Website York Region
Reporting to the Program Manager, Information Asset Management, Access & Privacy, is responsible for supporting activities related to the development, implementation and maintenance of the Community & Health Services Personal Health Information Protection Act 2004 (PHIPA) process; ensuring adherence to the Region’s policies and procedures for personal health information covering the privacy of, and access to, personal health information in compliance with PHIPA and industry best practices, as well as any applicable Regional policies, procedures and bylaws; processing and coordinating Departmental matters relating to PHIPA; preparing responses to access requests made under PHIPA; assisting in the investigation of privacy breaches, conducting privacy impact assessments, and overseeing the education and training related to PHIPA; and advising on matters related to the protection of personal health information.
- Supports the design of a comprehensive Departmental privacy framework and program to support the operation of the portal, including breach protocol, threat risk assessments, privacy risk assessments, audit protocol and online training materials.
- Undertakes periodic audits of privacy practices across the Department to identify gaps.
- Provides groups (e.g. workshops) with one-on-one support and training on PHIPA matters.
- Analyzes and prepares the Department’s response to applications made under the Personal Health
- Information Protection Act, 2004 (PHIPA) and related legislation.
- Researches, recommends and assists in the implementation of Departmental policy, guidelines, forms and procedures for the collection of personal health information, its use within the
- Department’s programs and applications, disclosure to the public, and the processing of access applications; identifies applicable statutory exemptions and exceptions pertaining to access applications under PHIPA.
- Assists with the creation of training materials specific to the Department’s privacy program (e.g. “Tips Sheets”).
- Analyzes data requests for consistency with privacy principles and legislation, including reviewing the details of the data requests, their purposes and authority under the legislation.
- Ensures compliance of the Departmental portal with Privacy legislation and Regional access and privacy policies and procedures, including Personal Information Protection and Electronics
- Document Act (PIPEDA), PHIPA, MFIPPA, and other related legislation.
- Performs other duties as assigned, in accordance with Branch and Department objectives.
- Recommends modifications to PHIPA access requests or the routine disclosure of information to provide effective customer service, as required.
- Conducts privacy impact assessments or assists the Program Manager in coordinating the execution of privacy impact assessments for the Department’s portal and related applications.
- Knowledge of developing and implementing privacy policies and procedures.
- Knowledge of Ontario and Canadian privacy laws and Personal Health Information Protection Act (PHIPA), Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), Personal Information Protection and Electronic Documents Act (PIPEDA), Freedom of Information and Protection of Privacy Act (FIPPA), and other applicable legislation.
- Analytical, organizational and interpersonal verbal and written communication skills.
- Minimum three (3) years experience working in Privacy or Risk Management.
- Experience in preparing training materials and facilitating training events.
- Satisfactory Criminal Records Check.
- Ability to conduct training sessions for Departmental staff on PHIPA legislation.
- Demonstrated knowledge of Project and Time Management skills.
- Experience managing privacy incidents and breach responses.
- Knowledge and demonstrated ability in corporate core competencies including communication, teamwork and collaboration, and personal ownership.
- Successful completion of a Community College Diploma in Business/Commerce, Health Sciences,
- Technology or related field or approved combination of education and experience.
Company: York Region
Vacancy Type: Full Time
Job Location: Aurora, Ontario, CA
Application Deadline: N/A