Privacy Analyst

Position Overview

Provincial Lead, Legal Services provides legal advice to Shared Health and WRHA programs and Facilities as well as providing a provincial lead and coordinate function. The Shared Health, Chief Privacy Officer, is responsible for the administration and compliance with privacy legislation including The Personal Health Information Act (PHIA), The Freedom of Information and Protection of Privacy Act (FIPPA), The Personal Information Protection and Electronic Documents Act (PIPEDA), The Mental Health Act (as it pertains to access and privacy), The Health Governance and Accountability Act, The Protecting Children Information Sharing Act, The Public Health Act, The Vulnerable Personal Living with a Mental Disability Act (as it pertains to access and privacy).

The Privacy Analyst (Compliance) has direct responsibilities to lead and coordinate the privacy auditing required by The Personal Health Information Act (PHIA) for those electronic information systems managed and/or maintained by Shared Health, Digital Shared Services. This lead and coordinate function requires the Privacy Analyst (Compliance) to provide support and advice to Privacy Officers provincially as it relates to the administration of relevant privacy legislation.

The Privacy Analyst (Compliance) reports to the Shared Health, Manager, Privacy, who is responsible for managing the Privacy Auditing Program, who in turn reports to the Shared Health, Chief Privacy Officer.

MAIN FUNCTION:

• To ensure compliance with statutory obligations under The Personal Health Information Act (PHIA) including but not limited to: Lead and coordinate record of user activity auditing for Shared Health, RHAs, and Fee for Service Clinics for those electronic information systems managed and/or maintained by Digital Shared Services.
• Provide support and advice to Shared Health, RHAs and Fee for Service Clinic Privacy Officers related to user access in electronic information systems and the administration of privacy legislation.
• Provide guidance, as a subject matter expert, to Digital Shared Services and/or Information Technology vendors on the design, maintenance and operation of electronic information systems containing personal health information (PHI) and personal information (PI) to ensure they are compliant with relevant privacy legislation.
• Participate in Digital Shared Services testing of electronic information systems to ensure compliance with privacy functionality as designed, identifying risks and informing mitigating solutions.
• Oversee the completion of Privacy Impact Assessments for electronic information systems managed and/or maintained by Digital Shared Services.
• Represents Shared Health Privacy on various committees and working groups.
• Responsible for management of access requests and record of user activity audits received from the public for their personal health information maintained in electronic information systems.
• Responsible for development and maintenance of privacy auditing support documentation.

Experience

• Strong working knowledge of privacy law (especially PHIA, FIPPA and related legislation).
• Demonstrated experience and understanding of the Manitoba health system.
• Knowledge of electronic information systems used within health care.
• Healthcare administrative/record management experience an asset.
• Proven analytical ability.
• Experience working with specialists in the creation and maintenance of various safeguards for information such as: 
  • Privacy and Security policies, procedures, and standards,
  • Risk mitigation and management plans,
  • Incident reporting, investigation, and management, 
  • Audit analysis and management.
• Knowledge and/or experience with security and privacy practices, including: 
  • Breach Investigation,
  • Privacy Impact Assessments (PIA)
  • Auditing and Assessments
  • File Management.
• Minimum of 5 years recent experience applying information privacy legislation and policy, preferably in a healthcare environment.
• Minimum of 3 years recent experience developing and implementing privacy policies and procedures preferably in a healthcare environment.

Education (Degree/Diploma/Certificate)

• Undergraduate University Degree in Public Administration, Health Information Management, Project Management, Information/Computer Technology, healthcare management or other relevant discipline
• A combination of education and experience may be considered.

Certification/Licensure/Registration

Not applicable

Qualifications and Skills

• Strong working knowledge of privacy law (especially PHIA and related legislation).
• Knowledge of electronic information systems.
• Demonstrated ability to investigate, audit and monitor compliance with privacy legislation.
• Reputation for exercising sound and impartial judgment in conflict situations.
• Analytical, highly curious, and self-motivated.
• Simultaneously able to concentrate on specific details while remaining aware of their connection to the “big picture”.
• Demonstrated ability to problem solve and trouble shoot.
• Possesses strong organizational skills.
• Maintains strong listening skills and can draw out information by hearing what has been said/not said and understanding the underlying meaning behind the speaker’s words and behavior.
• Demonstrated strong oral and written communication skills, including presentation and instructional skills. Able to create written material that is concise, grammatically correct, and structured to communicate the intended message with high efficacy.
• Possesses excellent facilitation and presentation skills with individuals and groups (including senior management) that have different needs and points of view.
• Possesses highly developed interpersonal skills and be able to collaborate with “difficult” stakeholders and/or team members.

Physical Requirements

Not applicable