Commander Privacy & Clinical Information Management

• Job ID: 52430
• Job Category: Records & Information Management
• Division & Section: Toronto Paramedic Services, PS Program Dev & Professional Standards
• Work Location: Fire & Paramedic HQ & EMS Station 53, 4330 Dufferin St, Toronto
• Job Type & Duration: Full-Time, Permanent Vacancy
• Salary: $112,280.00 - $149,247.00 (2024 Rate) 
• Shift Information: Monday to Friday, 35 hours per week
• Affiliation: Non-Union
• Number of Positions Open: 1
• Posting Period: 23-Jan-2025 to 13-Feb-2025

Job Summary:

The Commander, Privacy & Clinical Information Management will provide leadership and strategic support in Divisional information management, including the design of clinical data systems; maintenance and security of health information; establishment and promotion of record-keeping standards that meet corporate, legal and legislative obligations as a City Division and Health Information Custodian. The Commander will provide subject matter expertise as the Divisions' Privacy Officer, managing privacy breaches, conducting investigations, and identifying areas of improvement to mitigate risk for the Division/City.

Major Responsibilities:

• Develops and implements detailed plans and recommends policies regarding program specific requirements.
• Manages assigned projects, ensuring effective teamwork and communication, high standards of work quality and organizational performance and continuous learning.
• Develops, recommends and administers the annual budget for the unit, and ensures that the unit's expenditures are controlled and maintained within approved budget limitations.
• Assumes responsibility for Divisional Information Management to align the Division’s information policies and practices with the City's expectations.
• Manages the annual Information Management Plan and addresses internal information management needs.
• Plans and manages record retention, retrieval and disposition of data, adhering to legislative obligations, corporate policies and guidelines.
• Acts as the Division’s Health Information Custodian under the Personal Health Information Protection Act (PHIPA) and represents the Division as the assigned Privacy Officer.
• Conducts research into assigned areas ensuring that such research takes into account developments within the field, corporate policies and practices, legislation and initiatives by other levels of government. Applies relevant information privacy laws, regulations, privacy enhancing best practices and industry-accepted privacy and security risk management strategies within the Division.
• Identifies and manages the development and implementation of policies and procedures that ensure the confidentiality, integrity, security and availability of information and records management mandated by legislation including the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) and PHIPA.
• Provides direction to the Division in the management of risks such as privacy breaches and makes changes to business and clinical processes to prevent re-occurrence. Manages the resolution of privacy breaches, incidents, and complaints within the Division ensuring adherence to related legislations, policies, procedures, and mitigating risk to the Division/City.
• Investigates internal and external violations and breaches related to privacy policies or procedures. Makes recommendations based on investigation results which could lead to the discipline or dismissal of staff.
• Attends disciplinary hearings as required to confirm details of the investigation findings.
• Coordinates responses and prepares correspondence to formal and informal privacy complaints that are often sensitive and/or political by conducting research and investigation into the complaint.
• Provides complex privacy compliance advice on all aspects of Divisional projects from design to implementation including providing direction to staff as required.
• Provides leadership on projects supporting compliance with MFIPPA and PHIPA and other risk management frameworks/standards as applicable.
• Recommends privacy and quality assurance requirements consistent with MFIPPA, PHIPA, legislation and corporate standards.
• Leads the implementation of proactive and progressive change related to business processes, policies and legislative requirements to facilitate operational improvements.
• Plans, prioritizes and manages internal and/or external assigned project resources to meet project objectives.
• Performs and coordinates the delivery of privacy impact assessments of in-scope projects. Consults with the Office of the Chief Information Security Officer regarding privacy matters.
• Manages the development and delivery of risk management training for Divisional staff.
• Conducts research and prepares reports and training materials specific to privacy implications of new technologies and information systems.
• Deals with resistance to advice, negotiates and resolves conflict, clarifies linkages between core business areas of the Division and linkages to MFIPPA and PHIPA privacy compliance.
• Prepares and/or supervises the preparation of various formal contractual documents such as Request for Information/ Proposal/Quotation, Statement of Work, Memorandum of Understanding and Service Level Agreements.
• Provides leadership in the evaluation, selection and recommendation of technical solutions and professional services.
• Anticipates, identifies and analyzes organizational impacts of emerging privacy requirements; recommends and coordinates innovative solutions using conflict resolution and negotiation skills to successfully manage sensitive and controversial matters.
• Organizes and works with multidisciplinary business and technical teams from across the organization to formulate and execute project plans and tasks according to established project management principles and methodologies.
• Provides advice and recommendations to senior management on privacy compliance through consultations with City staff members at all levels regarding special information access and disclosure requests and challenges.
• Manages the Division's responses to Routine Disclosure and Freedom of Information requests.
• Communicates effectively to stakeholders, clients, project managers, supervisors and team members regarding any business and technical decisions and actions that may impact solution delivery, staff performance, business processes, management workflow and technical support of public services.
• Acts as an innovative leader to demonstrate commitment to the organizational values of diversity and inclusion. Cultivates an innovative workforce of high-performing professionals in a positive service delivery culture.

Key Qualifications

1. Post-secondary education in a related field of study (e.g., Information Management, Public Administration, Public Policy, etc.), or the equivalent combination of education and experience.
2. Experience in researching and applying relevant information privacy laws (including MFIPPA and PHIPA), regulations, privacy enhancing best practices and industry-accepted privacy and security risk management strategies.
3. Considerable experience managing privacy and information collection issues, including investigations into privacy breaches and complaints, and the process of responding and overseeing to requests to collect personal information.
4. Experience leading and implementing proactive and progressive change related to business processes, policies and legislative requirements to facilitate operational improvements.
5. Exceptional oral and written communication skills, with the ability to effectively convey information at all levels within the organization, including at the political level.
6. Strong ability to collaborate effectively with both internal and external partners and stakeholders, as well as superior analytical, interpersonal, problem-solving, and conflict resolution skills.
7. Extensive knowledge of emerging data processing, customer relationship management and identity management standard procedures, terminology, privacy risks, and organizational and privacy requirements to integrate new technologies into electronic services across channels and organizational boundaries.
8. Extensive knowledge of privacy laws, policies and regulations, including MFIPPA, PHIPA, City of Toronto Act, 2006, relevant City by-laws, and Orders of the Information and Privacy Commissioner, especially orders pertaining to the municipal environment.
9. Professional Certification from the Privacy and Access Council of Canada (AAPP/CAPP/MAPP), the International Association of Privacy Professionals (CIPP/C or CIPM), or the ISC2 (CISSP) is an asset.

Equity, Diversity and Inclusion

The City is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve. Learn more about the City’s commitment to employment equity.

Accommodation

The City of Toronto is committed to creating an accessible and inclusive organization. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Disability-related accommodation during the application process is available upon request. Learn more about the City’s Hiring Policies and Accommodation Process.