Overview
Mass General Brigham is a complex and dynamic, world-class health care system that is in a period of transformative change to build the integrated academic healthcare system of the future with patients at its center: transforming care, making care more affordable, delivering better outcomes for more people and expanding our impact regionally, nationally and globally.
Mass General Brigham’s Office of General Counsel seeks to hire a lawyer specializing in, and with direct experience interpreting and applying, U.S., European and other international privacy laws, rules and regulations in a health care setting, including HIPAA, GDPR, PIPL and CCPA/CPRA.  The lawyer will be reporting to the Section Head for Litigation, Compliance and Contracts. The lawyer in this position will provide support on privacy-related matters to a team that provides direct legal support for the Digital Health, Information Systems, Privacy, Compliance and Contracting functions for Mass General Brigham and its affiliated hospitals and other provider and payer organizations. This lawyer also will work collaboratively with members of other sections in the office to provide privacy related expertise in support of biomedical research, technology transfer activities, network affiliations, payer contracting, patient engagement, labor and employment practices and employee benefits. The lawyer in this position also will provide substantive privacy expertise as needed to support general litigation and government/regulatory investigations and enforcement actions managed by the Section.
The OGC team is highly collaborative, collegial, and dedicated to providing the strategic legal advice and guidance necessary to fulfill the system’s four-part clinical, research, academic and community mission. The work is challenging, fast-paced and satisfying.  We offer a flexible work environment that includes the opportunity to work remotely on a part or full-time basis.
Responsibilities

Substantive areas of responsibility include, but are not limited to:

Providing advice and counsel on specific privacy-related issues to Digital Health, Information Systems, Privacy, Corporate and Research Compliance, Contracting and other stakeholders across the system to ensure compliance with state, federal and international privacy laws and regulations, including without limitation HIPAA, GDPR, PIPL, CCPA/CPRA and other similar domestic and international legal and regulatory regimes
Supporting system efforts as needed to protect against and respond to cybersecurity threats and incidents, including investigations, notifications and engaging with regulatory enforcement agencies 
Analyzing, interpreting, drafting, and advising on privacy issues as they arise in contracts with vendors, co-developers, collaborators, and other industry partners with respect to data privacy and security and data ownership, sharing and use issues
Advising clients responsible for managing enterprise marketing and communications on laws and regulations applicable to social media and digital marketing
Providing substantive privacy expertise in support of technology transfer activities and biomedical research, including grants and corporate sponsored research
Providing substantive privacy related expertise in support of litigation and investigations
Issue-spotting emerging privacy-related risks as they develop
Drafting and maintaining corporate privacy-related notices, policies, procedures, guidelines, tools, templates, and other process documentation, ensuring content is kept up to date and relevant

Preparing and conducting trainings and presentations on domestic and international privacy related laws rules and regulations to foster a culture of compliance and privacy protection 

Supporting privacy-related diligence for potential investments or acquisitions
Works with and cost effectively manages outside counsel representing the organization
Interprets laws, rulings and regulations for the organization and keeps up to date with current developments in areas of responsibility and communicates changes in law to clients as applicable
Such other responsibilities as assigned by the Section Head

 
Qualifications

J.D from an accredited law school, licensed and in good standing before a state bar in the United States, with six to eight years of relevant experience in the health care or corporate department of a law firm, government agency or data protection authority, or in-house legal department representing large, technology driven organizations, preferably in the health care, life sciences or biotech industries
Expertise in HIPAA, HITECH, GDPR, PIPL, CCPA/CPRA, information blocking and other privacy and security related laws and regulations across jurisdictions; familiarity with privacy platforms like OneTrust and knowledge of data classification, data mapping and data management methodologies preferred
Strong academic credentials and excellent drafting, communication, and analytical skills with a practical, creative approach to problem solving
Professionalism, integrity and ability to maintain confidences while working with sensitive, confidential information

Positive, energetic attitude with demonstrated commitment to operating in a strong team environment and working collaboratively and collegially on cross functional teams with multiple client relationships across multiple entities and departments in a multi-cultural environment
Self-motivated and highly productive with ability to work independently with strong organizational skills as well as demonstrated project and time management skills
Demonstrated commitment to principles of equity