Rachel Kukulewich

Secured contracts with Vancouver Island Health Authority, Yukon, Alberta, Ontario, and Prince Edward Island for privacy impact assessments, data governance frameworks, and AI governance.

• Developed privacy training materials for diverse government and non-government clients, enhancing compliance and awareness across sectors.
• Prepared and investigated critical privacy and cybersecurity incidents, delivering actionable recommendations and collaborating with staff for effective implementation.
• Conducted digital platform reviews and managed contractual negotiations, ensuring alignment with health sector regulations and standards.
• Developed back-office risk management modeling training materials and customized privacy impact assessment template to reflect Ontario legislation using TrustArc tool.
• Audited legal documents to verify compliance with policies and procedures.
• Utilized document management system to organize files for accessibility and currency.
• Managed multiple projects concurrently, ensuring timely delivery within budget constraints.

• Coordinated policy and program analysis for FOI requests with legal staff and affected areas, ensuring compliance and clarity.
• Developed privacy requirements for all procurements involving resident data.
• Conducted privacy impact assessments on new IT platforms and existing projects.
• Developed information governance framework for SharePoint transition, enhancing data classification, retention schedules, and policies.
• Revised privacy policies and collection statements to promote public transparency regarding data usage.
• Oversaw severance and release of records to maintain legislative and policy compliance.
• Provided guidance on MFIPPA, FIPPA, IPC orders, related legislation, and corporate recordkeeping policies.
• Built a comprehensive privacy program within the Corporate Services Division.

• Led and oversaw FOI requests and program area submissions, ensuring legal liaison and cross-departmental coordination.
• Provided expert guidance on FIPPA, privacy principles, IPC orders, related legislation, and corporate policies.
• Coordinated records review with consulting agency and ministry program areas, ensuring compliance with FOI regulations.
• Analyzed complex access requests for general and personal information from diverse sources, facilitating informed decision-making.
• Identified issues in information requests, recommending compliant solutions to enhance processing efficiency.
• Ensured statutory requirements were met with appropriate application of exemptions.
• Made disclosure decision recommendations aligned with statutory standards.

• Led operational reviews for specialty health and digital health networks to enhance privacy compliance.
• Developed foundational privacy frameworks for pharmacy mergers and acquisitions in Alberta and Ontario.
• Supported business and project teams to ensure adherence to privacy policies, legislation, and contractual obligations.
• Coordinated reviews of ATIP requests, consulting multiple program areas and analyzing complex access inquiries to ensure compliance.
• Oversaw internal audits on inappropriate data access and managed formal investigations of privacy breaches to enhance organizational accountability.
• Directed development of privacy impact assessments for AI technologies in health sector to mitigate risks and ensure regulatory adherence.
• Coordinated threat risk assessments to align contracts and projects with Ontario's privacy legislation.
• Advised on interpretation and application of FIPPA, PHIPA, and PIPEDA regulations.

• Developed privacy requirements for five large Presto procurement lots exceeding $20 million.
• Led privacy initiatives for Presto, implementing criteria and project management gating in approval processes.
• Supported Metrolinx departments and project teams in achieving compliance with privacy policies and legislative obligations.
• Conducted policy analysis, coordinated with legal staff, and managed records release to ensure compliance.
• Oversaw privacy principles and consulted with various program areas on IPC orders.
• Analyzed complex access requests from multiple sources, ensuring statutory requirements and exemptions were met.
• Recommended actionable solutions to enhance privacy practices across projects.
• Collaborated with Corporate Secretary's Office to strengthen governance around privacy compliance.

• Led development of privacy impact assessments and coordinated threat risk assessments, ensuring compliance with Ontario privacy legislation.
• Oversaw internal audits in Epic, addressing inappropriate access and ensuring formal investigations of privacy breaches.
• Oversaw adherence to privacy principles under IPC orders, MFIPPA, PHIPA, and CYFSA.
• Provided guidance on interpretation and application of FIPPA, ATIP, PHIPA, and PIPEDA regulations, supporting organizational adherence to privacy standards.
• Drafted and reviewed data sharing agreements, ensuring alignment with privacy regulations.
• Prepared and investigated critical incidents related to privacy and cybersecurity, providing actionable recommendations to staff.
• Facilitated integration of Ontario Health’s CHRIS digital platform with Epic, enhancing data management capabilities.
• Assisted in recovery efforts for SickKids Hospital post-cyber-attack, facilitating restoration processes.

• Provided strategic advice to assistant deputy ministers and minister's office on patient privacy matters.
• Oversaw compliance with IPC orders and legislation on recordkeeping, ensuring adherence to corporate policies and safeguarding patient information.
• Led privacy initiatives for the Ministry of Long-Term Care during the COVID-19 outbreak.
• Processed ministry-related FIPPA requests, achieving 83 percent extended compliance while working remotely, enhancing transparency and accountability.
• Collaborated with long-term care homes to manage media requests related to patient health information, ensuring compliance with privacy regulations.
• Drafted and implemented ministry processes for successful completion of requests.
• Trained ministry staff at all levels to ensure effective use of tools and resources.
• Supported FIPPA functions for Ministry of Health, offering guidance on legislation interpretation.