The Chief Privacy Officer is charged with ensuring all information related to a particular individual or organization is kept confidential in accordance with Canadian or international privacy legislation. The Chief Privacy Officer monitors and evaluates business procedures involving the collection, retention and sharing of information across a company and between companies, their customers, suppliers and partners to ensure personal information rights are protected and respected. In changing the organizational culture of a business, the Chief Privacy Officer helps to maintain the integrity and reputation of the business with respect to personal information and data.
Responsibilities
- Develop organization-wide privacy policies and procedures, including without limitation:
- Notice of Privacy Practices
- Authorization Forms
- Use and Disclosure of Protected Health Information
- Individual Requests for Access to Protected Health Information
- Recordkeeping and Administrative Requirements
- Provides development guidance and assists in the identification, implementation, and maintenance of organization information privacy policies and procedures in coordination with organization management and administration, and legal counsel
- Collaborates with other departments, such as legal counsel, corporate compliance, accounting, IT, and medical records to maintain organization compliance with federal and provincial laws regarding privacy, security, electronic transactions, and protection of information resources.
- Performs initial and periodic information privacy risk assessments and conducts related ongoing compliance monitoring activities in coordination with the entity’s other compliance and operational assessment functions.
- Oversees, directs, delivers, or ensures delivery of initial and privacy training and orientation to all employees, volunteers, medical and professional staff, contractors, alliances, business associates, and other appropriate third parties.
- Creates a program permitting members of the organization's workforce, patients, and members of the public to submit complaints regarding the organization's privacy policies, procedures, and practices, and ensure that all complaints are handled diligently and appropriately.
- Participates in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
- Serves as information privacy consultant to the organization for all departments and appropriate entities.
Qualifications
- Strong background in information security, including program analysis, development, and testing.
- Knowledge and experience in information privacy laws, access, release of information, and release control technologies.
- Demonstrated organization, facilitation, communication, and presentation skills.