Description:
Job Description:Role Summary:
The Sr. Counsel (Privacy & Data) will serve as OneOncology's Privacy Officer and a key member of OneOncology's Healthcare and Operations legal team, with primary responsibility for the strategic development, implementation, and maintenance of the organization's enterprise privacy program and a key stakeholder in the organization's enterprise security program. This includes ensuring compliance with federal and state privacy and security laws and regulations, managing privacy risks, and fostering a culture of privacy and security awareness throughout OneOncology's owned, affiliated and managed practices. This role will also support various OneOncology data initiatives, including pharmaceutical real-world evidence (RWE) studies, other data projects, and related technology projects.
Responsibilities:
- Develop, implement, and maintain comprehensive privacy policies and procedures and oversee organization's, and its subsidiaries' and legal affiliates', compliance with HIPAA, HITECH, and other applicable privacy laws and regulations.
- Oversee the response to platform privacy and security incidents and breaches, including investigation, mitigation, and notification for OneOncology-owned, affiliated and managed practices.
- Serve as OneOncology's Privacy Officer and the primary point of contact for privacy-related inquiries and complaints from patients, employees, practices, and regulatory bodies.
- Collaborate with OneOncology's Compliance, Information Security, Product/Engineering and other teams to ensure compliant, aligned and integrated privacy practices, procedures and product design across platform. Serve as a key partner in the development, implementation and maintenance of OneOncology and its owned, affiliated and managed practices' security compliance program and policies and procedures.
- Monitor legal and regulatory developments and industry best practices to proactively update the privacy and security program.
- Maintain documentation of the organization's privacy and security practices and decisions.
- Coordinate and support privacy audits, regulatory inquiries, and investigations and partner with OneOncology's Security Officer on related security matters.
- Identify, document, and mitigate privacy risks across business units.
- Maintain incident response protocols and coordinate with Information Security on breach investigations and notifications.
- Partner with OneOncology's compliance department on privacy training and awareness programs for employees and stakeholders.
- Promote a privacy-aware culture across the organization.
- Oversee data subject rights processes for responding to access requests (DSARs) and other rights under privacy laws.
- Oversee privacy aspects of vendor approval process and ensure adherence to data protection and privacy compliance.
- Review, draft, negotiate pharmaceutical RWE and data related agreements across the OneOncology platform, addressing technology, privacy and security and other legal needs.
- Provide rapid, practical, business-oriented legal and commercial strategic advice directly to business stakeholders responsible for pharma data/RWE business lines.
- Primary responsibility for establishing and deploying OneOncology's Artificial Intelligence (AI) compliance policies and procedures and development of processes regarding safe and responsible use and deployment of AI technology.
- Assist legal leadership in higher level matters, as needed.
- Additional responsibilities as assigned to help drive our mission of improving the lives of everyone living with cancer.
Required or Preferred Qualifications:
- Juris Doctorate from an accredited law school.
- Member of a state or DC bar.
- 7-10+ years of relevant privacy and legal experience in a law firm or corporate legal department required.
- Minimum of 3 years in a senior role preferred.
- Certified Healthcare Privacy Compliance (CHPC) or equivalent certification preferred.
Essential Competencies:
- In-depth knowledge and experience with U.S. privacy and security laws and regulations and healthcare privacy and security programs.
- Familiar with certified Electronic Health Record (EHR) regulations, healthcare anti-kickback, self-referral, fraud and abuse laws, and HIPAA.
- Demonstrated success working in a fast-paced, high-performing, results-driven environment.
- Ability to draft and close commercial agreements with minimal support from more senior staff.
- Demonstrated ability to think and decide quickly, and to communicate legal issues and solutions clearly and concisely.
- Self-starter with the ability to work efficiently with minimal supervision.
- Ability to manage and bring complex projects to close.
- Strong technical skills in Microsoft Office Suite, compliance/legal tracking, and research systems (e.g., Ethico, HealthStream, etc.).
- Attendance is an essential job function.
This job description does not contain a full listing of activities, duties or responsibilities required of this role. Duties, responsibilities and activities may change, or new ones may be assigned at any time with or without notice.