Privacy Advisor

Within the context of a client and family centred model of care and, in accordance with the Mission, Vision and Values, and strategic directions of Providence Health Care, the person promotes a safe, respectful, and civil working environment for patients, residents, families, visitors and staff.

Reporting to the Director, Information Access & Privacy, the Privacy Advisor is a subject matter expert who acts as a liaison and consultant to clinical and business areas to support and promote the confidentiality of personal information. As a member of the Information Access and Privacy Office, the Privacy Advisor will support staff with completion of privacy impact assessments, lead the development and delivery of a PHC-wide privacy education and training program, respond to general privacy enquiries, assist in privacy breach investigations, and support a compliance auditing program.

Education

A level of education, training and experience equivalent to a Bachelor's degree in Health Information Management, Health Information Science or other related field plus three (3) to five (5) years' recent related experience or an equivalent combination of education, training and experience. Completion of an Information Access & Protection of Privacy program or certification as a Certified Information Privacy Professional/Canada (CIPP/C) or other Canadian industry-recognized privacy certification, or evidence of continuing professional development in the area of privacy and information management an asset.

Skills And Abilities

Comprehensive knowledge (good understanding) of audit and privacy concepts, tools and methods.

Comprehensive knowledge (good understanding) of confidentiality of information, privacy protection, data security and other related information privacy and security issues important in a healthcare environment.

Knowledge of BC provincial and other provincial and federal privacy legislation and requirements.

Broad knowledge of the health care environment.

Demonstrated knowledge of electronic information systems and applications and information management processes.

Use of advanced computer skills in a variety of desktop computer applications.

Demonstrated ability to consult, plan, implement, organize and problem solve.

Demonstrated communications, leadership, facilitation and coaching skills.

Demonstrated ability to develop, implement and deliver education and training programs/initiatives.

Advanced analytical and problem solving skills.

Ability to deal with others effectively; to interact with tact and diplomacy with staff at all levels within the organization.

Ability to remain organized and on task while handling multiple priorities.

Demonstrated ability to consult, plan, implement, and organize and problem solve.

Ability to adapt to change in a dynamic environment.

Excellent oral and written communication skills to function within a complex interdisciplinary environment.

Effective leadership and communication skills to foster a respectful and motivating environment.

Use of investigative and analytical skills to research, analyze and interpret data and information from a variety of disparate sources.

Effective stakeholder engagement and management skills and ability to build consensus among groups.

Safe handling of confidential and sensitive information with skill, tact and diplomacy.

Demonstrated ability to exercise initiative and work both independently and in a team environment.

Physical ability to carry out the duties of the position.

Provides interpretation and expert advice, both verbally and in writing, to internal staff, physicians, and management on privacy legislation, principles, standards and best practices, with a special emphasis on analyzing privacy risk and application of privacy conscious behaviours into clinical and operations workflows.

Facilitates and supports the completion of privacy impact assessments to evaluate whether projects and initiatives involving the collection, use or disclosure of personal information comply with privacy requirements. Identifies potential privacy risks and recommends mitigation strategies where necessary.

Leads the development and delivery of a PHC-wide privacy education and training program. Works with other relevant stakeholders to develop appropriate education and training materials. Delivers in-person/on-line education sessions. Assists in the development and delivery of corporate-wide privacy awareness campaigns to inform staff/physicians, patients/residents, and the public regarding privacy rights of personal information.

Supports the development and implementation of an ongoing proactive and reactive compliance audit program.

Investigates privacy incidents and complaints; develops reports, action plans, and response communications on mitigation strategies; liaises with the Office of the Information Privacy Commissioner (OIPC) as required.

Responds to and resolves allegations of non-compliance with corporate privacy policies and procedures and investigates privacy breaches by reviewing, documenting, reporting and developing appropriate action plans.

Works with Leaders to ensure a centralized intake and tracking of privacy related issues and complaints.

Maintains expert knowledge of current information legislation, standards, and information management and privacy trends and issues.

Participates in the development and/or review of policies and procedures that ensure confidentiality and privacy of personal information and achieves PHC privacy standards and goals.

Supports Leaders to ensure compliance to privacy legislation in regards to collection, use and disclosure of personal information for purposes such as research, registries, quality improvement and quality assurance.

Fosters strong relationships with Risk Management, Clinical, Business, Research, Communications and Information Management/Information Technology Systems (IMITS) Staff to implement strategic initiatives or directives.

Builds partnerships with colleagues in other organizations and associations ensuring legislative compliance is met and privacy standards and best practices are adhered to.

Effectively participates and represents Providence Health Care on local and provincial committees.

Collaborates with various programs, including IMITS, Risk Management, Patient Relations, Data Analytics, and/or Communications to develop action plans in response to privacy and/or security breaches.

Assists in Freedom of Information requests that require review, investigation, and reporting of highly sensitive information.

Performs other related duties as assigned.