Privacy Officer

For more than 20 years, PointClickCare has been the backbone of senior care. We’ve amassed the richest senior care dataset making our market density untouchable and our connections to the healthcare ecosystem exponentially more powerful than those of any other platform. 
With Collective Medical & Audacious Inquiry, we’ve become the most expansive, full-continuum care collaboration network, offering care teams immediate, point-of-care access to deep, real-time insights at every stage of a patient’s journey.
For more information on PointClickCare, please connect with us on Glassdoor and LinkedIn.
Key Responsibilities:
·       Oversees all ongoing activities related to the development, implementation and maintenance of PointClickCare’s privacy program and policies in accordance with applicable (i) United States federal and state laws, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”); and (ii) Canadian federal and provincial laws.·       Ensures, in conjunction with PointClickCare’s Security team, that PointClickCare is using reasonable and appropriate measures to safeguard the confidentiality, integrity and accessibility of personal information (“PI”), including personal health information (“PHI”, and together with PI, “Personal Information”), that is stored and processed on behalf of PointClickCare customers.·       In the event of an incident of suspected or actual unauthorized handling of Personal Information, determines escalation and response procedures (in conjunction with PointClickCare’s Security team).·       Works with all PointClickCare personnel involved with any aspect of release of PHI, to ensure full coordination and cooperation under PointClickCare’s legal and privacy policies, procedures and requirements. ·       Coordinate with PointClickCare’s Security team to ensure that all mechanisms designed to track access to PHI by PointClickCare personnel are consistent with PointClickCare’s legal and privacy obligations.·       Coordinate with PointClickCare’s Security team to oversee and administer ongoing activities to enforce, review, and, where appropriate, audit and monitor PointClickCare personnel and vendors with regard to compliance with HIPAA policies and procedures, contractual privacy and data protection obligations, individual privacy rights, and federal, state and provincial privacy and security regulations.·       Responds, or oversees responses to, routine and non-routine data requests to use and disclose PHI; ensures consistent application of policies and documentation of such requests. ·       Reviews for approval all non-standard data-sharing arrangements.·       Drafts and revises all HIPAA-related policies, procedures, forms and processes as required to align to current industry trends and regulatory and operational changes.·       Participates in the development, implementation, and ongoing compliance monitoring of all business associate agreements to ensure that all privacy concerns, requirements and responsibilities are addressed.·       Collaborates with the Engineering, Information Technology and Security teams to ensure system integration of, and alignment with, privacy, data protection and cyber security practices (i.e., privacy compliance and data protection by design).  ·       Oversees, directs, delivers, or ensures delivery of privacy training and orientation to all PointClickCare personnel.·       Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning PointClickCare’s privacy policies and procedure.- Serves as PointClickCare’s subject matter expert on all privacy and data protection laws and regulations and on key projects where data protection and privacy must be considered and/or managed.- Acts as a general privacy resource for all PointClickCare personnel and initiates, facilitates and promotes activities to foster information privacy awareness within the organization.- Advises the executive leadership team by assessing current privacy practices and identifying risks, developing solutions and risk mitigation strategies.- Provides reports on a regular basis to keep the General Counsel apprised of the operations and progress of privacy compliance efforts.- Maintains current knowledge of applicable federal, state and provincial privacy laws and regulations, monitors advancements in information privacy technologies; and assists with adaptation of business practices when necessary to ensure compliance.- Appointed as PointClickCare’s “privacy official” for purposes of 45 CFR § 164.530 (but not as PointClickCare’s security official, as described at 45 CFR § 164.308) and as PointClickCare’s “Chief Privacy Officer” as referenced in its, or its subsidiaries’, information privacy and security policies and third-party certification documentation (e.g., HITRUST, etc.).   
Required Experience:
·       Law degree preferred.·       Extensive knowledge and experience in United States health and general privacy laws, requirements and industry best practices, with a particular focus on HIPAA.·       Extensive knowledge and understanding, or an ability to quickly acquire extensive knowledge and understanding, of Canadian health and general privacy laws.·       Experience defining, drafting and implementing policies and procedures and training.·       Experience conducting ongoing privacy compliance and data protection monitoring activities.·       Demonstrated organization, facilitation, communication, and presentation skills.·       Strong analytical capability and problem-solving skills, with attention to detail.·       Strong project management skills, including ability to think end-to-end and manage multiple priorities/projects simultaneously for multiple stakeholders.·       Demonstrated ability to influence and drive senior internal and external stakeholders to a decision.·       Excellent interpersonal skills; a team player with ability to partner at all levels of the organization and who is able to act as both a leader and an individual contributor as required.#LI-SG1 #LI-Remote
It is the policy of PointClickCare to ensure equal employment opportunity without discrimination or harassment on the basis of race, religion, national origin, status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law. PointClickCare welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection process. Please contact recruitment@pointclickcare.com should you require any accommodations.
When you apply for a position, your information is processed and stored with Lever, in accordance with Lever’s Privacy Policy. We use this information to evaluate your candidacy for the posted position. We also store this information, and may use it in relation to future positions to which you apply, or which we believe may be relevant to you given your background. When we have no ongoing legitimate business need to process your information, we will either delete or anonymize it.  If you have any questions about how PointClickCare uses or processes your information, or if you would like to ask to access, correct, or delete your information, please contact PointClickCare’s human resources team: recruitment@pointclickcare.com 
PointClickCare is committed to Information Security. By applying to this position, if hired, you commit to following our information security policies and procedures and making every effort to secure confidential and/or sensitive information.