Senior Privacy Impact Assessment Specialist
Top Benefits
About the role
AMANST Inc. is looking for Privacy Impact Assessment (PIA) Specialist – Senior for a contract opportunity with Supply Ontario.
Requisition deadline: 07 July 2025 at 05:00 pm
Location: Hybrid – Up to 3 days per week onsite, subject to change
Must Haves:
· Minimum of 3 years’ health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects
· Minimum 5 years’ direct operational level privacy experience preferably in a health sector and/or IT environment
· Minimum 5 years' experience drafting and reviewing privacy requirements for data sharing agreements
· Minimum 5 years’ experience developing privacy policies and procedures, requirements, or controls
· Familiarity with the Personal Health Information Protection Act (PHIPA), and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)
· Familiarity with Application Programming Interface (API) functionality and management
· Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure, design, and data flows
· Certifications like Certified Information Privacy Professional (CIPP) an asset.
· Experience in the Ontario health care sector and public service, with existing positive relationships an asset.
· Excellent Communication skills both verbal and written, and strong stakeholder engagement skills.
· Past experience with jurisdictional public health programs (example: Immunizations) will be of significant benefit.
· Past experience working with the Panorama, will be of additional benefit.
· Demonstrated experience managing projects or programs in Matrix organizational environments.
Responsibilities:
The Privacy Specialist is responsible for the delivery of the privacy and authorities analysis, including management of issues and risks to ensure successful and on-time completion of deliverable.
· Gather and develop requirements in order to create and maintain the privacy and authorities analysis
· Articulate and prioritize issues and risks and recommends mitigation strategies for decision makers
· Conducting/Completing Privacy Impact Assessments and associated documentation
· Providing Privacy Consultation on a diverse range of complex, multi-stakeholder health privacy issues and Information Technology (IT) initiatives
· Identify and assess privacy risks, including developing risk mitigation plans
· Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
· Reviewing and advising on agreements, including data sharing agreements
· Developing privacy requirements for new or changing components
· Providing privacy advisory and support to the product team
Desired Skills:
· Expert knowledge of privacy policies and legislative processes – Health Protection and Promotion Act (HPPA), Freedom of Information and Protection of Privacy Act (FIPPA) and Personal Health Information Protection Act (PHIPA) and associated Health Information Custodian (HIC) requirements.
· Knowledge of immunization workflows and associated authorities models will be of significant benefit.
· Certifications like Certified Information Privacy Professional (CIPP) an asset.
· Project Management, or related professional designation (PMP) an asset.
· Excellent Communication skills both verbal and written, and strong stakeholder engagement skills.
· Knowledge of Ontario’s electronic health record (EHR) and the Prescribed Organization (PO) designation.
· Past experience with jurisdictional public health programs (example: Immunizations) will be of significant benefit.
Required Experience / Evaluation Criteria:
· Minimum 3 years’ health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects: 20 Points
· Minimum 5 years’ direct operational level privacy experience in a health sector and/or IT environment or both: 20 Points
· Minimum 5 years’ experience in developing privacy policies and procedures, requirements, or controls: 20 Points
· Minimum 5 years’ experience drafting and reviewing privacy requirements for data sharing agreements: 15 Points
· Familiarity with the Personal Health Information Protection Act (PHIPA), and requirements related to Health Information Network Provider (HINP) and Electronic Service Provider (ESP).: 10 Points
· Familiarity with Application Programming Interface (API) functionality and management: 7.5 Points
· Familiarity with Electronic Medical Record (EMR) or Pharmacy Management System (PMS) infrastructure, design, and data flows: 7.5 Points
Deliverables Include:
· A preliminary privacy and authorities analysis to determine the achievement of the objectives and smooth and timely execution of the project including:
o Confirmation of the impacted authorities to permit the collection/contribution of administered vaccinations from all intended health care provider types (hospitals, primary care, pharmacies, public health, long term care etc.);
o Confirmation of the data purpose to support the direct delivery of health care (EHR purposes);
o Confirmation of authority to disclose of the same data to those health care providers accessing the EHR is permitted;
o Documentation of the provisions of patients’ rights to withdraw consent for the disclosure of their data submitted to the EHR by way of a consent directive are maintained;
o The determination of the custodianship of the data submitted to the EHR;
o Documentation of authorities required to disclose the data from the EHR to an immunization registry / repository; and,
o Documentation of all other requirements the Prescribed Organization are subject to by its regulator can be achieved.
