Director, Privacy Services & Chief Privacy Officer
HOURS OF WORK:
Monday to Friday days but flexibility and overtime will be required as needed
Reporting to the VP - Quality, Performance & Clinical System Transformation, The Director, Privacy Services/Chief Privacy Officer will be responsible for providing strategic leadership, visioning, planning and direction in Privacy & Access. This position leads and supports significant transformation and change management in key areas as the organization continues its transformation journey following the implementation of a new hospital information system (HIS) as the designated lead and Health Information Network Provider (HINP), for our partner St. Mary’s General Hospital (SMGH). The role will collaborate with the senior leadership team and stakeholders to develop and deliver an overall operational improvement strategy, identify opportunities for improvements for the areas of responsibility, and develop innovative strategies to enable and support the organization’s strategic objective to realizing greater value from its data and engage as an effective health system partner. This is achieved through the assessment of current and future business needs and opportunities relative to external industry/regulatory/social/ethical/clinical considerations.
This position requires strong business acumen, advanced and specialized knowledge and experience to ensure compliance with PHIPA and its regulations with regards to service provider and health information network provider requirements and how privacy services are managed. The individual is responsible for applicable team members with a financial accountability for relevant cost centres.
The major responsibilities for this position include:
- Providing continued direction in the ongoing refinement of the organization’s corporate (including that of GRH’s new and expanded role as a HINP) Privacy Program, including a framework that establishes ethical principles and policies for the protection of personal information and Personal Health Information. Ethical principles will be based on the CSA Model Code for the Protection of Personal Information, recognized as a national standard for privacy protection and basis for privacy legislation.
- Serves in a leadership and advisory role to the hospital in relation to Privacy and Access of PI and PHI. Provides advice as it relates to strategic use of data, patient notice and informed consent process related to the collection, use, disclosure and retention of personal information; confidentiality agreements and complaints procedures related to the handling of PI & PHI.
- Leads investigations into alleged breaches of privacy and advises Human Resources on possible consequences considering organization policies, legislative guidance and obligations, precedent and risks.
- Performs initial and periodic information privacy and security reviews, and conducts related ongoing compliance monitoring activities in coordination with the Hospitals’ other compliance and operational assessment functions. Works with Hospitals’ leadership, legal counsel, key departments and committees to ensure the organization has and maintains appropriate privacy, security and confidentiality measures and processes (e.g. consent, audit programs).
- Provides direction for the development, implementation, and ongoing compliance monitoring of all business partner and associate agreements/contracts to ensure that privacy and information management concerns, requirements and responsibilities are addressed.
- Represents the organization’s information privacy and security interests with external parties (government bodies, other organizations and industry association) who undertake to adopt or amend privacy legislation, or who have questions about the organization’s information privacy and security practices. Cooperates with the Office of the Information and Privacy Commissioner, other legal entities and organization officers in any compliance reviews or investigations.
- In addition, it is expected that this role actively works with internal stakeholders and our partners at SMGH to support our transformation in how the organization manages the legal health record; supports and advises on strategic initiatives such as the advancement of data sharing and collaboration initiatives related to progressing organizational data and analytics capabilities and Ontario Health Team development; ensure compliance with all legislative, regulatory and administrative requirements pertaining to the legal health record and remain current on exposure of liabilities related to lack thereof with respect to compliance, provide technical and business direction to support the overall deployment of continuous process improvement initiatives as it relates to the Information management across the organization; and provide strategic direction on executing our responsibilities as a HINP, in collaboration with partners.
- Completion of a master’s degree in a Business, Health or Public Administrative or equivalent combination of education, training and experience deemed equivalent. Must have 10+ years of related experience.
- Leadership experience managing cross functional teams and direct management of teams (both functional and technical).
- Privacy Certification – CIPP/C required.
- Strong knowledge of and ability to interpret and apply legislation and regulations guiding privacy , security and access to information (e.g. FIPPA, PHIPA, PIPEDA, CASL) in a healthcare setting.
- Thorough knowledge of and experience working with electronic medical records systems.
- Strong base of experience and knowledge of strategic, business, risk management, financial planning processes and financial management.
- Broad knowledge of current acute, and primary health care, health reform, and relevant legislations.
- Advanced practical and theoretical knowledge in the specialized areas of responsibility, including principles, practices, processes, procedures, products and services.
- Comprehensive knowledge of the principles and application of organizational change/effectiveness and continuous improvement models. Process improvement certificate an asset.
- Extensive working knowledge of external/industry activities within their area of expertise sufficient to develop creative and innovative solutions to complex organizational issues; and maintain effective participation in relevant industry associations.
- Advanced writing skills sufficient to creatively and precisely articulate ideas that involve interpretation, analysis and assessment of complex conceptual subjects.
- Advanced management/leadership skills sufficient to direct staff and be able to function within a dynamic working environment involving specialists.