Privacy Impact Assessment (PIA) Specialist

Temporary/Contract

Toronto, Ontario

28 Aug 2024

    Our Ontario Government Client is seeking a highly skilled Senior Privacy Impact Assessment (PIA) Specialist with extensive experience in health privacy and IT environments. The ideal candidate will have a solid background in conducting privacy impact assessments, developing privacy policies, and ensuring compliance with the Personal Health Information Protection Act (PHIPA). This role is crucial for supporting Electronic Health Record (EHR) Modernization initiatives and ensuring the secure migration of sensitive health information.

    Must haves:

    • 5+ years of experience in health privacy, conducting PIAs on medium to high complexity projects

    • 5+ years of operational privacy experience in health or IT environments

    • 5+ years of experience developing privacy policies, procedures, or controls

    • Strong familiarity with PHIPA and its requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)

    Responsibilities:

    • Lead and support EHR Modernization initiatives, including developing privacy policies and conducting PIAs

    • Conduct privacy assessments and provide advisory support to business teams

    • Investigate privacy incidents, manage patient inquiries, and address privacy requests

    • Identify and assess privacy risks and develop risk mitigation plans

    • Serve as the privacy subject matter expert on Ontario Health, regional, or provincial committees

    • Develop strong relationships with stakeholders to foster a culture of privacy

    • Provide legislative interpretation and advice on privacy issues under PHIPA and the Freedom of Information and Protection of Privacy Act (FIPPA)

    • Support privacy program projects and deliver privacy training for Ontario Health

    Desired Skills:

    • Degree in health, policy, IT, security, law, or a related discipline

    • In-depth knowledge of privacy and security concepts, trends, and their impact on business processes

    • Strong understanding of privacy-by-design principles and best practices

    • Experience with technology architecture, digital health solutions, and information security standards

    • Ability to work in a fast-paced, project-focused environment with strong time management skills

    Details:

    • Health Privacy Experience: 5+ years of experience conducting PIAs on medium to high complexity projects

    • Operational Privacy Experience: 5+ years in a health sector and/or IT environment

    • Privacy Policy Development: 5+ years of experience developing privacy policies and controls

    • PHIPA Familiarity: Knowledge of PHIPA requirements for HINP and ESP

    • OntarioMD EMR Certification: Familiarity with EMR Certification

    • EMR/HIS Infrastructure Knowledge: Familiarity with EMR or HIS design and data flows

    • API and PKI Familiarity: Knowledge of API functionality and PKI

    Deliverables:

    • Conduct a Privacy Impact Assessment for the migration of Ontario Health's Secure Document Storage (SDS) system to a cloud environment

    • Complete Privacy Threshold Assessments and related documentation

    • Provide privacy consultation on complex, multi-stakeholder health privacy issues

    • Develop risk mitigation plans and create data flow diagrams with privacy controls

    • Review and advise on agreements, including data sharing agreements

    Additional Terms:

    • Assignment is hybrid, with onsite work required per the Hiring Manager's discretion

    • Knowledge transfer must be completed with full documentation provided to Ontario Health before the end of engagement.