Sr. Counsel (Privacy, Security & Data)

Sr. Counsel (Privacy, Security & Data) OneOncology - 2.4 Nashville, TN Job Details Full-time 1 day ago Qualifications Deal closing Strategic management Contract review 7 years Law Achieving HIPAA compliance Legal negotiation Regulatory compliance Legal risk management HIPAA Implementing healthcare compliance training programs Threat detection & response Contract management in healthcare Legal firm experience Doctor of Law (JD) EMR/EHR Policy & process development Contract drafting Legal drafting Security policy implementation Incident Investigation Productivity software Training & development Senior level Regulatory audits Training AI Bar Incident response implementation CHPC Full Job Description OneOncology is positioning community oncologists to drive the future of cancer care through a patient-centric, physician-driven, and technology-powered model to help improve the lives of everyone living with cancer. Our team is bringing together leaders to the market place to help drive OneOncology's mission and vision. Why join us? This is an exciting time to join OneOncology. Our values-driven culture reflects our startup enthusiasm supported by industry leaders in oncology, technology, and finance. We are looking for talented and highly-motivated individuals who demonstrate a natural desire to improve and build new processes that support the meaningful work of community oncologists and the patients they serve.

Job Description:

Role Summary:

The Sr. Counsel (Privacy & Data) will serve as OneOncology's Privacy Officer and a key member of OneOncology's Healthcare and Operations legal team, with primary responsibility for the strategic development, implementation, and maintenance of the organization's enterprise privacy program and a key stakeholder in the organization's enterprise security program. This includes ensuring compliance with federal and state privacy and security laws and regulations, managing privacy risks, and fostering a culture of privacy and security awareness throughout OneOncology's owned, affiliated and managed practices. This role will also support various OneOncology data initiatives, including pharmaceutical real-world evidence (RWE) studies, other data projects, and related technology projects.

Responsibilities:

Develop, implement, and maintain comprehensive privacy policies and procedures and oversee organization's, and its subsidiaries' and legal affiliates', compliance with HIPAA, HITECH, and other applicable privacy laws and regulations. Oversee the response to platform privacy and security incidents and breaches, including investigation, mitigation, and notification for OneOncology-owned, affiliated and managed practices. Serve as OneOncology's Privacy Officer and the primary point of contact for privacy-related inquiries and complaints from patients, employees, practices, and regulatory bodies. Collaborate with OneOncology's Compliance, Information Security, Product/Engineering and other teams to ensure compliant, aligned and integrated privacy practices, procedures and product design across platform. Serve as a key partner in the development, implementation and maintenance of OneOncology and its owned, affiliated and managed practices' security compliance program and policies and procedures. Monitor legal and regulatory developments and industry best practices to proactively update the privacy and security program. Maintain documentation of the organization's privacy and security practices and decisions. Coordinate and support privacy audits, regulatory inquiries, and investigations and partner with OneOncology's Security Officer on related security matters. Identify, document, and mitigate privacy risks across business units. Maintain incident response protocols and coordinate with Information Security on breach investigations and notifications. Partner with OneOncology's compliance department on privacy training and awareness programs for employees and stakeholders. Promote a privacy-aware culture across the organization. Oversee data subject rights processes for responding to access requests (DSARs) and other rights under privacy laws. Oversee privacy aspects of vendor approval process and ensure adherence to data protection and privacy compliance. Review, draft, negotiate pharmaceutical RWE and data related agreements across the OneOncology platform, addressing technology, privacy and security and other legal needs. Provide rapid, practical, business-oriented legal and commercial strategic advice directly to business stakeholders responsible for pharma data/RWE business lines. Primary responsibility for establishing and deploying OneOncology's Artificial Intelligence (AI) compliance policies and procedures and development of processes regarding safe and responsible use and deployment of AI technology. Assist legal leadership in higher level matters, as needed. Additional responsibilities as assigned to help drive our mission of improving the lives of everyone living with cancer.

Required or Preferred Qualifications:

Juris Doctorate from an accredited law school. Member of a state or DC bar. 7-10+ years of relevant privacy and legal experience in a law firm or corporate legal department required. Minimum of 3 years in a senior role preferred. Certified Healthcare Privacy Compliance (CHPC) or equivalent certification preferred.

Essential Competencies:

In-depth knowledge and experience with U.S. privacy and security laws and regulations and healthcare privacy and security programs. Familiar with certified Electronic Health Record (EHR) regulations, healthcare anti-kickback, self-referral, fraud and abuse laws, and HIPAA. Demonstrated success working in a fast-paced, high-performing, results-driven environment. Ability to draft and close commercial agreements with minimal support from more senior staff. Demonstrated ability to think and decide quickly, and to communicate legal issues and solutions clearly and concisely. Self-starter with the ability to work efficiently with minimal supervision. Ability to manage and bring complex projects to close. Strong technical skills in Microsoft Office Suite, compliance/legal tracking, and research systems (e.g., Ethico, HealthStream, etc.). Attendance is an essential job function. This job description does not contain a full listing of activities, duties or responsibilities required of this role. Duties, responsibilities and activities may change, or new ones may be assigned at any time with or without notice.