Privacy & Compliance Officer

Perley Health is a unique and innovative community that empowers Seniors and Veterans to live life to the fullest. Home to more than 600 Seniors and Veterans in long-term care and in independent apartments, Perley Health provides a growing number of clinical, therapeutic and recreational services to residents, tenants and people from across the region.

One of the largest and most progressive long-term care homes in Ontario, Perley Health is also a centre for research, education, and clinical innovation. Our Centre of Excellence in Frailty-Informed Care conducts and shares the practical research needed to improve care. Future caregivers come here to study and to acquire hands-on skills and experience.

Perley Health's values are brought to life each day by our over 800 employees. And more than 400 regular volunteers connect us closely with the community. Together, we improve the well-being of Canada's aging population.

We are embarking on a multi-year growth strategy, and are seeking an experienced:

Privacy and Compliance Officer

Temporary Full-Time;  February 2025 – June 2026

SUMMARY OF DUTIES

Under the direction of the Manager, Analytics and Informatics, the Privacy and Compliance Officer will lead and facilitate activities related to the development, implementation, maintenance, education and continuous improvement of the privacy and compliance program in the home.

DESCRIPTION OF DUTIES

• Responsible for the continued development, operation, and execution of the privacy program at Perley Health.
• Provide privacy advisory to management.
• Be the point of contact and document all privacy incidents.
• Lead the investigation and resolution of privacy and security incidents, coordinating with relevant departments and reporting outcomes to senior management.
• Maintain a schedule and conduct privacy audits in various information systems.
• Monitor the effectiveness of the privacy program, identifying gaps and addressing newly identified areas of risk as required. Proactively works with management regarding risk mitigations.
• Collaborates with internal program areas and clinical program areas to integrate privacy requirements into operations.
• Assist in identifying the learning needs of staff related to privacy programs and collaborate to design overall learning strategies and interventions.
• Acting as the primary liaison for privacy with the Office of the Ontario Information Privacy Commissioner, Ontario Health, and other organizations.
• Stay current with emerging privacy issues (in consultation with external vendors such as “Something Orange”) to improve and update privacy practices with best practice and prevailing practices.
• Identify emerging risks in privacy and compliance, develop mitigation strategies, and track implementation to ensure long-term compliance and data protection.
• Develop strong relationships with various internal and external stakeholders to foster a culture of privacy.
• Develop and implement training programs with measurable outcomes to enhance staff understanding of privacy and compliance responsibilities.
• Conduct Privacy Impact Assessment including, on new IT systems, programs, and complex initiatives.
• Lead and advise project teams to implement and track risk mitigation activities.
• Consult on topics such as emerging technology.
• This role supports its supervisors and related subject experts in the implementation of an Information Technology Security Program
• Maintain a registry of information systems that hosts Personal Health Information (PHI) and Personal Identifiable Information (PII)
• Document and evaluate access control processes for information systems.
• Coordinate with system administrators to conduct annual system user access audits.
• Assist with internal and external security audits and assessments.
• Assist in responding to security incidents and breaches, ensuring proper documentation and reporting.
• Collaborate with internal teams to integrate security controls into operations.
• Identify and report security risks.

MINIMUM EDUCATION & REQUIREMENTS

• Post-Secondary Degree in a related field is required.
• Certification of Privacy Training is required (e.g. Privacy Officer Training by Something Orange)
• Membership in a privacy or security association is preferred (e.g. International Association of Privacy Professionals, designations such as CIPP / C, etc.)
• Recognized security certification or designation is an asset.
• A minimum of 3 years of related work experience in a healthcare setting is required.

• Experience and knowledge of privacy in healthcare settings is required, preferably in long-term care.
• Experience conducting privacy impact assessments is required.

CORE SKILLS:

• Demonstrated knowledge and experience of access and privacy requirements and practices.
• Knowledge privacy and information security practices, and the Personal Health Information Protection Act, 2004.
• Experience with conducting and/or providing oversight for privacy impact assessments including developing privacy requirements, risk mitigation plans, corporate policies and developing and/or delivering training content.
• Knowledge of technology architecture and infrastructure, digital health solutions and services, enterprise and corporate IT including information and cyber security preferred.
• Knowledge of digital health technologies and information security standards.
• Strong interpersonal skills to communicate tactfully and confidentially with diverse stakeholders.
• Proficient in negotiation, mediation, problem-solving, and dispute resolution.
• Experience with Electronic Health Records.
• Critical thinking and ability to work independently, meet deadlines, and manage multiple tasks.
• Skilled in analytics, planning, organization, and time management.
• Proficiency in MS Office and managing Excel databases for statistical analysis, reporting, and quality improvement.

Please forward your resume and cover letter, outlining your background and experience with each key responsibility to be considered for the role.

We thank all candidates for applying; however only those candidates selected for an interview will be contacted. No phone calls please.

For candidates selected for consideration, Perley Health, upon request, will make reasonable accommodation for any disability-related needs with respect to the recruitment process and materials.