Spruce InfoTech, a leading IT firm, offers innovative and cost-effective solutions to help clients manage and transform their businesses. Our services are designed to guide companies of all sizes, from small businesses to Fortune 500 organizations, in maximizing their IT investment while reducing technology costs. Our team of experts has extensive technical knowledge in enterprise solutions, which helps organizations transform these solutions into a strategic asset that can drive new revenue and improve business operations.

Website

http://www.spruceinfotech.com

Requisition Title: RQ09375 - Privacy Impact Assessment (PIA) Specialist - Senior
Office Location: 222 Jarvis Street, Toronto, ON

Hybrid - - Candidate MUST work 3 days onsite and 2 days remote

MUST HAVES: 10+ years of experience in the following:

Understanding of policy development to lead or participate in the development of options and strategies on information management and privacy protection

Managing privacy risks in the collection, use and disclosure of Personal Health Information (PHI)

Demonstrated experience and competency to identify and evaluate emerging privacy issues, changes, and trends in current and future that impact government policy directions

Demonstrated experience and competency to prepare comprehensive reports, options analyses, briefing materials and presentations and propose responses on privacy issues

Description

· Develop privacy impact assessments and review recommendations from the privacy impact assessment (PIA) of proposed solution and business processes

· Lead and provide technical expertise in the development of access and privacy tools to facilitate the development of implementation key strategy data and digital initiatives, implementation of security mechanisms pertaining to the creation, collection, storage, access, retrieval and disclosure of Personal Health Information (PHI)

· Engage and facilitate privacy related discussions with a wide range of business, IT, legal and privacy stakeholders across the ministry, and government agencies.

· Examine complex program, policy and information system proposals to assess and document business flow and context; perform stakeholder analysis, public/private partnerships, governance structures and feasibility in terms of the protection of Personal Health Information (PHI) collected and retained

· Support projects to ensure compliance with security and privacy best practices, such as the Personal Health Information Privacy Act (PHIPA) (2004)

· Provide technical and systems advice on legacy systems, internet tools and system interfaces, information, security, technical architecture and data flows to improve protection of Personal Health Information (PHI)

· Provide technical and systems advice on data flows to the ministry, and other stakeholders

· Develop business processes and procedures that describe information flows associated with new technologies, programs, policies or information systems to illustrate how and by whom Personal Health Information (PHI) will be collected, used, disclosed and retained

· Using system and infrastructure architectures, document physical and/or logical separation of Personal Health Information

· (PHI) or security mechanisms that prevent improper access to Personal Health Information (PHI) or maintain any required separation

· Provide privacy expertise, consultation, and support to project team members, senior management and colleagues in MOH advising on the legislation and regulations, in an effort to resolve potential legal or privacy problems

· Provide analysis and advice to ministries and clusters regarding the Freedom of Information Act (FOI) and privacy implications, privacy and security concepts, of new information technologies and information systems, and assist institutions in documenting their analysis

· Recommend mitigation strategies and privacy enhancing technologies in accordance with Privacy Impact Assessment (PIA) procedures

· Identify, analyze and assess emerging and critical policy issues relating to Freedom of Information (FOI) and Protection of Privacy which may have an impact on PIA methodology

· Formulate policy proposals, recommendations, strategies and options for the project team and Ministry executive to address emerging issues

· Prepare and present status reports and updates for any relevant steering committees, advisory panels, working groups, or similar governance bodies.

· Assess existing regulations for potential changes required to support additional initiatives to provide greater access to PHI and determine impacts on existing data sharing/electronic health record (EHR) agreements/privacy frameworks/health information custodian (HIC) models.

· Develop and provide change management support and/or communications to support stakeholders with changes related to privacy business processes.

· Review the recommendations from the privacy impact assessment (PIA) of the proposed solution and business processes.

· Provide advice to the Ministry as it relates to privacy policy and guidelines.

· Coordinate across branches and develop communication materials such as briefing notes and presentations. 

· Consult and gather input from specific individuals within the organization on privacy topics either independently or as part of a team.

· Communicate with technical and business audiences and non-privacy experts.

· Prepare and present status reports and updates for any relevant steering committees, advisory panels, working groups, or similar governance bodies

· Prepare and present status reports and updates for any relevant steering committees, advisory panels, working groups, or similar governance bodies.