Manager Privacy and Access

  • Waypoint Centre for Mental Health Care
  • Jun 17, 2019
Full time Manager

Job Description

Position Title: Manager of Privacy and Access

Job Class:  Under Review

Department: Quality & Professional Practice

Employee Group: Management

Employment Type: Full Time

Posting Date: June 17, 2019

Work Schedule: 37.50 hours weekly as per schedule                    

Posting Type: Open

 As a Catholic hospital, we committed to providing excellence in specialized mental health and addictions services grounded in research and education and guided by faith-based values. As an inspired organization, we will change lives by leading the advancement and delivery of compassionate care. Located 150 km from Toronto on the shores of Georgian Bay in the town of Penetanguishene, we provide an extensive range of acute and longer-term psychiatric inpatient as well as outpatient services to Simcoe and Dufferin counties, Muskoka/Parry Sound. Our Inpatient care also includes the province’s only maximum secure forensic hospital for clients served by both the mental health and justice systems. Waypoint is proud to be an official University of Toronto teaching hospital and university based research academic centre. We are now searching for a….

Manager of Privacy and Access

 The successful candidate will support the development, delivery, management and monitoring of the enterprise-wide privacy and access program at Waypoint to ensure the hospital’s compliance with privacy legislation, privacy obligations established in agreements with partners, its own privacy policies and procedures and privacy best practices. The candidate will function as the Freedom of Information (FOI) Coordinator and privacy subject matter expert working collaboratively with all levels of hospital staff across the hospital as it relates to the collection, use, disclosure, retention and destruction of personal health information, personal information and corporate information.

 Key Accountabilities:

  • Providing leadership in the responsible stewardship, safeguarding and management of information in support of improved health care delivery, health system management and maintenance of public trust.
  • Formulating enterprise-wide strategies necessary to influence and embed access and privacy by design into the culture, strategic plans, physical and electronic infrastructure, the electronic health record and business/clinical practice processes throughout the organization in compliance with applicable legislation, standards and in a manner that promotes developing best practices
  • Managing the development, innovation, implementation, evaluation and sustainability of the privacy and access program by developing or contributing to strategies, policies and procedures, standards, education and training for employees and external health care providers and partners, students, volunteers, affiliates, vendors, etc., to support the mandate and objectives of the hospital while managing privacy risk to the organization and supporting the privacy rights of individuals.
  • Providing support to procurement and project management functions to ensure consideration and inclusion of Waypoint privacy obligations and privacy requirements during procurement, contracting and project initiation.
  • Acting as privacy advisor to Waypoint’s Information Management Committee and reporting on privacy to hospital committees, Board of Directors, the Office of the Information and Privacy Commissioner/Ontario (IPC) and other provincial and regional bodies associated with shared system initiatives (i.e. IAR, Connecting Ontario).
  • Supporting the response to privacy access requests, inquiries and complaints in compliance with PHIPA and in collaboration with Waypoint’s health records department, including tracking information on events for program monitoring and reporting purposes. Also supporting processes associated with obtaining consent and ongoing consent management for clients and their substitute decision-makers.
  • Managing the process for receiving, documenting, tracking, containing, investigating, analyzing and resolving privacy incidents and breaches. Supporting the containment and investigation of critical privacy incidents in collaboration with security, human resources, legal and relevant departments involved in events where relevant, formulating incident and breach response recommendations including privacy risk response and supporting risk mitigation activities
  • Managing and supporting privacy risk management and privacy and access program assurance activities to support oversight, monitoring and continuous improvement of the privacy program (i.e. user access audits, privacy reviews, privacy impact assessments) and compliance monitoring activities in coordination with the Hospital’s other compliance and operational assessment functions.
  • Tracking and monitoring privacy risks and supporting privacy risk management decision-making
  • Develop Privacy’s annual budget and operational plan based on identified needs, departmental goals and hospital strategic directions, monitor budget and control allocated expenditures to ensure cost-effectiveness.


  • Undergraduate degree in health information management, health policy, health administration or health-related discipline; Canadian privacy certification: e.g. Certified Information Privacy Profession (CIPP/C), Certified Information Privacy Manager (CIMP/C) or equivalent experience; Canadian Health Information Management Association Certification is an asset
  • Three to five years’ experience with privacy or related role within a hospital setting, or health systems perspective;
  • Working knowledge of electronic health records, electronic medical records or other health information systems;
  • Sound understanding of project management and/or change management principles;
  • Demonstrated experience with policy & procedure development, training and educational development and delivery skills;
  • Strong leadership abilities (independent and collaborative);
  • Exceptional interpersonal and communication skills (oral and written) tailored to various audiences (e.g.,
  • leadership, governance, IPC, system partners);
  • Excellent organizational and analytical skills, detail-oriented with strong document management skills.
  • A high level of maturity, and discretion; strong interpersonal skills and ability to handle difficult situations with tact, diplomacy and sensitivity;
  • Demonstrated ability to facilitate teamwork, collaboration, and partnership;
  • Understanding and knowledge regarding all relevant regulatory/legislation laws (e.g. PHIPPA, FIPPA);
  • Experience with Research Ethics Boards preferred.
  • Experience in managing and evaluating privacy and access programs preferred;
  • Models and promotes core ethical practices and Waypoint Values and Code of Conduct with both internal and external stakeholders;
  • Preference for proficiency in French/English.

Waypoint employees apply through the Employee Self-Service portal at and external applicants apply to by close of business (5:00 pm) on July 5, 2019 quoting Job ID WC19-136. Attach your cover letter and resume detailing why you are interested in this opportunity and how you meet the qualifications and key accountabilities specified.

We are committed to fostering an inclusive, accessible work environment, where all employees feel valued and respected. Waypoint offers accommodation for applicants with disabilities as part of our recruitment process. If you are contacted to arrange an interview please advise us if you require an accommodation. All applicants are thanked for their interest in this position, however, due to high volumes only those selected for an interview will be contacted.

Job Category



Penetanguishene, ON