Contractor Health Information Privacy Consultant, Inflect Health

Term: 40 hours per week. 1 year contract with possibility of extension

As the Health Information Privacy Consultant, you will uphold the integrity of organizations and protect users from emerging privacy and cyber threats. Collaborating with other members of the Health Information Privacy team, you’ll ensure compliance of tech clients#39;s, health products, research, solutions and services with relevant data privacy policies, standards and regulations.

You will conduct privacy reviews and assessments related to research activities, clinical trials, and health-related software products and solutions; support compliance monitoring activities; help in the creation of checklists, manuals, collateral, policies, standards, and guidelines; review agreements; support audits and assessments; drive delivery of key health privacy initiatives and support Health privacy programs and activities. You will work closely with teams across Tech Clients and Security functions, Health and Privacy Legal, Office of Compliance & Integrity, and xProduct Areas to:

• Ensure products, research, services, and projects comply with applicable health information privacy regulations, standards, and internal policies and procedures, including managing compliance with HIPAA, CCPA (and other state privacy laws), and GDPR
• Help implement privacy-by-design principles in assigned projects
• Ensure uses and disclosures of data and datasets comply with existing data rights and restrictions
• Support the appropriate and secure use and disclosure of personal information through the performance of privacy reviews, privacy impact assessments and other activities designed to assess compliance
• Help drive adoption and maintenance of industry privacy and security certifications for health products and solutions

Responsibilities

The following projects will be assigned to you:

• Third Party Medical Device Use Guidelines
• Draft guidance for the procurement and use of 3P medical devices for health research
• Health Impact Clinical Operations Standard Operating Procedures (SOPs)
• Review and update of privacy content in clinical research operations SOPs, including SOPs for clinical research study development e.g. informed consent form, protocol, data management plan) as part continuous improvement of the Health Impact Team (HIT) program.
• Clinical Studies Tracking Program
• Review of privacy processes and requirements embedded in the clinical research operations workflow(s) for setting up human-subject health research studies at tech clients.
• AdvaMed Data Steward Privacy Working Group (PWG)
• Working group review of the proposed US Data Privacy and Protection Act (ADPPA) draft
• AI Regulations Readiness for Health
• Regulatory surveillance and privacy assessment for the implementation of the global, regional and local AI regulations.
• Health Data Destruction Policy
• Development of standards / guidelines for destruction of health data (for addition to the overarching Google Data Destruction Policy) to enable scalable infrastructural and manual processes.

Minimum Qualifications

• Bachelor's degree or equivalent practical experience, ideally in information technology, business, engineering, law, or healthcare related field
• 5 years of experience working with US and European data privacy and information security standards and regulations (3 years with an advanced degree)
• Experience in health information privacy
• Experience working a large matrixed organization

Preferred Qualifications (PQs)

• Master's degree, Juris Doctor or other advanced degree, or related work experience
• Experience with HIPAA Privacy & Security Rules, GDPR, CCPA, ISO 27001, ISO 27018, ISO 27701, HITRUST and/or NIST 800-53
• CIPP-E / CIPP-US / CIPM / CDPO / AIGP / CIPT / CHCP or other data privacy certifications
• CHPSE / CHSE / CHPE or other health privacy certifications
• rCISSP, Security + or other information security certifications
• Experience advising teams (product, engineering, legal or business services) on privacy requirements and risk assessing products or services using emerging technologies (e.g. AI, ML, quantum computing) for large-scale data processing activities, complex design or groundbreaking research (clinical or UX)
• Experience in multi-national, research start-up, health technology or consumer healthcare organizations

Pay: $120 per hour

Term: 40 hours per week. 1 year contract with possibility of extension