Director, Information Access and Privacy
Providence Health Care
Reporting to the Vice President, Public Affairs, Communications and Stakeholder Engagement, the Director, Information Access and Privacy provides strategic direction and organization leadership across all aspects of information access and privacy, including policies, practices, education, audit, information stewardship and data governance. As the designated Chief Privacy Officer for PHC, the Director uses extensive leadership expertise to lead the Information Access and Privacy team, provide support and guidance to senior leaders, and promote best practices relating to privacy compliance, information access and data governance. The Director supports the organization’s strategic priority of Indigenous Wellness, Truth & Reconciliation and also provides privacy leadership and guidance to the PHC research community to Providence Research and the Research Ethics Board. The Director works closely with PHC leadership, management, key clinical and business partners; as well as Ministry of Health representatives, regional health authority senior privacy leads, and PHC researchers and ethics board members, to build trusted relationships in relation to privacy and data governance. The Director ensures information governance best practices are incorporated into the design, development and execution of PHC strategic projects such as those related to Shared Care, Virtual Health, the Supercluster Consortium; as well as Provincial initiatives led by PHC including Foundry Centres, BC Centre on Substance Use, and the Office of the Provincial Patient Centred Measurement. The Director also serves as a subject matter expert and PHC representative on Provincial committees and working groups in the privacy, information access and governance area.
Qualifications / Skills and Education
Education, Training and Experience
A level of education, training, and experience equivalent to a Master’s degree in Health Information Management, Law, Business Administration, or related field, and seven (7) to ten (10) years senior level experience of legal, compliance and/or privacy experience or an equivalent combination of education, training, and experience.
Skills and Abilities
Demonstrated leadership skills and the ability to provide leadership in a large diverse environment.
Comprehensive knowledge and application of relevant legislation, regulations, standards and policies related to information access and privacy.
Comprehensive knowledge of privacy issues and assessment tools and processes.
Demonstrated ability to manage and lead individuals and teams to develop mutual, respectful and effective working relationships with internal and external clients and other diverse groups.
Demonstrated ability to understand key information management and data governance concepts and components and their interrelationships.
Demonstrated ability to plan and establish courses of action for self and others that are strategic and results oriented.
Excellent oral and written communication skills, including the ability to facilitate, negotiate and persuade others.
Ability to manage potentially controversial issues.
Ability to exercise sound judgment, critical thinking and effective decision making.
Ability to utilize acumen and judgment in identifying and problem solving complex issues, to provide viable solutions.
Working knowledge of patient information systems, information system security and technical issues and technology that creates and solves privacy and security issues.
Ability to work effectively, both independently and as part of a team.
Ability to effectively manage budget and staff resources.
Ability to operate related equipment, including computer software applications.
Duties and Responsibilities
Provides proactive, strategic direction and expert advice to the Senior Leadership Team, management, researchers, staff and physicians on privacy governance and information access through the interpretation and application of legislation and ethical considerations and application of best practices on data and privacy issues to ensure PHC maximizes the value of and safeguards its information assets.
Apprises PHC senior leadership of new and developing privacy issues that have significant or potentially significant impact on PHC.
Leads and oversees the development and implementation of a strategic privacy program, including policies, standards, education and, where applicable, procedures for PHC’s internal and external audiences, including staff and other health care providers, to ensure quality care and consistency across programs.
Fosters effective and highly functional partnerships with the Ministry of Health, other government partners and regional health authorities, as applicable, to ensure the design, development and delivery of provincial strategies and solutions reflect the needs of the organization.
Represents PHC on provincial committees and initiatives that foster responsible information governance and management, and that align with strategic goals and objectives of PHC. Acts as the designated liaison to the Health Information, Privacy and Security Operations Council of BC on behalf of the British Columbia Ministry of Health’s Office of Patient-Centred Measurement on all matters related to privacy and information security.
Acts as subject matter expert and advisor internally and externally; establishes internal linkages and facilitates knowledge sharing between PHC programs and portfolios to foster consistent approaches to privacy governance and operations.
Provides leadership, direction and guidance to the Information Access and Privacy team through coaching, mentoring, performance management and modeling key behaviours in order to optimize privacy compliance and related communications with internal and external partners.
Provides leadership and advice related to requests for access to information and collaborates with the Office of the Information and Privacy Commissioner, the Ministry of Health and other legal entities in any compliance reviews or investigations.
Collaborates with PHC Risk Management and legal counsel regarding privacy compliance, policy development, privacy risk assessments and contracts involving personal information.
Works with various departments, including Health Information Management, Data Analytics and IMITS, to ensure accountability for the management and security of patient information and address any concerns regarding the handling of that information.
Oversees the organization’s response to breaches of privacy including in-depth reviews and critical analysis, assessment and resolution through appropriate remedies. Provides guidance and assistance with the application of sanctions for failure to comply with legislation and corporate policies, in cooperation with Human Resources and senior leadership as applicable.
Promotes a culture of privacy by building awareness of issues and perceptions, and initiating, facilitating and promoting activities that foster trust and mutual respect for individuals’ privacy in all interactions within the organization.
Establishes and administers processes for addressing complaints concerning access to information and privacy issues. Coordinates and collaborates with Risk Management, Patient Care Quality Office, and Communications as necessary.
Maintains current knowledge of relevant international, federal and provincial information access and privacy laws and monitors changes. Brings information regarding the implication of changes forward to the senior leadership team to ensure organizational adaptation and compliance.
Develops the program budget and monitors expenditures to ensure projections and targets are met, reporting on any variances incurred. Recruits and manages the work of staff and/or consultants assigned to Information Access and Privacy.
As per the current Public Health Orders (Long Term Care/Seniors Assisted Living Provincial Health Order and the Health Sector Order), as of October 26, 2021, all employees working for Providence Health Care must be fully vaccinated against COVID-19. Proof of vaccination status will be required.