Privacy and Risk Specialist

# Summary 

• WellFort is seeking a Privacy and Risk Specialist to join our team!
• Privacy and Risk Specialist – 1.0 FTE Full-time Permanent

# About the Organization 

 WellFort is a non-profit, values-based organization that provides health promotion and prevention programs, primary and oral health care and works with local residents and other agencies to increase community capacity.

# About the Position 

The Privacy and Risk Specialist will play a crucial role in supporting the mission, vision, and values of WellFort Community Health Services. This role involves delivering expert guidance, analysis, and support to WellFort leadership, the Board, team members, and partners. Key responsibilities include managing the organization’s Privacy Program, which encompasses the daily operations, development, implementation, and maintenance of privacy policies and procedures. The Specialist will also monitor program compliance, investigate and track incidents and breaches, and ensure client rights are protected in accordance with current legislation.

RESPONSIBILITIES:

Privacy

• Facilitate compliance with PHIPA
• Ensure that all staff are informed of their privacy duties and organize annual refresher training for new and existing employees.
• Respond to public inquiries about information practices and handle requests for access to or correction of health information.
• Receive and address complaints about privacy breaches.
• Oversee the design, implementation, monitoring, and reporting on the privacy compliance program and control measures.
• Maintain documentation related to the privacy program.
• Conduct regular privacy audits on staff access to electronic medical records (EMR & Connecting Ontario).
• Act as the organizational point of contact for privacy-related questions from the Leadership Team and team members.
• Track privacy incidents and breaches.
• Liaise with external privacy consultants and lawyers.
• Respond to requests for release of information to third parties, such as insurance companies, police, WSIB, and regulatory colleges.
• Review vendor agreements to ensure they include adequate privacy terms as requested by Senior Management.
• Initiate, investigate, and manage privacy breach protocols, including communication with team members, affected clients, and key internal and external stakeholders such as the Privacy Commissioner and regulatory colleges, and manage mandatory reporting obligations.
• Keeps up-to-date on privacy developments and current legislation

Risk Management 

• Provides support to other projects as required, including analysis, documentation of business processes, drafting business cases, and conducting cost-benefit and risk analyses and feasibility studies.
• Contributes to and supports day-to-day operational activities and role-specific requirements to align with the organization’s strategic direction and culture.
• Commits to and supports the organization’s governing and compliance reporting requirements, overall code of ethics, and policies (e.g., Respect in the Workplace, Health & Safety).
• Participates in incident reviews, root cause analysis, and failure mode effect analysis as required.
• Supports policy and procedure development related to risk management and contributes to organizational planning; participates in ongoing educational opportunities to stay current on risk management.
• Engages in specific internal/external projects, working groups, and initiatives as assigned.
• Promotes a culture of safety and risk awareness across the organization.

Security

• Monitors the security of both hard copy and electronic records
• Establish mechanisms with management and operations to track access to PHI and allow authorized individuals to review or receive reports on such activity.
• Establishes with management and operations, a mechanism to track access to PHI and to allow authorized individuals to review or receive a report on such activity
• Reviews all system related information security plans throughout the organization’s network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department
• Ensures “whistleblower” protection is in place for staff to report privacy violations
• Ensure data sharing and confidentiality agreements are in place for all data sharing that occurs between the agency and third parties
• Verifies that independent assessments of security are undertaken
• Ensure the privacy crisis management plan and written security policy are in place

Ethics

• Supports the creation and use of Ethical Framework across the organization
• Promotes Ethical capacity within the organization and to members

# Your Qualifications

• Post-Secondary degree with focus on privacy and confidentiality
• Certified Information Privacy Professional (CIPP/C) certification
• Minimum of 4-6 years of operational privacy experience within a healthcare setting or not-for-profit organization.
• Advanced knowledge of the Ontario Personal Health Information Protection Act, 2004 and regulations.
• Demonstrated skill in conducting policy research, analysis, development, and documentation.
• Exceptional interpersonal skills to work with staff, volunteers, clients, and community partners
• Excellent communication skills, with the ability to speak, listen, and write clearly and effectively
• Understanding and knowledge of community resources and services
• Ability to set priorities, manage tasks, and adapt to tight timelines and changing priorities.
• Capability to work independently and as part of a team.
• High level of integrity and trust
• Bilingual (English/French) language skills an asset