Description:
Seeking a Senior Privacy Impact Assessment (PIA) Specialist to act as a dedicated privacy expert, supporting IT projects such as Patients Before Paperwork (PB4P), enterprise business intelligence tools, and cloud migration initiatives. This role ensures compliance with legal and contractual privacy obligations, embedding privacy into project design to minimize risks associated with managing personal health information (PHI).
Responsibilities:
- Conduct and complete Privacy Impact Assessments (PIAs) for medium to high complexity projects.
- Provide expert privacy consultation on complex health privacy issues and IT projects.
- Identify and assess privacy risks, developing mitigation plans.
- Assist in creating data flow diagrams, ensuring appropriate privacy controls and compliance measures.
- Advise on and review agreements, such as Data Sharing Agreements (DSAs) and Health Information Network Provider (HINP) agreements.
- Draft and develop privacy requirements for evolving projects.
- Collaborate with business teams to provide ongoing privacy advisory support.
- Ensure full knowledge transfer to the team by sharing key deliverables and documentation.
- Work with project teams to address privacy findings under PHIPA and update existing or new agreements.
- Provide privacy guidance for new technologies and services such as patient portals and Electronic Health Records (EHR).
Skills and Experience Requirements:
Health Privacy and Regulatory Knowledge:
- 3+ years of experience conducting PIAs on medium to high complexity projects.
- 5+ years of operational privacy experience, ideally in healthcare or IT environments, with familiarity in API management.
- Extensive experience in interpreting and applying privacy regulations, including the Personal Health Information Protection Act (PHIPA).
- Expertise in legal and regulatory frameworks, including Freedom of Information and Protection of Privacy Act (FIPPA), and their application to PHI.
- Experience leading or supporting privacy regulatory/policy projects in a healthcare setting.
Technical and Digital Health Expertise:
- Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure and data flows.
- Knowledge of privacy controls and technologies, such as encryption, tokenization, audit logging, and Security Information and Event Management (SIEM) systems.
- Understanding of digital health systems and programs, including patient portals, secure log-in mechanisms, and Electronic Health Records (EHR).
- Ability to interpret and apply privacy policies to digital health projects, ensuring compliance with evolving data protection requirements.
Project and Program Management:
- Demonstrated experience managing complex projects, delivering results within approved scope, budget, and timelines.
- Familiarity with project management methodologies, including knowledge of PMI's Project Management Body of Knowledge (PMBOK).
- Strong experience with tools such as MS Project, MS Teams, and other project management software.
- Experience in strategic IT planning in healthcare contexts, including defining objectives, options analysis, and action planning.
Policy and Procedure Development:
- 5+ years of experience developing privacy policies, procedures, requirements, and controls.
- Expertise in drafting and reviewing privacy requirements for legal and data-sharing agreements.
- Strong understanding of healthcare privacy policies, including the regulatory landscape affecting Health Information Network Providers (HINP) and Electronic Service Providers (ESP).
Additional Skills:
- University degree in Health, Computer Science, Engineering, Law, Security, or a related discipline, or equivalent experience.
- Strong understanding of healthcare systems, digital health systems, and related privacy frameworks.
- Experience leading and supporting change management and communication strategies in relation to privacy processes.
- Familiarity with technical privacy controls such as encryption, tokenization, and audit logging.
- Knowledge of Accessibility for Ontarians with Disabilities Act (AODA) is an asset.
Deliverables:
- Conduct PIAs and address privacy risks for multiple projects.
- Provide privacy guidance on PHI data flows and ensure compliance with PHIPA.
- Collaborate on updates to legal agreements.
- Ensure complete knowledge transfer to the team.