Unity Health Toronto, comprised of Providence Healthcare, St. Joseph's Health Centre and St. Michael's Hospital, works to advance the health of everyone in our urban communities and beyond. Our health network serves patients, residents and clients across the full spectrum of care, spanning primary care, secondary community care, tertiary and quaternary care services to post-acute through rehabilitation, palliative care and long-term care, while investing in world-class research and education. Join our team in our mission to continue to put patients and families at the centre of everything we do, in the role of Privacy Specialist Information Access & Privacy.
As a member of the privacy team, the Privacy Specialist supports the Manager of Privacy, FIPPA & Information Access in ensuring organizational compliance with relevant privacy legislation.
The primary role of the Information Access & Privacy Specialist position is three-fold:
- To assist the Manager to implement, sustain, monitor and improve a comprehensive privacy program in a complex healthcare environment,
- To complete privacy-related deliverables for new projects, including but not limited to PIAs, PIA summaries, obtaining risk mitigation sign off, self-assessments, construction of supportive policies & procedures, and
- To assist the Manager in implementing operational compliance programs (e.g. auditing, research protocol review)
The Specialist will promote and pursue the adoption of relevant best practices and standards, and provide formal and informal analyses and guidance to a variety of stakeholders, with a focus on continuous quality improvement. The Specialist has a considerable degree of interaction with a variety of internal and external stakeholders, including: project managers, vendors, consultants, government/regulatory bodies, expert peers in the healthcare field, clinicians, patients/clients, and members of the public. Leadership and communication skills are required to build credibility and trust, and to accomplish goals with the assistance of internal and external teams.
DUTIES & RESPONSIBILITIES:
- Supports the development of the privacy and information access program by:
-
- Identifying, escalating and tracking risks
- Providing guidance compliant with legislative requirements, regulator¿s expectations, best practices, and organizational risk tolerance
- Planning activities to implement, sustain, monitor and/or improve pieces of the privacy and information access program
- Keeps abreast of changing requirements and trends in privacy and information access
- Conducts research and environmental scans on privacy controls and emerging trends
- Supports the development of projects and other initiatives by: (a) conducting privacy impact assessments (PIAs); (b) providing guidance on technical, manual, procedural and administrative controls recommended to enhance privacy; (c) assisting internal teams to implement recommended controls; and (d) providing feedback on contract and RFS/RFP response content.
- Develops hospital policies & procedures
- Produces documentation to meet internal and external reporting requirements
- Conducts reviews of research applications & provides strategic guidance to researchers setting up research projects and/or programs
- Represents the organization externally
QUALIFICATIONS:
- University undergraduate degree in a related field (e.g., business, public or health administration, library sciences or information management).
- Canadian certification with the International Association of Privacy Professionals (CIPP/C) or an equivalent credential is an asset.
- At least 3 years work experience with interpreting and applying provincial and federal privacy and freedom of information legislation, including PHIPA and FIPPA. Experience in a hospital or long-term care environment required.
- Demonstrated experience in the design and delivery of a piece of an operational privacy program (for example, implementing a training program, piloting an audit regime, operationalizing a policy on the clinical front-lines or administrative back offices).
- Demonstrated experience providing privacy guidance and conducting privacy impact assessments (PIAs). Completion of PIAs or provision of guidance on IM/IT projects required.
- At least two years of experience acting as the member knowledgeable in privacy on a research ethics board, or otherwise providing privacy guidance to researchers/research administration
- Excellent presentation and training skills.
- Information Security training or experience is an asset.
- Project management experience an asset.
- Demonstrated strong analytical and problem-solving skills.
- Knowledge and skills in using Microsoft Office Suite, Adobe Acrobat and other office software.
- Excellent interpersonal, communications and customer service skills. Experience responding to complex inquiries from patients is an asset.
- Ability to work independently, with little day-to-day supervision
- Excellent organizational and time management skills and the ability to respond to a multiplicity of demands and prioritize work activities
- Demonstrated consensus-building capacity in working with internal and external stakeholder groups
#LI-MR1
