Privacy Advisor, Auditing and Incident Management

Fraser Health continues to be recognized as one of BC's Top Employers, are you someone who is passionate about making a difference in the lives of others?

Fraser Health is the second largest health system in Canada with over 45,000 staff, medical staff and volunteers, and is the largest of five regional health authorities in British Columbia, providing hospital and community-based health services to nearly 2 million people in Metro Vancouver and the Fraser Valley.

We currently have an exciting opportunity for a Full Time Privacy Advisor, Auditing and Incident Management at Central City located in Surrey, British Columbia! Please note, this position will be eligible for remote work for candidates in British Columbia only.

We are looking for applicants with;

• Bachelors Degree in Health Administration, Law or another discipline (Business or Computer Science, Human Resources
• Completion of an Information Access and/or Protection of Privacy Certificate is an asset (CIPP/C, CIPT, CIPM, or CAPPA)
• 5-7 years' experience working in a regulated field
• Or an equivalent combination of education, training and experience

Take the next step and apply so we can continue the conversation with you.

Curious to learn what it’s like to work here? Connect with us!

We invite you to apply today and find out why employees recommend Fraser Health to their friends as an exceptional place to work. We are committed to planetary health, we value diversity in the work force and seek to maintain an environment of Respect, Caring and Trust.

Connect with us on our Careers social channels where you’ll learn about exciting opportunities, get career tips from our recruiters, and meet some of your future team members! You can also visit us on Indeed and Glassdoor.

Instagram | Facebook | LinkedIn | Twitter 

Effective October 26th, 2021, all new hires to Fraser Health will need to have full COVID 19 vaccination (have received a full series of a World Health Organization “WHO” approved vaccine against infection by SARS-COV-2, or a combination of approved WHO vaccines). Please note this applies to all postings, and individual medical exemptions must be approved by the Provincial Health Officer.

Supporting the Vision, Values, Purpose and Commitments of Fraser Health including service delivery that is centered around patients/clients/residents and families:

Reporting to the Manager, Privacy Auditing and Incident Management, the Advisor carries out Fraser Health’s (FH) day to day privacy auditing activities and leads privacy incident investigations and responses. The Advisor develops and maintains a systematic, risk based auditing program that monitors access to Fraser Health’s clinical information systems based on relevant legislation, best practice auditing and privacy standards and Office of the Privacy Commissioner (OIPC) orders and requirements. Leads the intake and investigation of privacy incidents including the development of tools and processes that ensure compliance with the Freedom of Information and Protection of Privacy Act (FIPPA). Assesses the appropriateness of and supports notification to affected individuals and the OIPC where privacy breaches have been confirmed to have occurred.

The Advisor develops privacy educational materials, policies and procedures, responds to privacy consultation requests and supports other areas of the Information Access and Privacy team as directed by the Manager. The Advisor will develop and support comprehensive, transparent tracking and filing processes that enable periodic and ad hoc reporting within the department and to Fraser Health Executive leadership.

1. Provides counsel to FH leadership and employees on BC’s Freedom of Information and Protection of Privacy Act (FIPPA) compliance and best practices; represents FH and the head of the public body in formal complaint process with the Office of the Information Privacy Commissioner for BC, as assigned by the Manager.
2. Develops, delivers and evaluates ongoing education, communication plans and other risk response measures related to privacy of personal information principles, policies and awareness based on ongoing analysis of privacy incident files and trends.
3. Leads the audit process of the electronic health record by conducting specific, routine and/or random audits of access to electronic health information; Identifies potentially inappropriate accesses and opens privacy incident investigations.
4. Is a knowledge leader on and manages the team’s information privacy audit software system, by supporting, developing and maintaining the business processes necessary to ensure effective privacy controls and compliance with BC’s Freedom of Information and Protection of Privacy Act (FIPPA).
5. Leads investigations of privacy incidents in order to determine if a breach has occurred and the appropriate response, based upon potentially inappropriate accesses identified during auditing and privacy incident reports submitted to the department.
6. Assesses need to notify affected individuals and the OIPC, supports notification processes and liaises with the OIPC to report on follow up as necessary.
7. Develops and/or recommends strategies to ensure the secure access and utilization of electronic health information systems while maintaining the privacy of personal health information; identifies, researches and recommends innovative approaches for information capture, storage and retrieval to ensures that standards related to the privacy of personal health information are maintained and enhanced.
8. Logs all work performed in departmental tracking systems and documents and saves all relevant supporting materials.
9. Assesses need to notify affected individuals and the OIPC and directs those notification processes where required.
10. Carries out strategic planning, support and change management services by assisting the Manager in streamlining business processes and best practices to ensure FIPPA compliance.
11. Conducts business analysis of current FOIPPA compliance by carrying out workflow analysis, developing privacy information systems reports and repositories, and automating/updating current business processes within the portfolio.
12. Works on assigned privacy projects including supporting privacy consultations, the development and review of privacy impact assessments and other assigned tasks as directed by the Manager.
13. Researches and analyzes information privacy audit statistical data to identify anomalies, trends, issues, continuous improvement activities and/or potential privacy breach situations.
14. Supports process changes and/or functional changes to privacy audit tools by testing, modifying and maintaining these tools. Resolves operational issues with audit systems and follows up with service providers, as required.
15. Develops, implements, and evaluates of information privacy goals, objectives, policies and procedures for the department.
16. Participates on assigned internal and external committees, as assigned.

A minimum level of education, training and experience equivalent to Bachelor Degree in Health Administration, Law or another related discipline (i.e. Business or Computer Science, Human Resources) and 5-7 years recent related experience or an equivalent combination of education, training and experience. Completion of an Information Access and/or Protection of Privacy Certificate Program is an asset (i.e. CIPP/C, CIPT, CIPM, or CAPPA).

COMPETENCIES:

Demonstrates the leadership practices of the Fraser Health Leadership Framework of Clear, Caring and Courageous and creates the conditions for people to succeed.

Professional/Technical Capabilities

• Demonstrated knowledge of applicable electronic health information systems
• Demonstrated knowledge of information privacy issues and related and relevant legislation/statutes in information privacy, access and protection of personal information, including the Freedom of Information and Protection of Privacy Act (FIPPA).
• Demonstrated ability to consult, plan, implement, and organize and problem solve
• Demonstrated ability to exercise initiative and work both independently and in a team environment
• Demonstrated ability to collaborate and deal with senior personnel regarding sensitive and confidential matters
• Demonstrated ability to work effectively in a highly dynamic environment subject to continuous change
• Ability to work independently and as a member of team
• Ability to operate related equipment including applicable software applications
• Physical ability to perform the duties of the position.