Associate General Counsel, Privacy Officer

---

Job description

In 2001, we set out to revolutionize the prescribing process. Today, our industry-leading solutions do much more than that: Our network supports 2 million providers, 324 million patients, and billions of transactions. Our solutions offer actionable patient intelligence at critical points of care for better decisionsfrom streamlining prior authorizations to delivering comprehensive medication histories to facilitating direct messages between providers. We are at the center of the healthcare industry, serving doctors,nursesand pharmacists; health systems, independent practices and pharmacies; health plans, pharmacy benefit managers and electronic health record vendors. Our purpose is to serve the nation with the single most trusted and capable health information network, built to increase patient safety,lower costs and ensure quality care. What You're Like: You have never met a problem you did not want to try to solve. You are creative and practical. With your ability to drive to results, cut through the fog, and help others see multiple perspectives, you save the day on asemi-regular basis. What We're Like We learn from each other and help one another. We don't waste energy competing with one another, stirring up drama, or plotting revenge. We're too busy for that. Plus, we actually like each other. We get work done, ask how we can get better, and generally enjoy ourselves along the way. What the Work is Like While we have in mind theworst case scenariosas we advise on risks, we help our business partners identify and pursue opportunities. It's a balancing act. It's good that we are flexible and nimble as we operate in an ever-evolving landscape. We see how our work protects and advances Surescripts' interests and helps build a secure, connected, and effective healthcare system. Job Summary. The Associate General Counsel, Privacy Officer is responsible for counseling the Company on privacy matters and for driving operationalization of processes to foster compliance with privacy-related laws, regulations, policies, and contractual requirements. Provides legal or compliance services to support other areas and needs as assigned by the VP, Chief Compliance Officer. Acts as a senior advisor on complex legal issues that may affect multiple areas of the Company. Responsibilities: Oversee, train, hire, develop, and coach staff to drive outcomes and behaviors consistent with the Department's purpose and service delivery model. Advise or ensure that advice is provided on privacy-related matters in the development and ideation of products and across product life cycles. Recommend operational strategies and plans to senior management and leadership regarding the inclusion of privacy-related terms with customers and intermediaries that comply with applicable law and further the company's goals for product deployment, revenue, and strategic initiatives. Maintain and update the Company's template Business Associate Agreement (BAA) and negotiate and/or advise on BAAs with customers and vendors. Partner with others in the Department to ensure that the Customer Group is advised on privacy-related matters. Act in accordance with the Department's service delivery model. Conduct a regular privacy risk assessment and design, modify, and deploy a privacy program for the Company that is responsive to such assessment. Keep apprised of privacy developments (legislative, enforcement, etc.) and best practices, and proactively share intelligence with the Chief Compliance Officer, Chief Legal Officer, and senior leaders in the Company as appropriate. Ensure that inquiries or requests that relate to Privacy are appropriately and efficiently handled (including but not limited to complaints, PHI access requests, opt-outs, and requests for accounting of disclosure). Ensure appropriate privacy-related policies are in place. Drive risk-responsive monitoring, auditing, or similar assessments to derive insight for the Company on privacy-related matters. Compile and share relevant privacy metrics to deliver insight to the Company. Ensure that relevant and engaging training is delivered to Company personnel, including tailored educational experiences for key groups or roles, and ensures that there is appropriate awareness of privacy matters by Company personnel. Ensure that any alleged privacy violations or potential issues are investigated, and partners with others as needed to ensure proper mitigation. Ensure that appropriate response plans are in place for possible privacy breaches and provides training to personnel as necessary to promote readiness to enact such plans. Ensure that legal requests from government agencies, bodies, or third parties (e.g., subpoenas, attorney requests) are handled appropriately, efficiently, and on a timely basis, with robust cross-functional collaboration. Qualifications. Basic Requirements: Juris Doctor Degree and member in good standing of at least one bar. 10+ years of experience as a practicing attorney at a law firm or in-house. 5 years of experience counseling on privacy matters and/or developing and implementing privacy programs. 3+ years healthcare regulatory background. 1+ year of experience drafting and negotiating BAAs and other contracts related to data rights. Preferred Qualifications: Privacy certification. Specialist knowledge of privacy and data security matters in the healthcare sector. Proactive, practical, solution-oriented approach. Strong cross-functional partnering skills. We are currently working from home. Offices are open to those who want to go in with health safety protocols in place. This position will be eligible for a hybrid work schedule, where you will be able to split time between work from home and onsite work at our newly designed office. Physical and Mental Requirements. While performing duties of this job, an employee may be required to perform any, or all of the following: attend meetings in and out of the office, travel (sometimes extensively), communicate effectively (both orally and in writing), and be able to effectively use computers and other electronic and standard office equipment with, or without, a reasonable accommodation. Additionally, this job requires certain mental demands, including the ability to use judgement, withstand moderate amounts of stress and maintain attention to detail with, or without, a reasonable accommodation. Surescripts is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate on the basis of race, color, religion, age, national origin, ancestry, disability, medical condition, marital status, pregnancy, genetic information, gender, sexual orientation, parental status, gender identity, gender expression, veteran status, or any other status protected under federal, state, or local law. Surescripts participates in E-Verify. Why Wait? Apply Now. We're a midsize company. This means that you're not just another employee ID number. Here, you can build real relationships and feel supported by truly awesome people with diverse backgrounds and talents inan innovative and collaborative work culture. We strive to create an environment where you feel like you belong. Be yourself, share your ideas, and work your way. We offer opportunities for learning,developmentand growth, as well as competitive compensation and benefits, plus flexible working arrangements. Click here to learn more about our benefits and working at Surescripts. ___________________. A Day in the Life: See what it's like to work at the nation's most trusted health information network.