POSITION: Integrated Privacy Specialist – Grand River Hospital & St Mary’s Hospital - Privacy - Full Time
HOURS OF WORK: 7.5 Hour Shifts Monday to Friday days but flexibility and overtime may be required.
Reporting to the Chief Privacy Officer of GRH and SMGH, the Privacy Specialist works as an integral member of the Privacy Teams, supporting Hospitals and Independent Health Facilities (IHFs) throughout the LHIN who subscribe to patient-care technological services from GRH to ensure standard privacy practices across organizations. The role serves a dual purpose:
1) Collaborate with the Privacy Teams to develop, implement, and evaluate innovative approaches to complex issues relating to the implementation and maintenance of a Privacy Program for the Hospitals and IHFs;
2) Manage the legislative privacy obligations of GRH/SMGH role as Health Information Network Provider (HINP) for the EHR.
Responsibilities include policy development and implementation; guiding intermediary to multidisciplinary/multi-organizational groups with respect to initiatives affecting each organization; advisor to Privacy Teams to facilitate solutions to complex privacy matters; acts as an expert for privacy-related technology including providing training to those who the use the system; education of staff and affiliates; ensuring compliance with HINP duties by overseeing the privacy obligations for the shared services; track statistics and report to Leadership Committees in addition to liaising with Leadership regarding investigations, potential issues and outcomes. This role is a privacy expert/consultant and educator, supporting staff and management in issues related to privacy to ensure the hospitals/IHFs comply with Privacy legislation
• As an expert resource, provide advice and guidance to staff and leaders at the hospitals, recommending and implementing measures to minimize risk to the organization and its staff/affiliates to ensure compliance with both Federal and Provincial Privacy legislations, and other relevant legislations and Standards related to Privacy, Confidentiality and Information Security
• Creates and reviews Privacy Impact Assessments on corporate, program, and department initiatives based on the complexity of the initiative
• Collaborates with other organizations on strategies for implementing Privacy legislation, aiming for a similar approach within Ontario hospitals
• Creates education materials for privacy components of shared services technology and conducts training based on these materials
• Ensures compliance with legislative HINP responsibilities, including, but not limited to:
o Maintaining a public-facing privacy framework to give definition to how we ensure compliance
o Assessing the privacy-readiness and compliance of all organizations who participate in the shared services to protect
the integrity of the services
o Facilitates the process of securing written legal agreements for new initiatives involving participants in the shared system
• Coordinates, chairs and/or leads Task Teams, including, but not limited to the Integrated Privacy Committee and individual policy workgroups, e.g. Information Security, System Access Requests and Agreements, E-mail, Appropriate Use of Computer Resources, etc.
• Develops and implements policies, practices, standards for privacy issues
• Facilitates the implementation of new patient-care initiatives for which we are considered a HINP from a privacy perspective
• Acts as a liaison between GRH/SMGH to facilitate decisions that affect each organization where consensus is required
• Oversees the auditing of the electronic patient record at the respective organizations
• Directs Privacy Teams to perform audits on randomly selected patients and staff/affiliates and ensures the quality of the work performed
• Identifies and implements initiatives to improve efficiency and effectiveness of the auditing process
• University undergraduate degree in a related field (e.g., business, public or health administration, library sciences or information management).
• Canadian certification with the International Association of Privacy Professionals (CIPP/C) or an equivalent credential is an asset or must be willing to obtain within 1 year of employment.
• At least 3 years work experience with interpreting and applying provincial and federal privacy and freedom of information legislation, including PHIPA and FIPPA. Experience in a hospital environment required.
• Demonstrated experience in the design and delivery of a piece of a privacy program (for example, implementing a training program, piloting an audit regime, operationalizing a policy on the clinical front-lines or administrative back offices).
• Demonstrated experience providing privacy guidance and conducting and completing privacy impact assessments (PIAs).
• Demonstrated consensus-building capacity in working with internal and external stakeholder groups.
• At least two years of experience coordinating, chairing and/or leading Task Teams and individual policy workgroups.
• Excellent presentation and training skills.
• Demonstrated strong analytical and problem-solving skills.
• Knowledge and skills in using Microsoft Office Suite, Adobe Acrobat and other office software.
• Excellent interpersonal, communications and customer service skills.
• Ability to work independently, with little day-to-day supervision
• Excellent organizational and time management skills and the ability to respond to a multiplicity of demands and prioritize work activities
• Information Security training or experience is an asset.
• Project management experience an asset.