Ivan Recinos, CIPM, CIPP/C, FIP

Privacy role at a glance at Walmart

• Access, Correction and Withdrawal of Consent
• Privacy Breach Management
• Privacy Policies
• Privacy Consultation
• Privacy Assessments
• Privacy Reporting
• Privacy Program Development
• Consent Management
• Designing Privacy into a client facing product
• Data Mapping
• Data Governance
• Data Minimization
• Data Storage, Retention and Destruction
• Data Collection, Use and Disclosure

Compliance

• Ensure privacy compliance for stakeholders across Canada with provincial College of Pharmacists and College of Opticians
• Worked with all relevant privacy legislations in Canada in order for the business to achieve compliance including PHIPA, PIPEDA, HIA, PIPA and Bill 64
• Ensured proper records management of health records including the retention period, safeguarding of records, digitization and destruction
• Led privacy incident management from intake, investigation, containment, notification and remediation
• Reviewed and updated privacy policies and training materials to ensure compliance with relevant legislation and best practices
• Ensured annual privacy training and awareness was completed across the organization

Assessments

• Completed robust privacy impact assessments for existing products, solutions and practices including to the provinces of Alberta and Prince Edward Island
• Assessed privacy practices from an operations perspective at the pharmacies, vision centres and Walmart stores
• Assessed digital assets prior to implementation of the solution

Reporting

• Responsible for reporting requirements to the IPC, and other regulatory bodies in various jurisdictions including Privacy Impact Assessments (PIAs), Privacy Incidences and responding to inquiries
• Completed detailed monthly report on privacy program progress, trends, KPIs, and KRIs for management insight and to action any risks.

Data Governance:

• Conducted data classification and mapping initiatives by identifying, categorizing and labelling data asses based on sensitivity levels
• Developed data inventories and visual data flow diagrams to identify data lifecycle stages, storage locations, access points, and transfer pathways
• Monitored and assess compliance risks associated with data processing activities, provide actionable recommendations for remediating gaps and ensuring operational compliance

Successes:

• Ensured business partner success by introducing Privacy by Design for products and solutions including Health Kiosks, Central Fill, PrescribeIT, Telus Cloud Fax Solution, Rx ConsultAction, Digital Pharmacy App, eClaims, and IVR
• Enhanced privacy incident reporting capabilities, integration, investigating, and responding in order to have more efficient response, comprehensive investigations, regulatory compliance and overall risk mitigation
• Integrated Privacy Incident Systems in order to automate and comply with global standards
• Developed processes using agile methodology for project management and tracking within the team

Collaboration:

• Engaged over 330 pharmacies and 300 vision centers to ensure privacy best practices and legislation was being followed such as for PHIPA and HIA
• Worked on a team of 5 privacy professionals which included collaboration, weekly team meetings and cross coverage
• Worked with various stakeholders to achieve privacy success including Walmart Global, Security, Legal, Records Management, Compliance and the Health Transformation team; this included regular cadence of meetings and touchpoints

Experiences Gained:

• Increased understanding of pharmacy and optical healthcare system structure, processes, stakeholder groups and affected populations
• Stronger knowledge and experience with digital health, programs, vendors, assets and solutions across Canada
• Stronger understanding of Ontario's privacy regulation/policies/frameworks
• Demonstrated experience with conducting and leading privacy impact assessments in the health context
• Demonstrated experience with interpreting and applying PHIPA, HIA, Bill 64, College of Pharmacists, College of Optician requirements and leading regulatory/policy projects in digital health

Privacy role at a glance at Loblaws

• Privacy Assessments
• Record Retention
• Privacy Policies
• Privacy Breach Management
• PHIPA, PIPEDA, HIA, PIPA Compliance
• Data Governance
• Privacy by Design

Assessments:

• Conducted Privacy Impact Assessments for health systems for Medical Cannabis, Medical Health Teams and Dietitian groups to identify gaps in compliance with privacy regulations and standards

Data Governance:

• Implemented data management frameworks ensuring proper data classification, handling and retention in compliance with regulations for several initiatives

Successes:

• Guided new health projects on privacy controls for systems including Virtual Consultations, PC Health, and Health Activity Tracker in order to achieve a successful launch

Collaboration:

• Collaborated on projects; met via weekly meetings/touchpoints with the Medical Cannabis, Dietitian, and Medical Health teams
• Worked with a team of 4 privacy professionals with one individual directly reporting to me; cross collaborated with wider privacy team of approximately 30 individuals

Privacy role at a glance at London Health Sciences Centre

• Access, Correction Requests for PHIPA and FIPPA
• Consent Lockboxes and Withdrawal of Consent
• Privacy Breach Management
• Auditing
• Privacy Assessments
• Privacy Consultation
• Data retention storage and destruction

Assessments

• Completed privacy assessments on new products and solutions to ensure best privacy practice and compliance with privacy law
• Entrusted as a senior privacy expert (consultation, content and process) to ensure organizational compliance with privacy legislation

Compliance

• Executed access and correction requests under PHIPA and FIPPA legislations to achieve regulatory compliance
• Monitored privacy audits for appropriate accessing of records
• Managed privacy incidences all the way from investigation, containment, notification, and remediation

Collaboration

• Mentored privacy team in terms of their various tasks including auditing, privacy investigations, and proper collection, use, and disclosure of personal information to ensure privacy best practice and adherence to legislation.
• Worked with security, human resources, risk and various teams on products/projects and incident investigation

• Developed and Managed the organization’s Privacy Office needed to ensure proper oversight of privacy regulation
• Ensured an organization of 800+ employees complied with PHIPA, FIPPA and other relevant privacy legislations and best practices
• Created privacy frameworks including an auditing program and privacy assessment reviews to manage privacy risk and detect privacy incidences
• Supervised and developed the privacy team on topics such as privacy breach process, auditing and DSAR requests to ensure privacy coverage within the organization.

• Project managed execution of provincially funded health information technologies including ClinicalConnect and the Digital Health Drug Repository (DHDR) in order to achieve implementation targets
• Lead privacy and security assessments of over 30 health care organizations including hospitals, physician offices, long term care homes and pharmacies to meet requirements for the health information projects
• Designed project scope, targets, timelines, processes and worked with project risks and constraints to accommodate each specific organizational need
• Procured new projects and stakeholders across Southwestern Ontario to expand reach of the health information initiative.

• Handled all information access and correction requests for the South West district to meet PHIPA compliance including timelines
• Oversaw all privacy incidents and breaches to ensure proper privacy management and risk mitigation including investigation, containment, notification and remediation
• Provided detailed report and trending analysis for privacy related statistics including recommendations for improvement.