Privacy and Risk Specialist

Summary of statement:

This position supports the mission, vision and values of WellFort Community Health Services by leading the development, implementation and oversight of the organization's Privacy and Risk Program. The Privacy and Risk Specialist provides subject matter expertise, analysis, and support to WellFort leadership, Board, team members and partners to ensure strong staff and clinician engagement and compliance with practice, risk and quality approaches.

Accountability:

The Privacy and Risk Specialist is accountable for ensuring organizational compliance with WellFort's privacy and risk programs, and for promoting a culture of integrity, continuous improvement and service excellence across the organization.

Major DUTIES & RESPONSIBILITIES:Privacy:

• Support the design, implementation, monitoring and reporting on the privacy and risk program, ensuring compliance with the Personal Health Information Protection Act (PHIPA) and other applicable legislation, regulatory college standards, and organizational policies
• Maintain relevant documentation of the privacy and risk program
• Conduct privacy inventories of the purposes for which WellFort collects, uses and discloses personal health information, and the types of administrative, technical, and physical safeguards in place to protect PHI
• Develop, implement, and maintain privacy policies, procedures and standards to guide the work of the organization
• Deliver and coordinate privacy and risk training and awareness programs for all staff, students, volunteers, vendors, researchers and board members
• Act as the main point of contact for privacy-related inquiries, complaints and communication with staff, clients, families and community members
• Conduct and report on regular privacy audits and compliance reviews (e.g. EMR access, Connecting Ontario)
• Conduct privacy impact assessments and compliance audit
• Initiate, investigate and manage privacy incidents and breach investigations, including notifications, communications, regulatory reporting, and tracking themes
• Maintain up-to-date knowledge of privacy developments, legislation, and best practices
• Prepare annul privacy statistical and trend reports for the board and IPC

Risk and Compliance:

• Support organization-wide risk clinical risk management initiatives, including incident reviews, root cause analysis, and failure mode effects analysis
• Monitor compliance with policies, ethical standards, and regulatory obligations
• Promote a culture of safety, ethical practice, and risk awareness across the organization
• Ensure data sharing and confidentiality agreements are current and comprehensive
• Establish mechanisms for tracking and auditing access to personal health information (PHI)
• Participate in the development, review and improvement of organizational policies and procedures related to risk

Collaboration and Continuous Improvement:

• Provide expert advice and guidance to leadership and staff on privacy and risk issues
• Participate in internal and external committees, working groups, and projects related to privacy and risk management
• Contribute to organizational planning and quality improvement initiatives
• Identify opportunities to enhance privacy and risk management practices through updated procedures, education and process improvements

Minimum Qualifications and skills:Experience:

• Minimum of 4-6 years of operational privacy, risk management and quality improvement experience within a health care setting

Knowledge:

• Advanced knowledge of the Ontario Personal Health Information Protection Act, 2004 and regulations
• Familiarity with the community health sector and the Model of Health and Wellbeing

Skills:

• Strong analytical and critical thinking skills
• Proven expertise conducting privacy audits, breach management and compliance reporting in healthcare settings, including incident reviews, root cause analysis, and failure mode effect analysis
• Skilled in policy development, documentation, and implementation
• Excellent communication, interpersonal and conflict resolution skills, with proven ability to speak, listen and write in a clear, thorough and timely manner using appropriate and effective communication tools and techniques
• Ability to manage multiple priorities and work independently and collaboratively
• Exceptional customer service and interpersonal skills to work with diverse staff, volunteers, clients and community partners using an equity and anti-racism approach
• A high level of integrity and trust
• Bilingual language skills an asset

Education and Certifications::

• Post-Secondary degree in a relevant discipline
• Certified Information Privacy Professional (CIPP/C) certification preferred, or equivalent combination of education and experience
• Clean driver's abstract, current, valid Class "G" Driver's License and reliable transportation to support travel across WellFort's various sites, as required

Working conditions:

• Lifting, carrying, handling of small objects and packages not normally exceeding 1-10 lbs., e.g., files, information brochures, small office equipment/tools
• Sitting for long durations, e.g., meeting with people, driving, working at desk
• Walking and standing for short durations

Our Commitment to Equity:

WellFort is an inclusive and equitable employer. We encourage applications from members of equity-deserving communities, including but not limited to Indigenous peoples, racialized individuals, 2SLGBTQIA+ persons, persons with disabilities, and people with lived experience of poverty, homelessness, or systemic marginalization.

Compensation package includes health and dental benefits and HOOPP pension benefits. (Based on employment status)

VACCINATION REQUIREMENT:

As a condition of employment, new WellFort staff must be fully vaccinated unless they have received an exemption from vaccination under the Human Rights Code. Proof of COVID-19 vaccination status will be required before the first day of work or, proof of religious or medical exemption, if or where applicable.

Fully vaccinated is defined as having received the completed series of an accepted COVID-19 vaccine, as recommended by the Office of the Chief Medical Officer of Health and having received the final dose at least 14 days before your employment start date.

The candidate will be asked to provide WellFort with proof of full vaccination, prior to their employment start date. Acceptable proof is a Ministry of Health Dose Administration Receipt (or such other proof of vaccination that the Province of Ontario sanctions). This can be obtained through the Provincial portal https://covid-

The requirement to be fully vaccinated is subject to the Ontario Human Rights Code. If the candidate is unable to vaccinate for a reason protected by the Code, a request for accommodation can be requested and written proof satisfactory to the organization will be required.