SUMMARY: As the Privacy and Data Security Counsel, you will play a critical role in developing, implementing, and overseeing the company’s privacy and data security policies. You will ensure compliance with applicable laws and regulations, including HIPAA and other healthcare data privacy requirements. This role goes beyond traditional contract review, offering the opportunity to engage deeply in the configuration and implementation of EHR systems while driving privacy initiatives across the business.
Additionally, this role will address privacy concerns and create policies specific to the integration of AI technologies other applications, ensuring that AI’s usage complies with privacy laws and does not compromise data security.
DUTIES AND RESPONSIBILITIES include but are not limited to:
· Lead all CalMHSA privacy and data reviews engaging with EHR/Engineering and Program teams and ensuring compliance with applicable data and privacy laws; with a special focus on ensuring privacy standards are met within EHR configuration.
· Develop and deliver comprehensive privacy policies to ensure compliance with U.S. privacy laws, including HIPAA and state-specific regulations (e.g., California Consumer Privacy Act).
· Oversee and manage all data security and privacy matters across the organization, collaborating with Contracts, EHR, IT, product development, and operations teams to ensure that CalMHSA privacy practices are aligned, consistent, and effectively support both internal departments and member counties.
· Provide legal guidance on data security and privacy risks, contract negotiations, and regulatory changes impacting EHR and IT systems.
· Collaborate with subject matter experts to support configuration choices for EHR platforms and ensure privacy is embedded in every step of the process.
· Develop and lead privacy-related training programs for county members and other stakeholders
· Serve as a trusted advisor for all internal stakeholders, with a business-wide perspective, to balance privacy and security with operational needs.
· Respond to data breaches or privacy incidents and manage reporting and compliance with regulatory bodies, as needed.
· Clearly explain contract information to county members and other interested parties in simple, everyday language (Be the CalMHSA subject matter expert on contract information).
· Self-monitor progress and priorities according to key business priorities.
· Proofread, edit, and fact-check legal documents for accuracy and consistency.
· Assist in identification, development and implementation of contract policies and processes.
· Ensure proper recordkeeping of contracts and applicable documentation.
· Interact with county members and vendors on various topics.
· Provide general department support, including drafting, research, and policy support.
· Stay abreast of emerging privacy laws and regulations regarding AI, providing the company with proactive solutions to maintain compliance and mitigate risk.
· Lead the development of privacy policies concerning the use of AI and AI when integrated with other CalMHSA systems or applications, ensuring adherence to data protection regulations.
· Other Duties as assigned.
QUALIFICATIONS –
EDUCATION and/or EXPERIENCE
Requires a BS/BA and a law degree (JD) from an accredited US institution, admission in good standing to the California Bar and (5) five years of relevant privacy & data security law experience, or an acceptable equivalent combination of education and experience. Prior experience in or knowledge of EHR platforms or healthcare IT systems is strongly preferred.
To perform this job successfully, an individual must be able to perform each essential function satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.
· Proven track record of developing and implementing privacy policies and training programs in a fast-paced environment.
· Strong interpersonal skills with the ability to work cross-functionally and influence decision-making.
· Self-motivated with a drive to take ownership of privacy initiatives and move projects forward.
· Excellent interpersonal and communication skills, including ability to effectively understand and explain legal terms and deliver presentations.
· Knowledge of the range of applicable laws and regulations which impact CalMHSA policy and its IT operations.
· Knowledge of privacy regulations related to AI technologies and machine learning in healthcare.
· Knowledge of current and developing legal issues and trends in area of expertise (contracts).
· Proficiency with technology; particularly in Microsoft Word, Excel, Salesforce, DocuSign, and other software, applications, and corporate databases.
· Detailed-oriented and organized.
· Demonstrates the ability to work independently, takes initiative, and finds ways to remain resourceful.
· Has a strong desire to succeed in the face of adversity and demonstrates the willingness to push through challenges associated with changes and new business development.
· Must be willing to work virtually or in an office setting.
· Must be willing to travel, when necessary.
LANGUAGE SKILLS and MATHEMATICAL SKILLS - Demonstrate the ability to read, comprehend, and respond appropriately through written or verbal form; demonstrate tactfulness when communicating including internal communication with staff members of all levels; ability to communicate with a variety of audiences effectively. Ability to add, subtract, multiply, and divide in all measure units, using whole numbers, common fractions, and decimals.
REASONING – Demonstrate the ability to effectively apply common sense and follow through to daily tasks; demonstrate the ability to work with little or no supervision; demonstrate excellent analytical skills; demonstrate the ability to efficiently conduct research and ask appropriate probing questions to complete necessary tasks.
PHYSICAL DEMANDS - The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is frequently required to sit and stand; use phone and headset; use hands, arms, fingers to type; answer phones; write; use calculator; demonstrate strength to lift and carry materials weighing up to 10 pounds; demonstrate clear vision to read printed materials and a computer screen; hearing and speech to communicate in person and over the telephone; and drive a motor vehicle on public roads and highways.
SENSORY DEMANDS - The incumbent must spend long hours in intense concentration. The incumbent must also spend long hours on the computer entering information which requires attention to detail and high levels of accuracy.
MENTAL DEMANDS - There are a number of deadlines associated with this position, which may cause significant pressure. The incumbent must also deal with a wide variety of people on various issues.
REGULAR WORK SCHEDULE – Varies depending on business needs; however, company normal business hours are 8:00am to 5:00pm, Monday – Friday.