· Over the duration of the engagement, the Privacy Specialist will support work already in progress, as well as deliver a Privacy Impact Assessment on the Immunization Repository;
· Work with the project and product teams on risk mitigation of PIA findings as required under PHIPA;
· Support work related to update and/or developing new agreements;
· Other duties as required. Note that knowledge of current privacy and data protection policy and legislation, especially Ontario’s Personal Health Information Protection Act (PHIPA), will be critical to ensure success.
Additional Terms
· Term : 1 position - initial term for 248 business days, with option to extend for an additional 247 business days.
· Ontario Health assets including laptops and related equipment cannot be removed from the province of Ontario without prior written approval from Ontario Health.
· Assignment Type: This position is currently listed as "Hybrid". The resource under this request will be required to work onsite as per Hiring Manager sole discretion.
About AMANST Inc.
AMANST is a fast growing Information and Technology consulting and staffing company. It provides services in Government, Financial, Telecommunication and Health sector.
At AMANST, we focus to create innovative and creative products and services to provide best possible solutions. We offer plethora of services like Web Application Design and Development, Client Server Application, tailor made Applications, E-commerce Software Development, Content Management Development, Database Application Development etc.
Our purpose is to develop and promote best and advanced information technologies for multi-user operation.
AMANST is committed to provide the highest quality product, timely delivery of solutions, total client satisfaction and the best quality/price ratio found in the industry.
Senior Privacy Impact Assessment Specialist
Top Benefits
About the role
AMANST Inc. is looking for Privacy Impact Assessment (PIA) Specialist – Senior for a contract opportunity with Supply Ontario.
Requisition deadline: 07 July 2025 at 05:00 pm
Location: Hybrid – Up to 3 days per week onsite, subject to change
Must Haves:
· Minimum of 3 years’ health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects
· Minimum 5 years’ direct operational level privacy experience preferably in a health sector and/or IT environment
· Minimum 5 years' experience drafting and reviewing privacy requirements for data sharing agreements
· Minimum 5 years’ experience developing privacy policies and procedures, requirements, or controls
· Familiarity with the Personal Health Information Protection Act (PHIPA), and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)
· Familiarity with Application Programming Interface (API) functionality and management
· Familiarity with Electronic Medical Record (EMR) or Hospital Information System (HIS) infrastructure, design, and data flows
· Certifications like Certified Information Privacy Professional (CIPP) an asset.
· Experience in the Ontario health care sector and public service, with existing positive relationships an asset.
· Excellent Communication skills both verbal and written, and strong stakeholder engagement skills.
· Past experience with jurisdictional public health programs (example: Immunizations) will be of significant benefit.
· Past experience working with the Panorama, will be of additional benefit.
· Demonstrated experience managing projects or programs in Matrix organizational environments.
Responsibilities:
The Privacy Specialist is responsible for the delivery of the privacy and authorities analysis, including management of issues and risks to ensure successful and on-time completion of deliverable.
· Gather and develop requirements in order to create and maintain the privacy and authorities analysis
· Articulate and prioritize issues and risks and recommends mitigation strategies for decision makers
· Conducting/Completing Privacy Impact Assessments and associated documentation
· Providing Privacy Consultation on a diverse range of complex, multi-stakeholder health privacy issues and Information Technology (IT) initiatives
· Identify and assess privacy risks, including developing risk mitigation plans
· Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
· Reviewing and advising on agreements, including data sharing agreements
· Developing privacy requirements for new or changing components
· Providing privacy advisory and support to the product team
Desired Skills:
· Expert knowledge of privacy policies and legislative processes – Health Protection and Promotion Act (HPPA), Freedom of Information and Protection of Privacy Act (FIPPA) and Personal Health Information Protection Act (PHIPA) and associated Health Information Custodian (HIC) requirements.
