Data Analyst/ Pia Specialist

Duration-8 months

Must haves:

· Minimum of 3 years’ health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects

· Minimum 5 years’ direct operational level privacy experience preferably in a health sector and/or IT environment

· Minimum 5 years' experience drafting and reviewing privacy requirements for data sharing agreements

· Minimum 5 years’ experience developing privacy policies and procedures, requirements, or controls

· Familiarity with the Personal Health Information Protection Act (PHIPA), and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)

· Familiarity with Application Programming Interface (API) functionality and management

· Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure, design, and data flows

Deliverables include, but are not limited to:

· Conducting/Completing Privacy Impact Assessments and associated documentation

· Providing Privacy Consultation on a diverse range of complex, multi-stakeholder health privacy issues and Information Technology (IT) initiatives

· Developing risk mitigation plans

· Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements

· Reviewing and advising on agreements, including data sharing agreements

· Developing privacy requirements for new or changing projects

Responsibilities:

· Conducting/Completing Privacy Impact Assessments and associated documentation

· Providing Privacy Consultation on a diverse range of complex, multi-stakeholder health privacy issues and Information Technology (IT) initiatives

· Identify and assess privacy risks, including developing risk mitigation plans

· Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements

· Reviewing and advising on agreements, including data sharing agreements

· Developing privacy requirements for new or changing projects

· Providing privacy advisory and support to business teams

· Other duties as required

Desired Skills:

• Knowledge and understanding of Accessibility for Ontarians with Disability Act (AODA) and related regulations and standards is an asset
• Experience working on and delivering multiple projects
• Demonstrable knowledge of project management; Knowledge and understanding of Project Management’s Institute’s Project Management Body of Knowledge is an asset
• Demonstrated project management software skills and experience e.g. MS Project, MS Teams etc.
• Familiarity with Prescribed Organization (PO), Prescribed Entities (PEs) or Prescribed Persons (PP) requirements under the Personal Health Information Protection Act (PHIPA), and their related requirements, is an asset
• Familiarity with audit logging and Security Information and Event Management (SIEM) technology is an asset
• Familiarity with technical data protection controls and technology such as encryption and tokenization is an asset
• University undergraduate or graduate degree in Health, Computer Science, Engineering, Law, Security, or a related discipline from a recognized institution or equivalent experience – desired