knowledge of privacy and security concepts trends and issues. This will include an understanding of their impact on business processes as well as skill with interpretation and communication of principles and compliance requirements

Knowledge and ability to interpret Ontarios Personal Health Information Protection Act 2004 (PHIPA)

Knowledge and ability to interpret Ontarios Freedom of Information and Protection of Privacy Act (FIPPA)

Analytical skills to understand the current and future access and privacy implications of policies decisions and business initiatives

Thorough understanding of privacy-by-design and best practices

Experience with conducting and/or providing oversight for Privacy Impact Assessments and Privacy Threshold Assessments including developing privacy requirements risk mitigation plans corporate policies and developing and/or delivering training content

Knowledge of technology architecture and infrastructure digital health solutions and services enterprise and corporate IT including information and cyber security preferred

Working knowledge of digital health technologies and information security industry standards

Excel in a fast-paced and project focused environment

Exceptional analytic and creative problem-solving abilities

Good understanding of related disciplines such as IT system design policy development (privacy or security) business architecture legal processes Freedom of Information administration business analysis risk management project management

Knowledge of Information Technology concepts and processes that impact the protection of personal information including (but not limited to) Internet tools system interfaces information security information architecture and data flows

Excellent Communication skills both verbal and written and strong stakeholder engagement skills

Time Management with the ability to manage tight deadlines and prioritize multiple projects

Must Haves:

• Minimum of 5 years of health privacy experience conducting privacy impact assessments on medium to high complexity projects
• Minimum 5 years of experience developing privacy policies and procedures requirements or controls
• Experience with the Personal Health Information Protection Act 2004 (PHIPA) including requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP). Experience working with prescribed statuses is considered an asset.
• Holds an undergraduate or graduate degree in health policy IT security law or a related discipline