Easy Apply

Please enter a valid email.
Please enter a valid phone number.
Please select a valid country.
Please provide a resume.
You must review and agree before submitting.
Privacy Impact Assessment (PIA) Specialist - Senior
Toronto , Ontario , Canada | 2024-08-28 09:58:33
Background Information:
Ontario Health currently uses and operates two instances of BMC Remedy ITSM (Ontario Health and Ontario Telemedicine Network) used to track and manage incident
and requests, change records, problem investigations and the configuration management database (CMDB). The Remedy ITSM system is used to deliver customer support for all OH end-user systems (both internal and external) through our service desks and technical support teams.) The current BMC Remedy ITSM version (9.1.03) is now end of support and requires an upgrade to maintain customer service support. With Ontario Health’s “cloud first strategy” a migration of all on premise Remedy instances to the SaaS version of Remedy (now called Helix ITSM) will be pursued.

Must haves:
Minimum of 5 years’ health privacy experience conducting privacy impact assessments on medium to high complexity projects                                               Minimum 5 years’ direct operational level privacy experience preferably in a health sector and/or IT environment
Minimum 5 years’ experience developing privacy policies and procedures, requirements or controls
Holds an undergraduate or graduate degree in health, policy, IT, security, law or a related discipline
Familiarity with the Personal Health Information Protection Act, 2004 (PHIPA), and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)
Familiarity with OntarioMD EMR certification
Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure, design, and data flows
Familiarity with Application Programming Interface (API) functionality and management
Familiarity with Public Key Infrastructure (PKI)
 
Responsibilities:
The Senior Privacy Impact Assessment (PIA) Specialist will lead and support various Electronic Health Record (EHR) Modernization initiatives, including:
Develop privacy policies and procedures
Conduct privacy impact assessments for medium to high complex initiatives
May be required to support investigating privacy incidents, patient inquiries, and privacy requests of any kind
Identify and assess privacy risks
Provide privacy advisory and support to business teams
Lead and participate on Ontario Health, regional or provincial committees or project teams as the privacy Subject Matter Expert
Identify privacy requirements
Develop strong relationships with various internal and external stakeholders to foster a culture of privacy
Respond and provide advice and legislative interpretation for information and access requests, consent management requests, complaints or inquiries, appeals and privacy issues under the Personal Health Information Protection Act, 2004 and the Freedom of Information and Protection of Privacy Act                                  Support privacy program projects and activities to improve the efficiency and effectiveness of the Privacy Office
Develop and deliver privacy training for Ontario Health
Other duties as required
 
Desired Skills: 
Completion of a university undergraduate or master’s degree in health, policy, IT, security, law or a related discipline
Demonstrated knowledge and experience of access and privacy requirements and practices, preferably related to the health and public sectors
Recognized security certification or designation is an asset
Excellent knowledge of privacy and security concepts, trends, and issues. This will include an understanding of their impact on business processes, as well as skill with interpretation and communication of principles and compliance requirements
Knowledge and ability to interpret of Ontario’s Personal Health Information Protection Act, 2004 (PHIPA)
Knowledge and ability to interpret Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA)
Analytical skills to understand the current and future access and privacy implications of policies, decisions and business initiatives         
Thorough understanding of “privacy-by-design” and best practices
Experience with conducting and providing oversight for Privacy Impact Assessments and Privacy Threshold Assessments, including developing privacy requirements, risk mitigation plans, corporate policies and developing and/or delivering training content
Knowledge of technology architecture and infrastructure, digital health solutions and services, enterprise and corporate IT including information and cyber security preferred
Working knowledge of digital health technologies and information security industry standards
Excel in a fast-paced and project focused environment
Exceptional analytic and creative problem-solving abilities
Good understanding of related disciplines, such as IT system design, policy development (privacy or security), business architecture, legal processes, Freedom of Information administration, business analysis, risk management, project management
Knowledge of Information Technology concepts and processes that impact the protection of personal information, including (but not limited to) Internet tools, system interfaces, information security, information architecture and data flows
Excellent Communication skills both verbal and written, and strong stakeholder engagement skills
Time Management, with the ability to manage tight deadlines and prioritize multiple projects    
 
Criteria Details:
Minimum 5 years’ Health privacy experience conducting Privacy Impact Assessments (PIAs) on medium to high complexity projects: 20 points
Minimum 5 years’ direct operational level privacy experience in a health sector and/or IT environment or both: 20 points
Minimum 5 years’ experience developing privacy policies and procedures, requirements or controls: 10 points
Familiarity with the Personal Health Information Protection Act, 2004 (PHIPA), and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP): 15 points
Familiarity with OntarioMD Electronic Medical Records (EMR) Certification: 10 points
Familiarity with EMR or HIS infrastructure, design, and data flows: 10 points
Familiarity with Application Programming Interface (API) functionality and management: 10 points
Familiarity with Public Key Infrastructure (PKI): 5 points
 
Deliverables:
The Senior Privacy Impact Assessment (PIA) Specialist will be required to work with the appropriate teams to: 
Conduct a Privacy Impact Assessment of the entire BMC Helix environment in preparation of the migration of Ontario Heath's Secure Document Storage (SDS) system. SDS is currently on-premise system used to store PI and PHI and will be migrated to BMC's cloud environment as part of this project.
Any additional privacy assessment requirements within the scope of the project.
Conduct/complete Privacy Threshold Assessments and associated documentation
Conduct/complete Privacy Impact Assessments and associated documentation
Provide Privacy Consultation on a diverse range of complex, multi-stakeholder health privacy issues and Information Technology (IT) initiatives throughout the product/service development and deployment life cycle
Develop risk mitigation plans
Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
Review and advise on agreements, including data sharing agreements
 
Additional Terms
Ontario Health assets including laptops and related equipment cannot be removed from the province of Ontario without prior written approval from Ontario Health.
Assignment Type: This position is currently listed as "Hybrid". The resource under this request will be required to work onsite as per Hiring Manager sole discretion.
Knowledge Transfer Details:
The Candidate will ensure full knowledge transfer is provided to the Ontario Health team before end of engagement. Some of this might occur at the end of the engagement but will also be shared as information is obtained/consolidated. Key deliverables will be shared with team, using an approved format. 
The Candidate must provide all related documentation as part of Knowledge transfer protocol. Documents will be reviewed by the appropriate leads and signed off by manager/director. 
The candidate will work collaboratively with Ontario Health team throughout the assignment and ensure key deliverables, milestones, and documentation are shared. 
A walkthrough of any demos, development, etc. will be required before end of engagement, as required.
 
Must Haves:
5+ years’ health privacy experience conducting privacy impact assessments (PIA) on medium to high complexity projects                                                   5+ years’ direct operational level privacy experience preferably in a health sector and/or IT environment
5+ years’ experience developing privacy policies and procedures, requirements, or controls
Familiarity with the Personal Health Information Protection Act, 2004 (PHIPA) and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)