RQ09522 - Privacy Impact Assessment Specialist - Senior

Description

Interpret and apply Ontario Freedom of Information and Protection of Privacy Act (FIPPA) and Personal Health Information Protection Act (PHIPA) Health Information Network Provider (HINP) agreements and Data Sharing Agreements (DSAs) to the project deliverables, ensuring that the ministry and OHs obligations are met to provide individual access to PHI and other digital health care services.

Assess existing legislation and regulations for potential changes required to support additional initiatives to provide greater access to PHI and digital health care services, and determine impacts on existing data sharing / EHR agreements / privacy frameworks / health information custodian (HIC) models.

Develop and provide change management support and/or communications to support stakeholders with changes related to privacy business processes.

Review the recommendations from the privacy impact assessment (PIA) of the proposed solution and business processes.

Provide advice to the ministry as it relates to privacy legislation, regulations, policy, and guidelines.

Coordinate across branches and develop communication materials such as briefing notes and presentations.

Consult and gather input from specific individuals within the organization on privacy topics, either independently or as part of a team.

Communicate with technical and business audiences and non-privacy experts.

Prepare and present status reports and updates for relevant steering committees, advisory panels, working groups, or similar governance bodies.

Ensure project artifacts and deliverables reflect a comprehensive understanding of:

• The necessary legislation and regulations to enable access to PHI and digital health care services in Ontario;
• The current landscape of digital health tools used to support patient access to PHI, including patient portals, apps, etc., and opportunities to transform care and improve services for a unified patient experience;
• Strong knowledge of identity verification, authentication, and authorization services, and the privacy and policy requirements to enable their usage;
• Strong knowledge of digital health systems and programs, including Health811, secure login mechanisms, patient portals, and the provincial EHR;
• All relevant digital health/information technology issues, including policy, clinical/business, and technical requirements (e.g., interoperability standards, licensing, operations, sustainment);
• Private and public sector delivery partner capacity to deliver technology in clinical settings; and
• Best practices in IT project management.

NOTE

Extension / Amendment Attestation: Extensions only allowed using unused days/funds left on the contract. No additional funds beyond the maximum contract value will be provided. Extensions are permissible only if the Master Service Agreement is extended beyond April 5, 2026, under the same terms and conditions as the original SOW.

The resource needed until July 31, 2026, includes an option to extend at the same rate until then if Tender12075 Managed Service Provider for Contingent IT Resources is also extended. Otherwise, an RFS under the Successor VOR will be issued for services from April 5, 2026, to July 31, 2026, plus any extensions.

Assignment Type : This position is currently listed as Hybrid, requiring work partly in the workplace and partly remotely, at the discretion of the Hiring Manager.

Skills, Experience, and Skill Set Requirements

Health sector and digital health experience

• Strong understanding of healthcare system structures, processes, stakeholder groups, and affected populations, with extensive experience in Ontario's health sector;
• Proven experience with the ministry and its delivery partners, and knowledge of change levers and instruments;
• Deep knowledge of digital health systems, programs, vendors, assets, and solutions in Ontario.

20 points

Health privacy knowledge and regulatory experience

• Strong understanding of Ontario's privacy regulations, policies, and frameworks, and their application to individuals and organizations in protecting personal health information;
• Experience conducting or leading privacy impact assessments in health contexts;
• Experience interpreting or applying PHIPA and leading related regulatory/policy projects in digital health.

40 points

Program and project management

• Experience managing complex projects with successful delivery within scope, time, and budget, achieving business outcomes;
• Leadership and resource management skills, including directing activities across professionals.

10 points

IT strategy and planning

• Successful strategic planning in health tech contexts;
• Ability to define objectives, develop options, analyze, and create actionable plans;
• Communicate options and strategic responses clearly.

10 points

Business analysis

• Experience managing business projects, process mapping, requirements gathering, and organizational transformation initiatives;
• Successful results on time and budget with high customer satisfaction.

20 points

MUST HAVES :

• Deep understanding of Ontario's privacy regulations and frameworks for PHI;
• Experience leading privacy impact assessments in health;
• Knowledge of Ontario's digital health systems and solutions.

Key Skills: Children Activity, Mac OS, Accommodation, LTE, E-Learning, ITIL

Employment Type : Full Time

Experience : years

Vacancy : 1