# Summary
- WellFort is seeking a Privacy and Risk Specialist to join our team!
- Privacy and Risk Specialist – 1.0 FTE Full-time Permanent
# About the Organization
WellFort is a non-profit, values-based organization that provides health promotion and prevention programs, primary and oral health care and works with local residents and other agencies to increase community capacity.
# About the Position
The Privacy and Risk Specialist will play a crucial role in supporting the mission, vision, and values of WellFort Community Health Services. This role involves delivering expert guidance, analysis, and support to WellFort leadership, the Board, team members, and partners. Key responsibilities include managing the organization’s Privacy Program, which encompasses the daily operations, development, implementation, and maintenance of privacy policies and procedures. The Specialist will also monitor program compliance, investigate and track incidents and breaches, and ensure client rights are protected in accordance with current legislation.
RESPONSIBILITIES:
Privacy
- Facilitate compliance with PHIPA
- Ensure that all staff are informed of their privacy duties and organize annual refresher training for new and existing employees.
- Respond to public inquiries about information practices and handle requests for access to or correction of health information.
- Receive and address complaints about privacy breaches.
- Oversee the design, implementation, monitoring, and reporting on the privacy compliance program and control measures.
- Maintain documentation related to the privacy program.
- Conduct regular privacy audits on staff access to electronic medical records (EMR & Connecting Ontario).
- Act as the organizational point of contact for privacy-related questions from the Leadership Team and team members.
- Track privacy incidents and breaches.
- Liaise with external privacy consultants and lawyers.
- Respond to requests for release of information to third parties, such as insurance companies, police, WSIB, and regulatory colleges.
- Review vendor agreements to ensure they include adequate privacy terms as requested by Senior Management.
- Initiate, investigate, and manage privacy breach protocols, including communication with team members, affected clients, and key internal and external stakeholders such as the Privacy Commissioner and regulatory colleges, and manage mandatory reporting obligations.
- Keeps up-to-date on privacy developments and current legislation
Risk Management
- Provides support to other projects as required, including analysis, documentation of business processes, drafting business cases, and conducting cost-benefit and risk analyses and feasibility studies.
- Contributes to and supports day-to-day operational activities and role-specific requirements to align with the organization’s strategic direction and culture.
- Commits to and supports the organization’s governing and compliance reporting requirements, overall code of ethics, and policies (e.g., Respect in the Workplace, Health & Safety).
- Participates in incident reviews, root cause analysis, and failure mode effect analysis as required.
- Supports policy and procedure development related to risk management and contributes to organizational planning; participates in ongoing educational opportunities to stay current on risk management.
- Engages in specific internal/external projects, working groups, and initiatives as assigned.
- Promotes a culture of safety and risk awareness across the organization.
Security
- Monitors the security of both hard copy and electronic records
- Establish mechanisms with management and operations to track access to PHI and allow authorized individuals to review or receive reports on such activity.
- Establishes with management and operations, a mechanism to track access to PHI and to allow authorized individuals to review or receive a report on such activity
- Reviews all system related information security plans throughout the organization’s network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department
- Ensures “whistleblower” protection is in place for staff to report privacy violations
- Ensure data sharing and confidentiality agreements are in place for all data sharing that occurs between the agency and third parties
- Verifies that independent assessments of security are undertaken
- Ensure the privacy crisis management plan and written security policy are in place
Ethics
- Supports the creation and use of Ethical Framework across the organization
- Promotes Ethical capacity within the organization and to members
# Your Qualifications
- Post-Secondary degree with focus on privacy and confidentiality
- Certified Information Privacy Professional (CIPP/C) certification
- Minimum of 4-6 years of operational privacy experience within a healthcare setting or not-for-profit organization.
- Advanced knowledge of the Ontario Personal Health Information Protection Act, 2004 and regulations.
- Demonstrated skill in conducting policy research, analysis, development, and documentation.
- Exceptional interpersonal skills to work with staff, volunteers, clients, and community partners
- Excellent communication skills, with the ability to speak, listen, and write clearly and effectively
- Understanding and knowledge of community resources and services
- Ability to set priorities, manage tasks, and adapt to tight timelines and changing priorities.
- Capability to work independently and as part of a team.
- High level of integrity and trust
- Bilingual (English/French) language skills an asset
Apply Now and EMPOWER your Career
Candidates who self-identify as being from a marginalized community, including people with lived/living experience of drug use and/or houselessness, Indigenous peoples, racialized persons, persons with disabilities, newcomers, and 2SLGBTQIA+ persons, are encouraged to apply and will be prioritized. We invite these candidates to indicate their relevant identities in their cover letters.
Requests for accommodation due to disability can be made at any stage in the recruitment process.
The successful candidate will demonstrate a willingness to participate in WellFort’s commitment to becoming an inclusive, barrier-free health centre and an ability to work in an interdisciplinary team.
For more information visit www.WellFort.ca
Hiring Salary Range: $70,895 - $81,686 (consideration of experience)
Compensation package includes health and dental benefits and HOOPP pension benefits.
Interested applicants:
Forward your resume and cover letter to hiring@wellfort.ca
Application deadline: Open until filled
Quote “PRS0824” in the subject line
No phone calls please. Successful candidates will be contacted
VACCINATION REQUIREMENT:
As a condition of employment, new WellFort staff must be fully vaccinated unless they have received an exemption from vaccination under the Human Rights Code. Proof of COVID-19 vaccination status will be required before the first day of work or, proof of religious or medical exemption, if or where applicable.
Fully vaccinated is defined as having received the completed series of an accepted COVID-19 vaccine, as recommended by the Office of the Chief Medical Officer of Health and having received the final dose at least 14 days before your employment start date.
The candidate will be asked to provide WellFort with proof of full vaccination, prior to their employment start date. Acceptable proof is a Ministry of Health Dose Administration Receipt (or such other proof of vaccination that the Province of Ontario sanctions). This can be obtained through the Provincial portal https://covid-19.ontario.ca/get-proof/.
The requirement to be fully vaccinated is subject to the Ontario Human Rights Code. If the candidate is unable to vaccinate for a reason protected by the Code, a request for accommodation can be requested and written proof satisfactory to the organization will be required.