(Canada) Compliance Analyst

As a member of PointClickCare’s Legal and Compliance team, in the role of Compliance Analyst, you will be instrumental in driving key initiatives and projects that have a substantial impact on PointClickCare, its customers, and other stakeholders. Under the direction of the PointClickCare Privacy Officer, your responsibilities will include identifying, analyzing, and simplifying the ever-evolving compliance requirements relevant to PointClickCare operations across the United States and Canada. Your insights will be crucial in evaluating, adjusting, and implementing PointClickCare compliance and privacy policies, procedures, and training programs. Your ability to provide accurate, timely, and pertinent information will be essential in facilitating informed decisions by the leadership.

Your primary focus will be on the privacy of Protected Health Information (PHI) that PointClickCare manages as a HIPAA business associate on behalf of HIPAA-covered entities, in compliance with other relevant federal and state patient privacy laws (e.g., 42 CFR Part 2). However, a significant part of your role will also involve navigating the complex landscape of emerging privacy laws related to consumers and employees that impact specific aspects of PointClickCare operations.

Beyond proactive policy development, your expertise will be sought in addressing daily compliance issues arising within and outside the company. This includes responding to inquiries about specific information security incidents and customer queries about PointClickCare data usage practices.

In this capacity, you will work closely with colleagues from various departments, including Security and Trust, Data Intelligence, Product Management, Clinical Solutions, Customer Success, and Government Affairs.

1. Assist in the development of, and ongoing updates to, PointClickCare’s compliance policies, controls, and training materials
2. Identify, communicate, and document privacy risks, privacy policy gaps, and privacy policy exceptions
3. Stay informed of relevant regulatory and industry changes, trends, and best practices and assess the potential impact of these changes on PointClickCare
4. Meet regularly with the Product Management and Clinical Solutions teams to ensure “privacy-by-design” in all PointClickCare services
5. Assist in responding to internal and external privacy impact assessments, privacy questionnaires, and other privacy compliance questions
6. Assist the Security and Trust team on all privacy-related matters within security assessments / audits (e.g., HITRUST CSF, SOC 2 Type II)
7. Assist the Security and Trust team in analyzing privacy implications and reporting obligations related to information security incidents / events
8. Work with Cloud Operations and other data storage teams to ensure alignment with privacy policies and data retention policies
9. Perform privacy risk, impact, and compliance assessments of sub-business associates and third-party service providers
10. Assist with responses to data / records requests

Required Experience and Skills:

• 2-4 years of relevant work experience
• Extensive knowledge and experience in United States health and general privacy compliance requirements
• Ability to understand, compare, analyze, and communicate complex regulatory and business challenges
• Experience defining, drafting, and implementing policies and training materials
• Experience conducting ongoing privacy compliance and monitoring activities
• Strong organization, facilitation, communication, and presentation skills
• Strong project management skills, with the ability to manage multiple priorities and stakeholders
• Excellent interpersonal skills; a team player capable of collaborating at all organizational levels
• Strong analytical and problem-solving skills, with keen attention to detail
• Keen judgment, integrity, and tact
• Strong written and verbal communication skills
• Self-starter with the ability to work independently

Preferred Experience:

• Familiarity with Canadian health and privacy laws (e.g., PIPEDA, PHIPA)