Privacy Impact Assessment Specialist 0176-1609
Privacy Impact Assessment Specialist 0176-1609
Posted on :
10-10-2024
Employer Active
The job posting is outdated and position may be filled
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
HM Note: This hybrid role is three (3) days in office
Background Information:
The purpose of this procurement of a Senior Privacy (PIA) Specialist is to acquire a contingent resource to act as a dedicated privacy subject matter expert to assist with supporting privacy matters related to a number of key Information Technology projects that include provincial Electronic Health Record (EHR) initiatives AI Scribe; Homecare; Provincial Viewers etc.
Ontario Health is seeking a Privacy resource to ensure that Ontario Health maintains compliance with its legal and contractual privacy obligations and builds privacy into the design of projects that involve personal health information (PHI) thus reducing risk for the organization and protecting the trust and privacy of individuals whose PHI we manage.
Must haves:
- Minimum of 3 years health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;
- Minimum 5 years direct operational level privacy experience preferably in a health sector and/or IT environment
- Minimum 5 years experience drafting and reviewing privacy requirements for data sharing agreements
- Minimum 5 years experience developing privacy policies and procedures requirements or controls
- Familiarity with the Personal Health Information Protection Act (PHIPA) and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)
- Familiarity with Application Programming Interface (API) functionality and management
- Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure design and data flows
Responsibilities:
- Conducting/Completing Privacy Impact Assessments and associated documentation
- Providing Privacy Consultation on a diverse range of complex multistakeholder health privacy issues and Information Technology (IT) initiatives
- Identify and assess privacy risks including developing risk mitigation plans
- Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
- Reviewing and advising on agreements including data sharing agreements
- Developing privacy requirements for new or changing projects
- Providing privacy advisory and support to business teams
- Other duties as required
Desired Skills:
- Demonstrable knowledge of and nbsp;project and nbsp;management; Knowledge and understanding of Project Managements Institutes Project Management Body of Knowledge is an asset
- Experience working on and delivering multiple and nbsp;projects
- Demonstrated project management software skills and experience e.g. MS Project MS Teams etc.
- University undergraduate or graduate degree in Health Computer Science Engineering Law Security or a related discipline from a recognized institution or equivalent experience desired
- Familiarity with Prescribed Entities (PEs) or Prescribed Persons (PP) under the Personal Health Information Protection Act (PHIPA) and their related requirements is an asset
- Familiarity with audit logging and Security Information and Event Management (SIEM) technology is an asset
- Familiarity with technical data protection controls and technology such as encryption and tokenization is an asset
- Knowledge and understanding of Accessibility for Ontarians with Disability Act (AODA) and related regulations and standards is an asset
Required Skills
- Minimum 3 years health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects.: 20 Points
- Minimum 5 years direct operational level privacy experience in a health sector and/or IT environment or both.: 20 Points
- Minimum 5 years experience in developing privacy policies and procedures requirements or controls.: 20 Points
- Minimum 5 years experience drafting and reviewing privacy requirements for data sharing agreements.: 15 Points
- Familiarity with the Personal Health Information Protection Act (PHIPA) and requirements related to Health Information Network Provider (HINP) and Electronic Service Provider (ESP).: 10 Points
- Familiarity with Application Programming Interface (API) functionality and management.: 7.5 Points
- Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure design and data flows.: 7.5 Points
Total 100 Points
Deliverables
Deliverables:
- Over the duration of the engagement the Senior Privacy (PIA) Specialist will support work already in progress as well as new work on Privacy Impact Assessments;
- Work with the project and product teams on risk mitigation of PIA findings as required under PHIPA;
- Support work related to update and/or developing new agreements;
- Other duties as required. Note that knowledge of current privacy and data protection policy and legislation especially Ontarios Personal Health Information Protection Act (PHIPA) will be critical to ensure success.
- Conducting/Completing Privacy Impact Assessments and associated documentation
- Providing Privacy Consultation on a diverse range of complex multistakeholder health privacy issues and Information Technology (IT) initiatives
- Developing risk mitigation plans
- Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
- Reviewing and advising on agreements including data sharing agreements
- Developing privacy requirements for new or changing projects
Knowledge Transfer Details:
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;The Candidate will ensure full knowledge transfer is provided to the Ontario Health team before end of engagement. Some of this might occur at the end of the engagement but will also be shared as information is obtained/consolidated. Key deliverables will be shared with team using an approved format. and nbsp;
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;The Candidate must provide all related documentation as part of Knowledge transfer protocol. Documents will be reviewed by the appropriate leads and signed off by manager/director. and nbsp;
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;The candidate will work collaboratively with Ontario Health team throughout the assignment and ensure key deliverables milestones and documentation are shared. and nbsp;
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;A walkthrough of any demos development etc. will be required before end of engagement as required.
Must Haves:
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;3 years health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;5 years direct operational level privacy experience preferably in a health sector and/or IT environment
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;5 years experience drafting and reviewing privacy requirements for data sharing agreements
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
