The Association of Corporate Counsel (ACC) is the world's largest organization serving the professional and business interests of attorneys who practice in the legal departments of corporations, associations, nonprofits and other private-sector organizations around the globe.
Under limited supervision, serves as Health Care Compliance and Privacy Officer. Oversees compliance of covered entities under HIPAA, HITECH and data protection laws and regulations. Oversees Business Associate Agreements (BAAs), advises senior management on health care compliance with laws and regulations, corporate compliance program, conducts training and is responsible for breach notification. May supervise paralegal or other administrative personnel.
J.D. degree from an accredited law school; membership in Maryland Bar. CIPP or other compliance certification(s) a plus
10 years practice experience with a firm or in-house, with prior experience in U.S. and state healthcare privacy and data protection laws and regulations (e.g., HIPAA, HITECH, GDBA, CAN-Spam, TCPA, CCPA) EU GDPR, digital tracking technologies and personal data issues, compliance, information security and technology, and/ or cybersecurity laws
Transactional experience in reviewing and negotiating BAAs and other information security agreements; experience in data breach and incident response, drafting policies and procedures, training and advising on all matters relating to privacy, information security and data protection and management and oversight of a healthcare compliance program
Experience with Medicare/Medicaid, private payors and alternative delivery health care models
Knowledge, Skills and Abilities
Ability to draft, review and negotiate BAAs, and corporate agreements, such as for vendors, data and software licensing and use, draft and revise Privacy and Data Protection policies and processes, monitor and implement changes in Privacy and Data Protection laws and regulations for system adoption and compliance, conduct training, collaborate with and support legal and IT in reviewing and negotiating Privacy and Data Protection matters for vendor and third party contracts (data transferrer agreements, model clauses, privacy notices), assist with collection, analysis and reporting of Privacy and Data Protection program data and metrics for continuous process improvement; assist with audits related to Privacy and Data Protection program, provide legal advice and assistance on HIPAA, PCI compliance, TCPA, and other data privacy and protection laws
Skill in using a computer, Microsoft word, PowerPoint, Outlook, Excel.
Excellent writing, organization, communication and presentation skills
Excellent client service, collaboration and ability to work with senior leaders, CEO and Board Members
Ability to work independently in fast paced healthcare system environment, exercise business judgment and collaborate with management, legal and IT. Ability to perform assessment of risks and reporting, manage and investigate data breaches, respond to and mitigate breach and potential breach incidents
Member of Maryland Bar; compliance certifications such as CIPP or IAPP a plus
Normal office conditions; as a professional, ability to work longer or weekend hours when needed
Internal Number: 35938
About GBMC HealthCare
GBMC HealthCare, Inc. is a private, not-for-profit corporation that owns and operates Greater Baltimore Medical Center, a regional community hospital in Towson, Maryland, two miles north of Baltimore City. GBMC HealthCare is comprised of Greater Baltimore Medical Center, GBMC Health Partners, Greater Baltimore Health Alliance, and Gilchrist. the largest not-for-profit hospice organization in the state of Maryland.
The mission of GBMC is to provide medical care and service of the highest quality to each patient leading to health, healing and hope.
As our national healthcare system evolves, for GBMC to maintain its status as a provider of the highest quality medical care to our community, we must transform our philosophy and organizational structure, and develop a model system for delivering patient-centered care. We define patient-centered care as care that manages the patient's health effectively and efficiently while respecting the perspective and experience of the patient and the patient's family.
To every patient, every time, we will provide the care that we would want for our own loved ones!
ACC is committed to compliance with all applicable equal employment laws. ACC In-house Jobline listings may not explicitly or implicitly discriminate on the basis of any prohibited factor.
Listings on the ACC In-house Jobline are for in-house attorney positions only. While we do not accept non-attorney corporate job listings, if you are hiring a corporate legal operations professional, contact LawDepartmentOps@ACC.com. By posting a job on the ACC In-house Jobline or using the service as a job seeker, you are agreeing to comply with our Terms and Conditions, including those relating to discrimination. The system administrator may delete postings, which do not comply. Employer postings removed by ACC are not subject to refund.
We are very interested in your thoughts as we continue to develop the ACC In-House Jobline to better serve your needs. If you have questions about ACC In-house Jobline, please call our helpdesk at: 1-888-491-8833 Ext. 1125 (Extension Required).