Surescripts serves the nation through simpler, trusted health intelligence sharing, in order to increase patient safety, lower costs and ensure quality care. We deliver insights at critical points of care for better decisions - from streamlining prior authorizations to delivering comprehensive medication histories to facilitating messages between providers. Job Summary: The Senior Privacy and Regulatory Counsel provides critical corporate, regulatory, and commercial legal services to the organization and its in-house clients to manage privacy, regulatory and data use risks. Such legal services primarily concern the interpretation of laws, rules, regulations, and guidance documents that regulate the collection, use, sharing, and retention/deletion of health-related personally identifiable information (PII) (e.g., HIPAA, the FTC Act, state consumer privacy laws, and data breach reporting and notification laws), data rights, product/service/system counseling based on Privacy by Design, risk assessment and analysis, risk remediation, and drafting and negotiating privacy and data protection provisions of agreements with partners, customers, and vendors, as well as other healthcare regulatory laws. This role is accountable for privacy and regulatory legal expertise and counseling, and contributes to the strategic design of the privacy program, partnering with and counseling the Chief Legal Officer, Privacy Officer and Chief Information Security Officer, and other key stakeholders including the Product Innovation, Data & Analytics, and Growth departments , enabling the Executive Team to make informed, risk-based decisions regarding legal risk and strategy. #LI-REMOTE Responsibilities: Provide legal support and advise across a myriad of regulations including HIPAA, Information Blocking Rules, Anti-Lead complex legal services arising from business priorities and data rights associated with the handling of deidentified data, PII/Protected Health Information (PHI). Provide legal and strategic advice to the Chief Legal Officer, Privacy Officer and VP, Legal Affairs to ensure compliance and manage risk to PII/PHI. Partner with other members of the Legal Affairs team, product managers and developers, Growth team, and other stakeholders to ensure privacy is incorporated in the development of products, services, and systems. Create and foster partnerships across the enterprise, managing those relationships as well as providing high quality advice in innovative ways, including through PowerPoint and visual representation. Participate in the operation of data privacy, risk, and governance boards or committees, such as developing priorities and initiatives. Act in accordance with the Department's service delivery model. Serve as senior leader on the Privacy and Regulatory team to develop, implement, and execute strategic vision, including team meetings, brainstorming sessions, trainings, and team building activities. Draft, maintain, and update Business Associate Agreement (BAA) and related privacy and data protection templates. Draft and negotiate/advise on BAAs and related privacy and data protection agreements and terms in customer/vendor contracts or other legal documentation with customers, suppliers, and other parties. Advise other members of the Legal Affairs team in the negotiation of BAAs and related privacy and data protection terms in customer/vendor contracts or other legal documentation with customers, suppliers, and other parties. Partner cross-functionally to ensure compliance with privacy and data protection-relevant provisions of contracts, state and federal law and regulations and applicable standards. Mentor other privacy or legal professionals. Counsel on privacy and security incident preparedness and management. Track, analyze, and counsel stakeholders involving privacy and data protection related law, regulation, published standards, etc. Prepare comments or responses to requests for information (RFIs) on behalf of the Company regarding proposed rules or regulations related to privacy and data protection. Evaluate and advise on compliance with applicable privacy, data protection, and data use laws, rules, regulations, and guidance documents related to Company products/services in conceptual or development phases, as well as on appropriate courses of action for privacy and data protection to meet the Company's and business units' needs, including data rights use and concepts such as HIPAA data aggregation and proper management and administration as a Business Associate. Manage complex projects as assigned, including guidance on where HIPAA, Intellectual Property, Anti-Kickback Statute and other regulations factor into the solution. Assist with internal and external privacy and data protection-related federal, state, and industry compliance activities. Manage legal matters assigned to outside counsel and preside at meetings regarding legal issues. Work within the Privacy and Regulatory team to create key performance indicators and drive goals and continuous improvement opportunities established by the Associate General Counsel, supporting the management, growth and effectiveness of the vertical Qualifications:Basic Requirements: Juris Doctor degree from an ABA-accredited law school and good standing member of at least one state bar 8+ years of experience as a practicing privacy attorney at a law firm or in-house - additional years of relevant experience in a non-attorney role in the healthcare or technology industry may be considered in satisfying this requirement 5+ years of experience working with product strategists, owners, developers, and architects, advising on privacy and data protection issues throughout the development lifecycle 5+ years healthcare regulatory background 5+ years of subject matter experience in privacy and data protection 2+ years of experience assessing, analyzing, and recommending risk management strategies for privacy compliance Works with a high degree of autonomy, demonstrating significant subject matter experience and excellent communication skills Preferred Qualifications: 2+ years of experience with the operation of a governance committee or similar body supporting privacy strategy 2+ years of experience with HIPAA regulated entities, interpreting the Privacy and Security Rules Familiarity with other areas of emerging technology Professional certification in privacy, data governance, data classification, and/or risk assessment Familiarity with published privacy and data protection standards, such as NIST, ISO, and/or HITRUST Surescripts embraces flexibility through its Flexible Hybrid Work model for most positions. This model allows employees to work virtually while still utilizing our offices as collaboration centers. With alignment and agreement from your leadership, you can come and go from the office as needed . To be considered for employment, applicants must have a valid U.S. work authorization allowing work without restrictions with Surecripts in the U.S. At this time, we are unable to provide support or provide sponsorship for immigration benefits such as work visas. Additionally, we do not participate in academic training programs or work-study programs through an academic institution that require employer endorsement of F-1/CPT or F-1/STEM. What You're Like You have never met a problem you did not want to try to solve. You are creative and practical. With your ability to drive to results, cut through the fog, and help others see multiple perspectives, you save the day on a semi-regular basis. What We're Like We learn from each other and help one another. We don't waste energy competing with one another, stirring up drama, or... For full info follow application link. Equal Employment Opportunity/Affirmative Action Employer - Disabled/Vets
