Information & Privacy Officer- Information & Privacy Office, IMG

About The Position

Requirements

• Bachelor's degree or equivalent related experience.
• Minimum of three (3) years related work experience (experience may include front office support in a clinical program, privacy consultancy, health records, release of information experience, entry-level work in a privacy and access management office).
• Previous experience in the healthcare industry, management level accountabilities.
• Strong working knowledge of the Personal Health Information Protection Act (PHIPA) and either the Freedom of Information and Protection of Privacy Act (FIPPA) or the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA).
• Strong analytical and problem-solving abilities, organizational and time management skills, as well as sound judgment.
• Leadership experience in driving and executing compliance programs and knowledgeable in process management, analysis, operational improvement, and risk management.
• Enthusiastic, flexible, and capable of working independently and in a team setting, demonstrating excellent interpersonal, organizational, and communication skills (both written and oral).
• Ability to handle matters of a confidential and/or sensitive nature and work well under pressure and timelines.
• Ability to work effectively in a wide range of settings with individuals from diverse backgrounds.
• Proficient in Microsoft Office including Word, Excel, and PowerPoint.

Nice To Haves

• Designation as a Certified Information Privacy Professional/Canada (CIPP/C) considered a strong asset.
• Bilingualism (French/English) and/or proficiency in a second language is an asset.

Responsibilities

• Develop and update policies, procedures, and training materials relating to privacy compliance with PHIPA and FIPPA.
• Develop strategies to ensure regulatory compliance.
• Ensure policies reflect the unique considerations of mental health patient information.
• Process access requests under FIPPA.
• Process and manage patient correction requests under PHIPA.
• Participate in and implement provincial initiatives.
• Monitor and ensure compliance with privacy laws.
• Create quarterly/annual reports as required.
• Conduct regular audits to assess adherence to privacy policies and regulations.
• Advise on hospital practices for access to and management of personal health information and personal information to ensure regulatory, policy, and contractual compliance.
• Maintain the hospital Index of Personal Information Banks.
• Investigate privacy breaches and complaints promptly.
• Report and document incidents in accordance with legal requirements.
• Conduct PIAs or privacy reviews for new or changing systems, processes, or initiatives involving personal health information and personal information.
• Consult with program stakeholders on recommendations to mitigate privacy risks and ensure compliance with regulations.
• Keep up to date on emerging trends and practices related to information and privacy.
• Represent CAMH with external partners.
• Provide ongoing training to staff on privacy laws, policies, and best practices.
• Foster a culture of privacy awareness within the hospital.
• Support a healthy workplace that embraces diversity, encourages teamwork, and complies with all applicable regulatory and legislative requirements.
• Conduct regular privacy audits to assess data access and handling practices.
• Identify areas for improvement and implement corrective actions.
• Provide guidance and consultation to staff on privacy matters.
• Address inquiries related to personal health information and personal information handling practices.

Benefits

• HOOPP defined benefit pension plan
• extended health and dental benefits
• paid vacation starting at 4 weeks
• flexible work arrangements
• ongoing professional development support