Policy Advisor - Organizational Compliance

ELNA Medical • Full-time • CA, ON, Hamilton • 2w ago

Position Title: Policy Advisor – Organizational Compliance

Department: IT

Job Location: Hybrid – Based in Montreal, Edmonton, or Hamilton

Job Purpose:

ELNA Medical is committed to protecting the privacy of patients’ personal health information and promoting a culture of privacy and confidentiality. As a member of the IT team, the Policy Advisor – Organizational Compliance is responsible for ensuring organizational compliance with relevant privacy legislation, both provincial and federal, as well as foreign countries, such as the United States.

The Advisor assists the Privacy Office with the implementation, monitoring and auditing of the privacy program in a complex, national healthcare ecosystem, promoting privacy practices and standards and providing formal and informal analyses and guidance.

The Advisor must be able to confidently provide guidance based on law, best practice, and working knowledge of business requirements. The Advisor must have sufficient writing skills, technical knowledge and comprehension of analytical tools to identify risks and gaps as new information is presented. The Advisor must be able to effectively communicate, both verbally and in writing, any requirements and gaps to the Privacy Officer and relevant stakeholders.

Principal Responsibilities:

Policy and Procedure Development and Implementation

Work closely with Operations, HR, and IT teams to identify policy and procedure needs.
Monitor and research changes and trends in legal compliance requirements to ensure policies and procedures remain legally relevant and up to date.
Develop and implement policies and procedures to align with business and legal compliance requirements.
Review and update existing documentation of IT controls, business processes, policies, and procedures.
Conduct risk assessments of existing systems/programs and of new or existing partners, and communicate significant findings to management.
Manage policy development projects from start to finish.
Update, maintain and evaluate the privacy training plan to comply with each province.
Develop and Maintain the Learning Management System (LMS) with relevant training material and audit employee compliance.

Privacy Compliance

Maintain internet and intranet privacy statements.
Support the tracking, investigation and resolution of privacy complaints and incidents.
Respond to patients’ privacy inquiries, complaints, requests for correction, and requests for access in a timely manner.
Provide summarized briefing notes/reporting to assist in better decision making at the management level.
Communicates and escalates non-compliance and incidents to Sr. management and coordinate notices to the provincial privacy bodies.
Maintains and organizes all compliance and reporting documents, based on provincial requirements.
Responds to requests for information pertaining to security and privacy from 3rd party vendors, including responding to relevant portions of RFPs for new business opportunities.
Participates in the Due Diligence process for potential acquisitions, providing a company risk assessment.
Designs improvements for internal controls such as segregation of duties, production change management, software management, security, incident handling, and transmission integrity.
Collaborates with internal and external audit teams, IT management, corporate customers, consultants, and other partners to ensure compliance with internal and external requirements.
Reviews, documents, evaluates, and tests manual and automated IT controls throughout the corporate IT environment, including server, application, computer operations, middleware, and client-side
Perform other duties as assigned to support ELNA Medical and CDL Labs.

The Ideal Candidate will possess:

Bachelor’s Degree in Business, Communications, IT, HR or related vocations, or combination of education and equivalent work experience.
Excellent writing and editing skills tailored to a variety of audiences.
Excellent research skills and ability to understand and communicate legislation in an effective manner to a variety of audiences.
Experience and understanding of Canadian privacy legislation or willingness to learn.
Experience drafting and interpreting policies.
Experience with US privacy laws an asset.
Must be fluent in written and spoken English and French.
Ability to explain difficult technical topics to various stakeholders with varying levels of understanding.
Excellent problem solving, critical thinking, analytical skills.
Ability to handle multiple tasks with strict and conflicting deadlines.
Ability to work in a demanding and fast paced team environment.

Context and Environment:

Must be able to work in a fast paced, high pressure and complex technical environment that requires attention to detail. The ability to sit at a computer and view a computer monitor for an extended period. May be required to work unconventional hours, weekends, holidays, late nights, or early mornings on occasion. Able to employ professionalism, patience, and self-control in high stress situations. Must be able to pass both internal and government mandated security screenings.

Internal Communications:

IT Staff and Management
Executive Team
Clinical staff

External Communications:

Physicians
Provincial and Federal Government and Privacy Offices
Legal Counsel
External parties and vendors
Patients

aromhdqhHs