Privacy Impact Assessment (PIA) Specialist
Hypid – 3 Days OnSite (Toronto)
12 Months + Option to Extend
Must Haves:
- Minimum 3 years’ health privacy experience conducting privacy impact assessments (PIAs) on medium high complexity projects
- Minimum 5 years’ direct operational level privacy experience in a health sector and/or IT environment or both
- Minimum 5 years’ experience in developing privacy policies and procedures, requirements, or controls
- Minimum 5 years’ experience drafting and reviewing privacy requirements for data sharing agreements
- Familiarity with the Personal Health Information Protection Act (PHIPA), and requirements related to Health Information Network Provider (HINP) and Electronic Service Provider (ESP).
Deliverables include, but are not limited to:
- Conducting/Completing Privacy Impact Assessments and associated documentation
- Providing Privacy Consultation on a diverse range of complex, multi-stakeholder health privacy issues and Information Technology (IT) initiatives related to home and community care modernization and OHT deployment
- Developing risk mitigation plans
- Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
- Reviewing and advising on agreements, including data sharing agreements
- Developing privacy requirements for new or changing projects
Responsibilities:
- Develop privacy policies and procedures
- Conduct privacy impact assessments for medium to high complex initiatives and/or implement mitigations activities in response to recommendations from PIAs
- Identify and assess privacy risks
- Provide privacy advisory and support to business teams
- Lead and/or participate on OH, regional or provincial committees or project teams as the privacy Subject Matter Expert
- Identify privacy requirements
- Develop strong relationships with various internal and external stakeholders to foster a culture of privacy
- Respond and provide advice and legislative interpretation for information and access requests, consent management requests, complaints, or inquiries, appeals and privacy issues under the PHIPA
- Support privacy program projects and activities to improve the efficiency and effectiveness of the Privacy Office
- Other duties as required