University Health Network (UHN) is looking for an experienced professional to fill the key role of a Privacy Analyst in our Privacy Department.
The Energy of the City. The Rewards of a Great Career.
The University Health Network, where “above all else the needs of patients come first”, encompasses Toronto General Hospital, Toronto Western Hospital, Princess Margaret Cancer Centre, Toronto Rehabilitation Institute and the Michener Institute of Education at UHN. The breadth of research, the complexity of the cases treated, and the magnitude of its educational enterprise has made UHN a national and international resource for patient care, research and education. With a long tradition of groundbreaking firsts and a purpose of “Transforming lives and communities through excellence in care, discovery and learning”, the University Health Network (UHN), Canada’s largest research teaching hospital, brings together over 16,000 employees, more than 1,200 physicians, 8,000+ students, and many volunteers. UHN is a caring, creative place where amazing people are amazing the world. Find out about our purpose, values and principles here.
The Privacy Office is committed to protecting the privacy of patients’ personal health information and promoting a culture of privacy. As a member of the privacy team, the Analyst supports the Privacy Office in ensuring organizational compliance with relevant privacy legislation, specifically the Health Information Custodian and Health Information Network Provider requirements of the Personal Health Information Protection Act. The Analyst enhances UHN’s credibility and engenders trust in UHN’s services from a privacy perspective.
The Analyst assists in the day-to-day implementation and monitoring of a comprehensive and legally compliant privacy program in a complex healthcare environment, promoting privacy practices and standards and providing formal and informal analyses and guidance with a focus on continuous quality improvement.
The Analyst reports to the Manager, Privacy Operations.
The Analyst does not provide direct supervision to others.
The Analyst interacts with a variety of internal and external stakeholders, including: project managers and team members; vendors and consultants; privacy experts in the healthcare field; clinical users; and patients/clients and members of the public. Leadership skills are an asset to building trust and accomplish goals with the assistance of internal and external teams.
The Analyst must be able to respond to complex situations and understand complex program, system and relationship configurations. The Analyst must have sufficient technical knowledge and must be able to use existing analytic tools and also independently identify risks and gaps as new information is presented. The Analyst must be able to effectively communicate requirements and gaps to the Privacy Officer and stakeholders.
The Analyst must be able to confidently provide guidance based on law, best practice, and expanding working knowledge of business requirements. Technical expertise is required, along with the capacity to expand this knowledge at a rapid pace. Errors of analysis may result in loss of functionality/disruption of service, damage to reputation, financial loss/resource requirements (to rebuild systems), and/or consequences related to being non-compliant with legal obligations (including but not limited to fines for contravention of PHIPA or orders by the Information & Privacy Comissioner of Ontario).
- Gauging Compliance
- Independently identifies and maintains awareness of areas for improving compliance
- Identifies, develops, recommends and/or implements business processes that maintain or improve organizational privacy compliance, while meeting functional requirements and maintaining business continuity
- Works closely with Health Records, Data Security, Legal Affairs, UHN Digital, Patient Relations and clinical/business teams to ensure that policies and practices remain compliant and to address emerging issues
- Identifies projects requiring greater technical expertise for informal or formal Privacy Impact Assessments
- Supports the communication of significant findings to management
- Audits programs, systems and applications regularly
- Produces audit reports for individuals and organizations to whom UHN is legally obligated to do so
- Conducts audits of programs, systems and applications as needed to investigate incidents or respond to concerns by staff, patients or members of the public
- Identifies areas where modified policies or procedures are required to maintain compliance, would provide significant benefit, or would place the hospital at the forefront of the field
- Provides briefing notes for decision-making
- Supports policy and procedure changes
- Supports the Privacy Officer to benchmark, create, implement and evaluate the training plan
- Prepares communications & training materials
- Conducts training sessions (e.g. new employee orientation, training refresh, in-services)
- Maintains intranet/internet pages
Responding to Incidents
- Supports the tracking, investigation and resolution of privacy complaints and incidents
Responding to Patients & Staff
- Intakes patient privacy inquiries, complaints, requests for corrections, requests for lockboxes, (and some) requests for access in a timely manner and with appropriate sensitivity and good judgment
- Maintains information notices provided patients and the public
- Provides technical expertise and responds to inquiries and requests for information on privacy-related organizational practices from internal and external stakeholders
Supporting the Privacy Team
- Communicates and escalates to senior members of the team for comment, assistance or handoff situations involving confirmed non-compliance, incidents, and communication with senior management, external stakeholders and the IPC
- Supports the implementation of major operational changes
- Maintains and organizes documentation required for incident management, patient responses, compliance statuses
- Compiles annual and ad hoc reports on compliance status and office activities
- Reviews new or revised government healthcare laws and regulations pertaining to privacy
- Receives or seeks out information on trends, standards, and best practices
- Fosters ongoing relationships with internal and external stakeholders
- Engages in ongoing personal development activities
- Works in compliance of the Occupational Health & Safety Act and its regulations, reporting hazards, deficiencies and contraventions of the Act, in a timely manner.
POSTED DATE: October 1, 2020 ENDING DATE: Until Filled
For current UHN employees, only those who have successfully completed their probationary period, have a good employee record along with satisfactory attendance in accordance with UHN’s attendance management program, and possess all the required experience and qualifications should apply.
University Health Network thanks all applicants, however, only those selected for an interview will be contacted.
UHN is a respectful, caring, and inclusive workplace. We are committed to championing accessibility, diversity and equal opportunity. Requests for accommodation can be made at any stage of the recruitment process providing the applicant has met the Bona-fide requirements for the open position. Applicants need to make their requirements known when contacted.