Regional Privacy Coordinator

Job Description:

The Regional Privacy Coordinator is responsible for ongoing activities related to the development, implementation, maintenance of, and compliance with legislative requirements for CARE4 partner sites (Collingwood General and Marine Hospital, Georgian Bay General Hospital, Headwaters Health Care Centre, and Royal Victoria Regional Health Centre).

The Regional Privacy Coordinator conducts investigations related to potential breaches of privacy and confidentiality, and makes recommendations to the Chief Privacy Officer related to the breach level.

The Regional Privacy Coordinator works with partner site Senior Leadership Team (SLT), legal counsel, and external government agencies e.g. Information and Privacy Commissioner (IPC), police departments and internal departments and committees to ensure appropriate legislative and Shared Services Alliance Agreement (SSAA) compliance.

The Regional Privacy Coordinator oversees ongoing activities related to the development, implementation, maintenance of, and adherence to Privacy Policies and Procedures.

The Regional Privacy Coordinator provides privacy training and awareness to all employees, physicians, students and volunteers in the organization. They investigates privacy breaches from staff or patients and works with Human Resources, the Information and Privacy Commissioner (IPC) and other key internal and external resources as required.

The Regional Privacy Coordinator is an active member of the Research Ethics Board (REB) participating in review and approval of all research protocols.

The Regional Privacy Coordinator coordinators and processes all FIPPA requests in accordance with legislative requirements.

Privacy Audits:

• Implements and maintains an audit process to ensure that personal health information is accessed, used and disclosed in compliance with RVH policies and applicable legislation

• Runs all EMR (Electronic Medical Record) Audits and manages the data associated with the logs

• Administrator for the Auditing tool. Runs daily audits by user or by patient to perform audit trails of access into the EMR. Random audits are performed as well on all high profile or confidential patients

• Leads investigations of potential breaches of privacy and works with other departments and staff as appropriate. Reports to IPC and discloses to patient where appropriate.

• Participate in mediation, arbitrations, IPC investigations

Policy and Procedure Development:

• Develops, implements and maintains privacy related policies and procedures in partnership with RVH management, administration and legal council

• Ensures that the organization has and maintains appropriate privacy and confidentiality agreements, forms and information notices and communication materials in support of the policies and procedures

• Maintains current knowledge of applicable legislation and standards, and monitors advancements in information technologies to ensure continues improvement and compliance

Privacy Compliancy:

• Works with senior management, legal counsel, key departments and committees to ensure the Organization has and maintains appropriate privacy, security and confidentiality measures and processes (e.g. consent forms, audit programs).

• Serves in a leadership and advisory role to the corporate Privacy Compliance Committee

• Works with Health Information Management, physicians and other appropriate internal and external stakeholders in responding to patient requests for access to, correction of and restriction of access to personal health information

Privacy Orientation and Awareness:

• Ensures completion and maintenance of all privacy and confidentiality agreements for staff, where there are exceptional needs for renewed review of this information

• Revises the annual privacy quiz and ensures that it is fully in compliance with the PHIPA and FIPPA legislation

• Provides privacy training to all staff regarding obligations addressed in PHIPA and FIPPA. Attends General Orientation for new staff, students and volunteers monthly to demonstrate Privacy Practices and responsibilities of employees

Release of Information Requests:

• Works in collaboration with Health Records when receiving and addressing requests for information from Lawyers, WSIB, Insurance companies, police, CAS, Criminal Injuries Compensation Board, Research (Cancer Care) and the College of Physician’s and Surgeon’s.

Administer and Establish Privacy Complaints Process:

• Establishes and administers a process for receiving, documenting, tracking, investigating and taking action on all complaints concerning privacy policies and procedures in coordination and collaboration with Risk Management, Patient Representative and legal counsel.

• Cooperates with the Information and Privacy Commissioner’s office and other investigative bodies in any compliance reviews or investigations.

• Coordinate the Release of Information Practices: Works collaboratively with all hospital departments to establish standards for Release of Information

• Acts as a resource to any personnel involved with any aspect of release of protected health information, to ensure full coordination and cooperation under the organization’s policies and procedures and legal requirements

• Monitors organizational compliance with Privacy legislation.

• Establish appropriate capture and reporting of all required reporting to the Information and Privacy Commissioners Office of Ontario

Routine Monitoring and Reporting:

• Monitors organizational compliance with Privacy legislation and submits annual statistics to the Information and Privacy Commissioner (IPC) for both PHIPA and FIPPA.

Research and Research Ethics Board

• Reviews and signs off on all research protocols submitting to the Research Office, Cancer Centre Research Office and the Research Ethics Boards

• Serves as a member of the organization’s Research Ethics Board as required

FIPPA

• Coordinates and processes all FIPPA requests to ensure they are conducted and completed within the legislated timeframe and to ensure appropriate legislative rules and principles have been applied in order to be compliant with government regulations.

• Monitor and mitigate any negative impact to release (e.g. legal proceedings, negative media relations etc.)

• Participate in mediation, arbitrations, IPC investigations

Legislative Compliance Document

• Creates and maintains legislative compliance document for entire organization, including all legislation and by-laws the hospital is required to comply with
• Works closely with leaders across the organization to ensure they are meeting compliance requirements. Escalating as necessary.
• Stays up to date with changing legislation to coordinate organization compliance.