Privacy Officer

For more than 20 years, PointClickCare has been the backbone of senior care. We’ve amassed the richest senior care dataset making our market density untouchable and our connections to the healthcare ecosystem exponentially more powerful than those of any other platform.

With Collective Medical & Audacious Inquiry, we’ve become the most expansive, full-continuum care collaboration network, offering care teams immediate, point-of-care access to deep, real-time insights at every stage of a patient’s journey.

For more information on PointClickCare, please connect with us on Glassdoor and LinkedIn.

**Key Responsibilities**:

- Oversees all ongoing activities related to the development, implementation and maintenance of PointClickCare’s privacy program and policies in accordance with applicable (i) United States federal and state laws, including the _Health Insurance Portability and Accountability Act of 1996_ (“**HIPAA**”); and (ii) Canadian federal and provincial laws.
- Ensures, in conjunction with PointClickCare’s Security team, that PointClickCare is using reasonable and appropriate measures to safeguard the confidentiality, integrity and accessibility of personal information (“**PI**”), including personal health information (“**PHI**”, and together with PI, “**Personal Information**”), that is stored and processed on behalf of PointClickCare customers.
- In the event of an incident of suspected or actual unauthorized handling of Personal Information, determines escalation and response procedures (in conjunction with PointClickCare’s Security team).
- Works with all PointClickCare personnel involved with any aspect of release of PHI, to ensure full coordination and cooperation under PointClickCare’s legal and privacy policies, procedures and requirements.
- Coordinate with PointClickCare’s Security team to ensure that all mechanisms designed to track access to PHI by PointClickCare personnel are consistent with PointClickCare’s legal and privacy obligations.
- Coordinate with PointClickCare’s Security team to oversee and administer ongoing activities to enforce, review, and, where appropriate, audit and monitor PointClickCare personnel and vendors with regard to compliance with HIPAA policies and procedures, contractual privacy and data protection obligations, individual privacy rights, and federal, state and provincial privacy and security regulations.
- Reviews for approval all non-standard data-sharing arrangements.
- Drafts and revises all HIPAA-related policies, procedures, forms and processes as required to align to current industry trends and regulatory and operational changes.
- Participates in the development, implementation, and ongoing compliance monitoring of all business associate agreements to ensure that all privacy concerns, requirements and responsibilities are addressed.
- Collaborates with the Engineering, Information Technology and Security teams to ensure system integration of, and alignment with, privacy, data protection and cyber security practices (i.e., privacy compliance and data protection by design).
- Oversees, directs, delivers, or ensures delivery of privacy training and orientation to all PointClickCare personnel.
- Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning PointClickCare’s privacy policies and procedure.
- Acts as a general privacy resource for all PointClickCare personnel and initiates, facilitates and promotes activities to foster information privacy awareness within the organization.
- Advises the executive leadership team by assessing current privacy practices and identifying risks, developing solutions and risk mitigation strategies.
- Provides reports on a regular basis to keep the General Counsel apprised of the operations and progress of privacy compliance efforts.
- Maintains current knowledge of applicable federal, state and provincial privacy laws and regulations, monitors advancements in information privacy technologies; and assists with adaptation of business practices when necessary to ensure compliance.
- Appointed as PointClickCare’s “privacy official” for purposes of 45 CFR - 164.530 (but not as PointClickCare’s security official, as described at 45 CFR - 164.308) and as PointClickCare’s “Chief Privacy Officer” as referenced in its, or its subsidiaries’, information privacy and security policies and third-party certification documentation (e.g., HITRUST, etc.).

**Required Experience**:

- Law degree preferred.
- Extensive knowledge and experience in United States health and general privacy laws, requirements and industry best practices, with a particular focus on HIPAA.
- Extensive knowledge and understanding, or an ability to quickly acquire extensive knowledge and understanding, of Canadian health and general privacy laws.
- Experience defining, drafting and implementing policies and procedures and trainin