AMANST Inc. is looking for
Senior Privacy Impact Assessment (PIA) Specialist for a contract opportunity with Ontario Health.
Requisition deadline: 03 Sep 2024 at 09:50 am
Must Haves
- 5+ years’ health privacy experience conducting privacy impact assessments (PIA) on medium to high complexity projects
- 5+ years’ direct operational level privacy experience preferably in a health sector and/or IT environment
- 5+ years’ experience developing privacy policies and procedures, requirements, or controls
- Familiarity with the Personal Health Information Protection Act, 2004 (PHIPA) and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)
Background Information
Ontario Health currently uses and operates two instances of BMC Remedy ITSM (Ontario Health and Ontario Telemedicine Network) used to track and manage incident and requests, change records, problem investigations and the configuration management database (CMDB). The Remedy ITSM system is used to deliver customer support for all OH end-user systems (both internal and external) through our service desks and technical support teams.) The current BMC Remedy ITSM version (9.1.03) is now end of support and requires an upgrade to maintain customer service support. With Ontario Health’s “cloud first strategy” a migration of all on premise Remedy instances to the SaaS version of Remedy (now called Helix ITSM) will be pursued.
The procurement of the BMC Helix SaaS service was completed February 2023 for a period of 5 years. Transition of the Ontario Health on premise instance of Remedy to Helix is currently underway and estimated to completed by September 23, 2024.
This project will be to track the build and transition the Ontario Telemedicine Network (OTN) on premise Remedy solution and the on premise Secure Document Service (SDS) instance of Remedy (used to house Personal Information / Personal Health Information data to support incident and service request management) to the new Helix SaaS service. Resources will also be tasked with completing outstanding items re-prioritized from Phase 1. Resources required will be: Sr. Architect, HDM Specialist and a Sr Privacy Analyst.
The Senior Privacy Analyst will be procured for an 11 month period, to also be made available for DxH KTLO (‘Keep the Lights On’) projects that are currently not resourced for a Privacy Assessment.
Must Haves
- Minimum of 5 years’ health privacy experience conducting privacy impact assessments on medium to high complexity projects
- Minimum 5 years’ direct operational level privacy experience preferably in a health sector and/or IT environment
- Minimum 5 years’ experience developing privacy policies and procedures, requirements or controls
- Holds an undergraduate or graduate degree in health, policy, IT, security, law or a related discipline
- Familiarity with the Personal Health Information Protection Act, 2004 (PHIPA), and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)
- Familiarity with OntarioMD EMR certification
- Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure, design, and data flows
- Familiarity with Application Programming Interface (API) functionality and management
- Familiarity with Public Key Infrastructure (PKI)
Responsibilities
The Senior Privacy Impact Assessment (PIA) Specialist will lead and support various Electronic Health Record (EHR) Modernization initiatives, including:
- Develop privacy policies and procedures
- Conduct privacy impact assessments for medium to high complex initiatives
- May be required to support investigating privacy incidents, patient inquiries, and privacy requests of any kind
- Identify and assess privacy risks
- Provide privacy advisory and support to business teams
- Lead and participate on Ontario Health, regional or provincial committees or project teams as the privacy Subject Matter Expert
- Identify privacy requirements
- Develop strong relationships with various internal and external stakeholders to foster a culture of privacy
- Respond and provide advice and legislative interpretation for information and access requests, consent management requests, complaints or inquiries, appeals and privacy issues under the Personal Health Information Protection Act, 2004 and the Freedom of Information and Protection of Privacy Act
- Support privacy program projects and activities to improve the efficiency and effectiveness of the Privacy Office
- Develop and deliver privacy training for Ontario Health
- Other duties as required
Desired Skills
- Completion of a university undergraduate or master’s degree in health, policy, IT, security, law or a related discipline
- Demonstrated knowledge and experience of access and privacy requirements and practices, preferably related to the health and public sectors
- Recognized security certification or designation is an asset
- Excellent knowledge of privacy and security concepts, trends, and issues. This will include an understanding of their impact on business processes, as well as skill with interpretation and communication of principles and compliance requirements
- Knowledge and ability to interpret of Ontario’s Personal Health Information Protection Act, 2004 (PHIPA)
- Knowledge and ability to interpret Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA)
- Analytical skills to understand the current and future access and privacy implications of policies, decisions and business initiatives
- Thorough understanding of “privacy-by-design” and best practices
- Experience with conducting and providing oversight for Privacy Impact Assessments and Privacy Threshold Assessments, including developing privacy requirements, risk mitigation plans, corporate policies and developing and/or delivering training content
- Knowledge of technology architecture and infrastructure, digital health solutions and services, enterprise and corporate IT including information and cyber security preferred
- Working knowledge of digital health technologies and information security industry standards
- Excel in a fast-paced and project focused environment
- Exceptional analytic and creative problem-solving abilities
- Good understanding of related disciplines, such as IT system design, policy development (privacy or security), business architecture, legal processes, Freedom of Information administration, business analysis, risk management, project management
- Knowledge of Information Technology concepts and processes that impact the protection of personal information, including (but not limited to) Internet tools, system interfaces, information security, information architecture and data flows
- Excellent Communication skills both verbal and written, and strong stakeholder engagement skills
- Time Management, with the ability to manage tight deadlines and prioritize multiple projects
Criteria Details
- Minimum 5 years’ Health privacy experience conducting Privacy Impact Assessments (PIAs) on medium to high complexity projects: 20 points
- Minimum 5 years’ direct operational level privacy experience in a health sector and/or IT environment or both: 20 points
- Minimum 5 years’ experience developing privacy policies and procedures, requirements or controls: 10 points
- Familiarity with the Personal Health Information Protection Act, 2004 (PHIPA), and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP): 15 points
- Familiarity with OntarioMD Electronic Medical Records (EMR) Certification: 10 points
- Familiarity with EMR or HIS infrastructure, design, and data flows: 10 points
- Familiarity with Application Programming Interface (API) functionality and management: 10 points
- Familiarity with Public Key Infrastructure (PKI): 5 points