Privacy Advisor, Auditing and Incident Management

Detailed Overview

Supporting the Vision, Values, Purpose and Commitments of Fraser Health including service delivery that is centered around patients / clients / residents and families : Reporting to the Manager, Privacy Auditing and Incident Management, the Advisor carries out Fraser Health’s (FH) day to day privacy auditing activities and leads privacy incident investigations and responses.

The Advisor develops and maintains a systematic, risk based auditing program that monitors access to Fraser Health’s clinical information systems based on relevant legislation, best practice auditing and privacy standards and Office of the Privacy Commissioner (OIPC) orders and requirements.

Leads the intake and investigation of privacy incidents including the development of tools and processes that ensure compliance with the Freedom of Information and Protection of Privacy Act (FIPPA).

Assesses the appropriateness of and supports notification to affected individuals and the OIPC where privacy breaches have been confirmed to have occurred.

The Advisor develops privacy educational materials, policies and procedures, responds to privacy consultation requests and supports other areas of the Information Access and Privacy team as directed by the Manager.

The Advisor will develop and support comprehensive, transparent tracking and filing processes that enable periodic and ad hoc reporting within the department and to Fraser Health Executive leadership.

Responsibilities Provides counsel to FH leadership and employees on BC’s Freedom of Information and Protection of Privacy Act (FIPPA) compliance and best practices;

represents FH and the head of the public body in formal complaint process with the Office of the Information Privacy Commissioner for BC, as assigned by the Manager.

Develops, delivers and evaluates ongoing education, communication plans and other risk response measures related to privacy of personal information principles, policies and awareness based on ongoing analysis of privacy incident files and trends.

Leads the audit process of the electronic health record by conducting specific, routine and / or random audits of access to electronic health information;

Identifies potentially inappropriate accesses and opens privacy incident investigations. Is a knowledge leader on and manages the team’s information privacy audit software system, by supporting, developing and maintaining the business processes necessary to ensure effective privacy controls and compliance with BC’s Freedom of Information and Protection of Privacy Act (FIPPA).

Leads investigations of privacy incidents in order to determine if a breach has occurred and the appropriate response, based upon potentially inappropriate accesses identified during auditing and privacy incident reports submitted to the department.

Assesses need to notify affected individuals and the OIPC, supports notification processes and liaises with the OIPC to report on follow up as necessary.

Develops and / or recommends strategies to ensure the secure access and utilization of electronic health information systems while maintaining the privacy of personal health information;

identifies, researches and recommends innovative approaches for information capture, storage and retrieval to ensures that standards related to the privacy of personal health information are maintained and enhanced.

Logs all work performed in departmental tracking systems and documents and saves all relevant supporting materials. Assesses need to notify affected individuals and the OIPC and directs those notification processes where required.

Carries out strategic planning, support and change management services by assisting the Manager in streamlining business processes and best practices to ensure FIPPA compliance.

Conducts business analysis of current FOIPPA compliance by carrying out workflow analysis, developing privacy information systems reports and repositories, and automating / updating current business processes within the portfolio.

Works on assigned privacy projects including supporting privacy consultations, the development and review of privacy impact assessments and other assigned tasks as directed by the Manager.

Researches and analyzes information privacy audit statistical data to identify anomalies, trends, issues, continuous improvement activities and / or potential privacy breach situations.

Supports process changes and / or functional changes to privacy audit tools by testing, modifying and maintaining these tools.

Resolves operational issues with audit systems and follows up with service providers, as required. Develops, implements, and evaluates of information privacy goals, objectives, policies and procedures for the department.

Participates on assigned internal and external committees, as assigned. Qualifications A minimum level of education, training and experience equivalent to Bachelor Degree in Health Administration, Law or another related discipline (i.

e. Business or Computer Science, Human Resources) and 5-7 years recent related experience or an equivalent combination of education, training and experience.

Completion of an Information Access and / or Protection of Privacy Certificate Program is an asset (i.e. CIPP / C, CIPT, CIPM, or CAPPA).

COMPETENCIES : Demonstrates the leadership practices of the Fraser Health Leadership Framework of Clear, Caring and Courageous and creates the conditions for people to succeed.

Professional / Technical Capabilities Demonstrated knowledge of applicable electronic health information systems Demonstrated knowledge of information privacy issues and related and relevant legislation / statutes in information privacy, access and protection of personal information, including the Freedom of Information and Protection of Privacy Act (FIPPA).

Demonstrated ability to consult, plan, implement, and organize and problem solve Demonstrated ability to exercise initiative and work both independently and in a team environment Demonstrated ability to collaborate and deal with senior personnel regarding sensitive and confidential matters Demonstrated ability to work effectively in a highly dynamic environment subject to continuous change Ability to work independently and as a member of team Ability to operate related equipment including applicable software applications Physical ability to perform the duties of the position.