Senior Privacy and Regulatory Counsel (Washington)

Senior Privacy And Regulatory Counsel

Surescripts serves the nation through simpler, trusted health intelligence sharing, in order to increase patient safety, lower costs and ensure quality care. We deliver insights at critical points of care for better decisions from streamlining prior authorizations to delivering comprehensive medication histories to facilitating messages between providers.

The Senior Privacy and Regulatory Counsel provides critical corporate, regulatory, and commercial legal services to the organization and its in-house clients to manage privacy, regulatory and data use risks. Such legal services primarily concern the interpretation of laws, rules, regulations, and guidance documents that regulate the collection, use, sharing, and retention / deletion of health-related personally identifiable information (PII) (e.g., HIPAA, the FTC Act, state consumer privacy laws, and data breach reporting and notification laws), data rights, product / service / system counseling based on Privacy by Design, risk assessment and analysis, risk remediation, and drafting and negotiating privacy and data protection provisions of agreements with partners, customers, and vendors, as well as other healthcare regulatory laws.

This role is accountable for privacy and regulatory legal expertise and counseling, and contributes to the strategic design of the privacy program, partnering with and counseling the Chief Legal Officer, Privacy Officer and Chief Information Security Officer, and other key stakeholders including the Product Innovation, Data & Analytics, and Growth departments, enabling the Executive Team to make informed, risk-based decisions regarding legal risk and strategy.

Responsibilities include :

• Provide legal support and advise across a myriad of regulations including HIPAA, Information Blocking Rules, Anti-Lead complex legal services arising from business priorities and data rights associated with the handling of deidentified data, PII / Protected Health Information (PHI).
• Provide legal and strategic advice to the Chief Legal Officer, Privacy Officer and VP, Legal Affairs to ensure compliance and manage risk to PII / PHI.
• Partner with other members of the Legal Affairs team, product managers and developers, Growth team, and other stakeholders to ensure privacy is incorporated in the development of products, services, and systems.
• Create and foster partnerships across the enterprise, managing those relationships as well as providing high quality advice in innovative ways, including through PowerPoint and visual representation.
• Participate in the operation of data privacy, risk, and governance boards or committees, such as developing priorities and initiatives.
• Act in accordance with the Department's service delivery model.
• Serve as senior leader on the Privacy and Regulatory team to develop, implement, and execute strategic vision, including team meetings, brainstorming sessions, trainings, and team building activities.
• Draft, maintain, and update Business Associate Agreement (BAA) and related privacy and data protection templates.
• Draft and negotiate / advise on BAAs and related privacy and data protection agreements and terms in customer / vendor contracts or other legal documentation with customers, suppliers, and other parties.
• Advise other members of the Legal Affairs team in the negotiation of BAAs and related privacy and data protection terms in customer / vendor contracts or other legal documentation with customers, suppliers, and other parties.
• Partner cross-functionally to ensure compliance with privacy and data protection-relevant provisions of contracts, state and federal law and regulations and applicable standards.
• Mentor other privacy or legal professionals.
• Counsel on privacy and security incident preparedness and management.
• Track, analyze, and counsel stakeholders involving privacy and data protection related law, regulation, published standards, etc.
• Prepare comments or responses to requests for information (RFIs) on behalf of the Company regarding proposed rules or regulations related to privacy and data protection.
• Evaluate and advise on compliance with applicable privacy, data protection, and data use laws, rules, regulations, and guidance documents related to Company products / services in conceptual or development phases, as well as on appropriate courses of action for privacy and data protection to meet the Company's and business units' needs, including data rights use and concepts such as HIPAA data aggregation and proper management and administration as a Business Associate.
• Manage complex projects as assigned, including guidance on where HIPAA, Intellectual Property, Anti-Kickback Statute and other regulations factor into the solution.
• Assist with internal and external privacy and data protection-related federal, state, and industry compliance activities.
• Manage legal matters assigned to outside counsel and preside at meetings regarding legal issues.
• Work within the Privacy and Regulatory team to create key performance indicators and drive goals and continuous improvement opportunities established by the Associate General Counsel, supporting the management, growth and effectiveness of the vertical

Qualifications include :

Basic Requirements :

Preferred Qualifications :

Surescripts embraces flexibility through its Flexible Hybrid Work model for most positions. This model allows employees to work virtually while still utilizing our offices as collaboration centers. With alignment and agreement from your leadership, you can come and go from the office as needed.

To be considered for employment, applicants must have a valid U.S. work authorization allowing work without restrictions with Surescripts in the U.S. At this time, we are unable to provide support or provide sponsorship for immigration benefits such as work visas. Additionally, we do not participate in academic training programs or work-study programs through an academic institution that require employer endorsement of F-1 / CPT or F-1 / STEM.

You have never met a problem you did not want to try to solve. You are creative and practical. With your ability to drive to results, cut through the fog, and help others see multiple perspectives, you save the day on a semi-regular basis.

We learn from each other and help one another. We dont waste energy competing with one another, stirring up drama, or plotting revenge. Were too busy for that. Plus, we actually like each other. We get work done, ask how we can get better, and generally enjoy ourselves along the way.

We operate a balancing act : We dont just advise on risks; we help the business move toward opportunities. Its good that we are flexible and nimble as we operate in an ever-evolving landscape. We encounter and embrace constant change and continue to drive compliance with laws, regulatory requirements, policies and procedures. We are proud that our work protects and advances the interests of the Surescripts Network Alliance and helps build a secure, connected, and effective healthcare system.

Were a midsize company. This means youre not just another employee ID number. Here, you can build real relationships and feel supported by truly awesome people with diverse backgrounds and talents in an innovative and collaborative work culture. We strive to create an environment where you can be yourself, share your ideas and work your way. We offer opportunities for employee development, as well as competitive compensation packages and extensive benefits.