Privacy Specialist (Research)

St. Michael's Hospital • Full-time • CA, ON, Toronto • 1w ago

Unity Health Toronto, comprised of Providence Healthcare, St. Joseph’s Health Centre and St. Michael’s Hospital, works to advance the health of everyone in our urban communities and beyond. Our health network serves patients, residents and clients across the full spectrum of care, spanning primary care, secondary community care, tertiary and quaternary care services to post-acute through rehabilitation, palliative care and long-term care, while investing in world-class research and education. Join our team in our mission to continue to put patients and families at the centre of everything we do, in the role of Privacy Specialist (Research).

As a member of the privacy team, the Research Privacy Specialist (“Specialist”) supports the research community at Unity Health Toronto in ensuring organizational compliance with relevant privacy legislation within the research portfolio. The Specialist takes day-to-day direction from the Director of Privacy and supports the escalation of risk decisions to the Senior Director, Research Operations or other senior leadership as appropriate. This role has dual reporting to the privacy department and to the research institute.

The Primary Role Of The Specialist Position Is Three-fold

To support the research institute in implementing, sustaining, monitoring and improving a comprehensive privacy program in a complex research hospital environment;
To complete privacy-related deliverables for new, modified and potential research projects, including but not limited to privacy impact assessments (PIAs), PIA summaries, obtaining risk mitigation sign off, self-assessments, construction of supportive policies & procedures; and
To implement operational compliance programs within the research portfolio (e.g. auditing, research protocol review)

The Specialist will promote and pursue the adoption of relevant best practices and standards, and provide analyses and guidance to a variety of research stakeholders, with a focus on continuous quality improvement. The Specialist has a considerable degree of interaction with a variety of internal and external stakeholders, including: principal investigators, research staff, members of Research Ethics Boards, research ethics staff, vendors, government/regulatory bodies, and expert peers in the research privacy field. Leadership and communication skills are required to build credibility and trust, and to accomplish goals with the assistance of internal and external teams.

Duties & Responsibilities

Conducts reviews of research applications and research proposals, and provides strategic guidance to researchers, as well as to the Research Ethics Boards, to ensure compliance with TCPS2, GCP, PHIPA, FIPPA, GDPR, other laws, and internal policies.
Supports the privacy review of research projects and other initiatives by: (a) conducting PIAs; (b) providing guidance on technical, physical and administrative controls to enhance privacy; (c) assisting research and supporting operational teams to implement recommended controls; and (d) escalating risk decisions as appropriate to the relevant subject matter experts and/or leadership of research.
Supports the development of the privacy program by:
- Identifying, escalating and tracking risks;
- Providing guidance that is compliant with legislative requirements, regulator’s expectations, best practices, and organizational risk tolerance; and
- Planning activities to implement, sustain, monitor and/or improve the privacy program.
Keeps abreast of changing requirements and trends in research, privacy and information access.
Conducts environmental scans on privacy controls and emerging trends.
Develops research-related policies & procedures.
Produces documentation to meet internal and external reporting requirements.
Represents the organization externally.

Qualifications

University undergraduate degree in a related field (e.g., business, public or health administration, library sciences or information management).
At least 3 years work experience in interpreting and applying provincial and federal privacy legislation, including PHIPA.
Experience in a hospital or life sciences environment is preferred.
Demonstrated experience acting as the “member knowledgeable in privacy” on a research ethics board, or otherwise providing privacy guidance to researchers/research administration in compliance with TCPS2 and GCP guidelines, is preferred.
Canadian certification with the International Association of Privacy Professionals (CIPP/C) or an equivalent credential is an asset.
Demonstrated experience in the design and delivery of a piece of an operational privacy program (for example, implementing a training program, piloting an audit regime, operationalizing a policy).
Demonstrated experience providing privacy guidance and conducting privacy impact assessments (PIAs).
Excellent presentation and training skills.
Demonstrated strong analytical and problem-solving skills.
Knowledge and skills in using Microsoft Office Suite, Adobe Acrobat and other office software.
Excellent interpersonal, communications and customer service skills.
Ability to work independently, with little day-to-day supervision.
Excellent organizational and time management skills and the ability to respond to a multiplicity of demands and prioritize work activities.
Demonstrated consensus-building capacity in working with internal and external stakeholder groups.
Information Security training or familiarity with cloud and artificial intelligence technologies is an asset. Project management experience an asset.

As a condition of employment, all external hires will be required to submit proof of COVID-19 vaccination or documentation unless a valid accommodation under the Ontario Human Rights Code exists. Please note, if you are extended an offer of employment, you will be required to provide proof of vaccination in Ontario QR Code format. All internal candidates must be in compliance with Unity Health Toronto’s COVID-19 Vaccination Policy.