Privacy Impact Assessment (PIA) Specialist (RQ07939)

  • Contract
  • Toronto
  • Applications have closed

Ministry of Health

Description

NOTE

Assignment Type: This position is currently listed as “Hybrid” as consultants will be required to work partly in the physical workplace and partly remotely. The details of this arrangement will be at the Hiring Manager’s discretion as the resource might be asked to be in office 2 days per week depending on direction.

 

Extension/Amendment Attestation:

The Statement of Work (SOW) shall expire on March 31, 2025. HSC will exercise it’s option(s) to extend the SOW beyond April 5, 2025 based on the optional extension amount and any funds remaining on the contract. Such extension(s) will be allowable only if the Master Service Agreement is extended beyond April 5, 2025 and be upon the same terms, conditions and covenants contained in the SOW.

?·      Interpret and apply Ontario Freedom of Information and Protection of Privacy Act (FIPPA) and Personal Health Information Protection Act (PHIPA), Health Information Network Provider (HINP) agreements, and Data Sharing Agreements (DSAs) to the project deliverables, ensuring that the ministry and OH’s obligations are met to provide individual access to PHI. 

·      Assess existing regulations for potential changes required to support additional initiatives to provide greater access to PHI and determine impacts on existing data sharing/electronic health record (EHR) agreements/privacy frameworks/health information custodian (HIC) models. 

·      Develop and provide change management support and/or communications to support stakeholders with changes related to privacy business processes. 

·      Review the recommendations from the privacy impact assessment (PIA) of the proposed solution and business processes. 

·      Provide advice to the Ministry as it relates to privacy policy and guidelines.  

·      Coordinate across branches and develop communication materials such as briefing notes and presentations.  

·      Consult and gather input from specific individuals within the organization on privacy topics either independently or as part of a team. 

·      Communicate with technical and business audiences and non-privacy experts. 

·      Prepare and present status reports and updates for any relevant steering committees, advisory panels, working groups, or similar governance bodies. 

·      Ensure project artefacts and deliverables reflect a superior understanding of: 

o  The necessary legislation and regulations to enable access to PHI in the Ontario context; 

o  The current landscape of digital health tools used to support patient access to PHI, including patient portals, apps, etc., and the opportunities to transform care and improve services to support a unified patient experience in digital health;  

o  Strong knowledge of digital health systems and programs, including Health811, secure log-in mechanisms, patient portals, and the provincial EHR;  

o  All relevant digital health/information technology issues, including policy, clinical / business and technical (e.g. interoperability, standards, licensing, operations and sustainment, etc.) requirements; and 

o  Private and public sector delivery partner capacity to deliver technology in a clinical setting; and 

o  Best practices in information technology project management. 

Experience Requirements

?Health sector and digital health experience 

·            
??Strong
understanding of the healthcare system, structures, processes, stakeholder
groups and affected populations, and how healthcare services are delivered in
the province based on extensive experience with Ontario’s health sector;
 

·            
??Strong
track record of experience with the ministry and its delivery partners, and
in-depth knowledge of the levers and instruments of change;
 

·            
??Strong
knowledge of and experience with the digital health systems, programs,
vendors, assets and solutions in Ontario.
 

?20 points 

?Health privacy knowledge and regulatory experience 

·            
?Strong
understanding of Ontario’s privacy regulations/policies/frameworks, and how
they are applied to individuals and organizations in the use and protection
of personal health information;
 

·            
?Demonstrated
experience with conducting or leading privacy impact assessment in the health
context;?
 

·            
?Demonstrated
experience with interpreting or applying PHIPA, and leading regulatory/policy
projects in digital health.? ?
 

?40 points 

?Program and project management  

·            
?Experience managing complex projects with a demonstrated track record
of successful delivery within approved plan, scope and budget and business
outcomes;  and
 

·            
??Demonstrated leadership and resource management skills including the
ability to direct activities and manage a variety of professionals.
 

?10 points 

?IT strategy and planning 

·            
?Track
record of successful strategic planning in health technology contexts;
 

·            
?Demonstrated
ability to define objectives, develop strategic options analysis and to
create action plans that outline tasks required for implementation phase;
and 

·            
??Ability
to provide clarity and collective understanding of the range of options and
communicate logically how the options were developed and selected as the
strategic response.
 

?10 points 

?Business analysis  

·            
?Demonstrated
experience managing business projects and achieving successful results on
time and on budget with high customer satisfaction; ?
 

·            
?Demonstrated
experience in process mapping, requirements gathering, program definition,
and transition planning; and
 

·            
?Demonstrated
experience in leading program or organizational transformation initiatives. 

?20 points?? 

Supplier Comments

Closing Date – 2024-10-02, 12:30 p.m.

Maximum Number of Submissions – one (1)

Hybrid – Candidate must be able to work 3 days onsite and 2 days remote

MUST HAVES:

 ?Strong understanding of Ontario’s privacy regulations/policies/frameworks, and how they are applied to individuals and organizations in the use and protection of personal health information; 

·            ?Demonstrated experience with conducting or leading privacy impact assessment in the health context; 

·            ?Demonstrated experience with interpreting or applying PHIPA, and leading regulatory/policy projects in digital health. 

 

This entry was posted in . Bookmark the permalink.