Background Information:

The Senior Privacy (PIA) Specialist will act as a dedicated privacy subject matter expert to assist with supporting privacy matters related to a number of key Information Technology projects that include Patients Before Paperwork (PB4P) initiatives, enterprise business intelligence tools, and cloud migration.

Must haves:

• Minimum of 3 years’ health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects 
• Minimum 5 years’ direct operational level privacy experience preferably in a health sector and/or IT environment with familiarity in Application Programming Interface (API) functionality and management
• Minimum 5 years' experience drafting and reviewing privacy requirements for legal and data sharing agreements

 

Responsibilities:

• Conducting/Completing Privacy Impact Assessments and associated documentation
• Providing Privacy Consultation on a diverse range of complex, multi-stakeholder health privacy issues and Information Technology (IT) initiatives
• Identify and assess privacy risks, including developing risk mitigation plans
• Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
• Reviewing and advising on agreements, including data sharing agreements
• Developing privacy requirements for new or changing projects
• Providing privacy advisory and support to business teams
• Other duties as required

Desired Skills: 

• Demonstrable knowledge of project management; Knowledge and understanding of Project Management’s Institute’s Project Management Body of Knowledge is an asset
• Minimum 5 years’ experience developing privacy policies and procedures, requirements, or controls
• Familiarity with the Personal Health Information Protection Act (PHIPA), and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)
• Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure, design, and data flows
• Experience working on and delivering multiple projects
• Demonstrated project management software skills and experience e.g. MS Project, MS Teams etc.
• University undergraduate or graduate degree in Health, Computer Science, Engineering, Law, Security, or a related discipline from a recognized institution or equivalent experience – desired
• Familiarity with Prescribed Entities (PEs) or Prescribed Persons (PP) under the Personal Health Information Protection Act (PHIPA), and their related requirements, is an asset
• Familiarity with audit logging and Security Information and Event Management (SIEM) technology is an asset
• Familiarity with technical data protection controls and technology such as encryption and tokenization is an asset
• Knowledge and understanding of Accessibility for Ontarians with Disability Act (AODA) and related regulations and standards is an asset