Manager, Privacy

Position Summary:

The role has two reporting lines. The role will report directly to the Chief Privacy Officer of St. Joseph’s Health System and also will report on certain matters to the Director of Risk, Privacy & Legal Affairs at St. Joseph’s Healthcare Hamilton, a public hospital and division of SJHS.

This role may act as the designated “Privacy Officer” for specific matters and relationships.

The Manager, Privacy, will have broad responsibility for compliance with PHIPA and adoption of best “privacy by design” practices. The role will engage with the Digital Solutions team to understand the privacy implications of new and emerging technology. The role will work with the CPO and/or Director, Risk, Privacy & Legal Affairs to develop recommendations for compliance with privacy obligations when new technology is adopted.

The Manager will contribute privacy expertise to the implementation of a shared EPIC Connect instance. The role will have responsibility for conducting or overseeing the Privacy Impact Assessment (PIA) process and liaising with third party vendors conducting PIAs.

This role will support the provision of privacy advice in the context of research. The Manager will participate in preparing the organization for a third-party privacy audit and will implement or support the implementation of any recommendations from the audit.

The Manager will engage with the Data Governance and Data Classification committees to contribute privacy expertise and advice.

The role shares responsibility with the hospital’s privacy specialists and Director, Risk, Privacy & Legal Affairs for providing advice and education to support hospital-wide compliance with Ontario Personal Health Information Protection Act, advising on and resolving emerging privacy issues, conducting privacy risk assessments, managing privacy-related inquiries, investigations and incident responses, including reporting to and/or engaging with the Information and Privacy Commissioner (IPC).

Qualifications:

• Bachelors Degree in a related field is required
• Masters Degree in a related field is preferred
• Bachelors Degree in Law (LL.B) would be strongly favoured
• IAPP Certification: CIPP/C or equivalent is required
• A minimum of 4 years experience in a privacy-related role at an organization subject to PHIPA and within the healthcare industry is require
• Excellent working knowledge of privacy legislation, trends and issues, with an ability to translate that knowledge to a healthcare setting.
• Demonstrated ability to build strong relationships and to work collaboratively with individuals and teams
• Strong IT knowledge and understanding as it relates to privacy compliance and security.
• Good understanding of EMR frameworks, particularly EPIC
• Strong written and oral communication skills. Ability to translate compliance and regulatory standards into material that can be understood by diverse audiences.
• Ability to analyze complex scenarios, interpret legislation and regulatory orders, guidance, decisions and apply to fact scenario
• Comfortable working with uncertainty or ambiguity and able to make decisions/recommendations based on assumptions.
• Capacity to “speak up” and voice privacy concerns
• Believes in continuous improvement and driven to improve processes, systems and practices as appropriate
• Able to work independently to deadlines, deliver work product on a timely basis
• Experience using Microsoft Office products such as Word, Excel, and PowerPoint
• Knowledge of Procura EMR is preferred
• Knowledge of or experience in any of: policy development, compliance, freedom of information, risk management is preferred
• Knowledge of FIPPA and FOI processes
  

Responsibilities:

• Provides privacy advisory services to staff through interpretation and application of privacy policies, requirements and legislation.
• Works with key internal stakeholders in the review of hospital projects, partnerships, IT systems, cloud environments and data initiatives to ensure compliance with privacy requirements.
• Conducts or oversees external vendor provided privacy impact assessments.
• Reviews data sharing agreements in collaboration with Legal, Risk and Digital Solutions teams..
• Assesses new technology for privacy implications.
• Supports the development of a privacy framework to for data protection and privacy risk assessment in response to developments in Artificial Intelligence and the use of Large Language Models
• Performs occasional privacy audits, summarizes findings and recommends corrective action
• Prepares bulletins and briefing notes for key stakeholders; supports CPO and Director, Risk, Privacy & Legal Affairs in internal reporting at senior leadership and board levels
• Working within the Privacy Framework adopted by the Organization, the Manager participates in the identification of priorities on an annual basis and supports the development of a team workplan to continually advance the organization to a more mature privacy posture
• Monitors developments in privacy law and practice, IPC decisions and guidance and updates the Chief Legal, Risk & Privacy Officer; the Director, Risk, Privacy and Legal Affairs; and key stakeholders
• Promotes privacy practices to internal and external stakeholders.
• Establishes relationships and collaborates with departments internally at SJHH
• Collaborates with local SJHS and Hamilton partners, and participates in local, regional and provincial privacy hospital working groups.
• Reports to and corresponds with the Information & Privacy Commissioner of Ontario (IPC) and relevant ministries, as directed by the Chief Legal, Risk & Privacy Officer
• Supports the Chief Legal, Risk & Privacy Officer as required
• Other activities, as assigned by the Director, Risk, Privacy and Legal Affairs
  #SJHHjobs