Description:

Job Description:
Role Summary:
The Sr. Counsel (Privacy & Data) will serve as OneOncology's Privacy Officer and a key member of OneOncology's Healthcare and Operations legal team, with primary responsibility for the strategic development, implementation, and maintenance of the organization's enterprise privacy program and a key stakeholder in the organization's enterprise security program. This includes ensuring compliance with federal and state privacy and security laws and regulations, managing privacy risks, and fostering a culture of privacy and security awareness throughout OneOncology's owned, affiliated and managed practices. This role will also support various OneOncology data initiatives, including pharmaceutical real-world evidence (RWE) studies, other data projects, and related technology projects.

Responsibilities:
  • Develop, implement, and maintain comprehensive privacy policies and procedures and oversee organization's, and its subsidiaries' and legal affiliates', compliance with HIPAA, HITECH, and other applicable privacy laws and regulations.
  • Oversee the response to platform privacy and security incidents and breaches, including investigation, mitigation, and notification for OneOncology-owned, affiliated and managed practices.
  • Serve as OneOncology's Privacy Officer and the primary point of contact for privacy-related inquiries and complaints from patients, employees, practices, and regulatory bodies.
  • Collaborate with OneOncology's Compliance, Information Security, Product/Engineering and other teams to ensure compliant, aligned and integrated privacy practices, procedures and product design across platform. Serve as a key partner in the development, implementation and maintenance of OneOncology and its owned, affiliated and managed practices' security compliance program and policies and procedures.
  • Monitor legal and regulatory developments and industry best practices to proactively update the privacy and security program.
  • Maintain documentation of the organization's privacy and security practices and decisions.
  • Coordinate and support privacy audits, regulatory inquiries, and investigations and partner with OneOncology's Security Officer on related security matters.
  • Identify, document, and mitigate privacy risks across business units.
  • Maintain incident response protocols and coordinate with Information Security on breach investigations and notifications.
  • Partner with OneOncology's compliance department on privacy training and awareness programs for employees and stakeholders.
  • Promote a privacy-aware culture across the organization.
  • Oversee data subject rights processes for responding to access requests (DSARs) and other rights under privacy laws.
  • Oversee privacy aspects of vendor approval process and ensure adherence to data protection and privacy compliance.
  • Review, draft, negotiate pharmaceutical RWE and data related agreements across the OneOncology platform, addressing technology, privacy and security and other legal needs.
  • Provide rapid, practical, business-oriented legal and commercial strategic advice directly to business stakeholders responsible for pharma data/RWE business lines.
  • Primary responsibility for establishing and deploying OneOncology's Artificial Intelligence (AI) compliance policies and procedures and development of processes regarding safe and responsible use and deployment of AI technology.
  • Assist legal leadership in higher level matters, as needed.
  • Additional responsibilities as assigned to help drive our mission of improving the lives of everyone living with cancer.

Required or Preferred Qualifications:
  • Juris Doctorate from an accredited law school.
  • Member of a state or DC bar.
  • 7-10+ years of relevant privacy and legal experience in a law firm or corporate legal department required.
  • Minimum of 3 years in a senior role preferred.
  • Certified Healthcare Privacy Compliance (CHPC) or equivalent certification preferred.

Essential Competencies:
  • In-depth knowledge and experience with U.S. privacy and security laws and regulations and healthcare privacy and security programs.
  • Familiar with certified Electronic Health Record (EHR) regulations, healthcare anti-kickback, self-referral, fraud and abuse laws, and HIPAA.
  • Demonstrated success working in a fast-paced, high-performing, results-driven environment.
  • Ability to draft and close commercial agreements with minimal support from more senior staff.
  • Demonstrated ability to think and decide quickly, and to communicate legal issues and solutions clearly and concisely.
  • Self-starter with the ability to work efficiently with minimal supervision.
  • Ability to manage and bring complex projects to close.
  • Strong technical skills in Microsoft Office Suite, compliance/legal tracking, and research systems (e.g., Ethico, HealthStream, etc.).
  • Attendance is an essential job function.

This job description does not contain a full listing of activities, duties or responsibilities required of this role. Duties, responsibilities and activities may change, or new ones may be assigned at any time with or without notice.