· Knowledge of immunization workflows and associated authorities models will be of significant benefit.
· Certifications like Certified Information Privacy Professional (CIPP) an asset.
· Project Management, or related professional designation (PMP) an asset.
· Excellent Communication skills both verbal and written, and strong stakeholder engagement skills.
· Knowledge of Ontario’s electronic health record (EHR) and the Prescribed Organization (PO) designation.
· Past experience with jurisdictional public health programs (example: Immunizations) will be of significant benefit.
Required Experience / Evaluation Criteria:
· Minimum 3 years’ health privacy experience conducting privacy impact assessments (PIAs) on medium to high complexity projects: 20 Points
· Minimum 5 years’ direct operational level privacy experience in a health sector and/or IT environment or both: 20 Points
· Minimum 5 years’ experience in developing privacy policies and procedures, requirements, or controls: 20 Points
· Minimum 5 years’ experience drafting and reviewing privacy requirements for data sharing agreements: 15 Points
· Familiarity with the Personal Health Information Protection Act (PHIPA), and requirements related to Health Information Network Provider (HINP) and Electronic Service Provider (ESP).: 10 Points
· Familiarity with Application Programming Interface (API) functionality and management: 7.5 Points
· Familiarity with Electronic Medical Record (EMR) or Pharmacy Management System (PMS) infrastructure, design, and data flows: 7.5 Points
Deliverables Include:
· A preliminary privacy and authorities analysis to determine the achievement of the objectives and smooth and timely execution of the project including:
o Confirmation of the impacted authorities to permit the collection/contribution of administered vaccinations from all intended health care provider types (hospitals, primary care, pharmacies, public health, long term care etc.);
o Confirmation of the data purpose to support the direct delivery of health care (EHR purposes);
o Confirmation of authority to disclose of the same data to those health care providers accessing the EHR is permitted;
o Documentation of the provisions of patients’ rights to withdraw consent for the disclosure of their data submitted to the EHR by way of a consent directive are maintained;
o The determination of the custodianship of the data submitted to the EHR;
o Documentation of authorities required to disclose the data from the EHR to an immunization registry / repository; and,
o Documentation of all other requirements the Prescribed Organization are subject to by its regulator can be achieved.
· Over the duration of the engagement, the Privacy Specialist will support work already in progress, as well as deliver a Privacy Impact Assessment on the Immunization Repository;
· Work with the project and product teams on risk mitigation of PIA findings as required under PHIPA;
· Support work related to update and/or developing new agreements;
· Other duties as required. Note that knowledge of current privacy and data protection policy and legislation, especially Ontario’s Personal Health Information Protection Act (PHIPA), will be critical to ensure success.
Additional Terms
· Term : 1 position - initial term for 248 business days, with option to extend for an additional 247 business days.
· Ontario Health assets including laptops and related equipment cannot be removed from the province of Ontario without prior written approval from Ontario Health.
· Assignment Type: This position is currently listed as "Hybrid". The resource under this request will be required to work onsite as per Hiring Manager sole discretion.
About AMANST Inc.
AMANST is a fast growing Information and Technology consulting and staffing company. It provides services in Government, Financial, Telecommunication and Health sector.
At AMANST, we focus to create innovative and creative products and services to provide best possible solutions. We offer plethora of services like Web Application Design and Development, Client Server Application, tailor made Applications, E-commerce Software Development, Content Management Development, Database Application Development etc.
Our purpose is to develop and promote best and advanced information technologies for multi-user operation.
AMANST is committed to provide the highest quality product, timely delivery of solutions, total client satisfaction and the best quality/price ratio found in the industry.