| Senior Counsel, Health Interoperability & Privacy
Role Overview
Serve as b.well's lead legal strategist for health interoperability, privacy, and regulatory compliance, providing sophisticated legal counsel that enables business innovation while ensuring regulatory adherence. This senior legal role combines strategic business advisory, regulatory expertise, policy advocacy, and operational legal leadership across individual access rights and B2B data exchange use cases.
Key Responsibilities
1. Strategic Legal Counsel & Business Advisory (30%) - Serve as trusted legal advisor to CEO, executive leadership on health data interoperability, privacy, and regulatory strategy
- Assess legal and regulatory risks associated with new products, partnerships, and business models
- Lead interoperability compliance planning, and risk assessment for privacy and compliance matters
- Translate complex regulatory requirements into actionable business strategies
- Advise on emerging legal issues (AI in healthcare, intersection of federal and state privacy frameworks, dQMs, transparency and affordability, reimbursement)
- Support commercial and client operation teams with privacy/compliance briefings
2. Regulatory Strategy & Policy Leadership (25%) - Monitor, analyze, and advise on federal and state regulatory developments affecting health data interoperability:
- Federal: 21st Century Cures Act, CMS Interoperability & Patient Access Rules, ONC USCDI standards, HTI-1 & HTI-2, Information Blocking regulations
- Privacy: HIPAA, 42 CFR Part 2, state privacy laws (CCPA/CPRA, VCDPA, state health privacy acts)
- Emerging: TEFCA and CMS Interoperability frameworks, federal privacy legislation proposals, ASTP certification program and IB rule updates, and OIG Enforcement, activityHTI-6 and
- Lead development of regulatory comment letters and policy positions representing b.well's interests
- Represent b.well in industry associations, coalitions, and standards organizations (CARIN Alliance, HL7, HIMSS, eHealth Initiative)
- Build relationships with regulatory agencies (ONC, CMS, OCR, FTC) and participate in stakeholder engagement opportunities
- Provide thought leadership through speaking engagements, articles, and industry forums
- Coordinate with policy/compliance team on advocacy strategy and regulatory positioning
3. Privacy Program Design & Compliance Leadership (20%) - Design, implement, and oversee comprehensive privacy and data governance programs
- Serve as Privacy Officer or co-lead privacy function with compliance team
- Ensure compliance with HIPAA Privacy Rule, Security Rule, and Breach Notification Rule
- Develop frameworks for lawful data collection, use, and disclosure across multiple contexts:
- Individual patient access (HIPAA Right of Access)
- B2B data exchange (BAAs, DUAs, QHINs)
- Research and analytics (de-identification, limited data sets)
- Consumer-directed exchange (patient consent frameworks)
- Oversee privacy impact assessments (PIAs) for new products and features
- Lead data breach response, OCR investigations, and regulatory inquiries
- Develop and deliver privacy training programs for employees and leadership
- Manage external privacy counsel and specialized consultants
4. Interoperability Legal Operations (15%) - Build scalable legal frameworks for health data exchange across multiple use cases:
- Individual Access: Consumer app agreements, patient authorization forms, proxy access
- B2B Exchange: Payer-to-payer, provider data exchange, health information exchange (HIE) participation
- TEFCA/QHIN: Participation agreements, common agreement compliance
- API Access: Developer terms, FHIR API agreements, third-party app vetting
- Draft, negotiate, and manage Business Associate Agreements (BAAs), Data Use Agreements (DUAs), and Qualified Health Information Network (QHIN) agreements
- Create contract templates, playbooks, and legal guidelines for commercial, partnership, and vendor agreements
- Negotiate complex multi-party data sharing arrangements
- Advise Product and Engineering teams on legal requirements for technical implementation
- Review marketing materials, privacy notices, and customer-facing documentation
5. Cross-Functional Legal Support & Governance (10%) - Partner with Network Management, Client Operations, Product and Dev/Engineering to embed privacy-by-design and compliance-by-design principles
- Support Business Development with partnership negotiations and RFP responses
- Collaborate with Information Security on security incident response and technical safeguards
Required Qualifications
Education & Bar Admission: - Juris Doctor (JD) from accredited law school required
- Active bar membership in good standing (state bar or ability to obtain)
- 8-12+ years of legal experience, with at least 8 years focused on health privacy and/or health IT law
Legal Expertise: - Deep subject matter expertise in:
- HIPAA Privacy, Security, and Breach Notification Rules
- 21st Century Cures Act and ONC/CMS Interoperability Rules
- Information Blocking provisions and exceptions
- State health privacy laws and consumer privacy statutes
- Health data standards and technical frameworks (FHIR, USCDI, HL7)
Substantial experience with: - Health information exchange legal frameworks
- Business Associate Agreements and health data contracts
- Regulatory compliance program design and management
- Federal rulemaking processes and agency interactions
- Privacy breach response and regulatory investigations
Professional Background: - Prior experience at health tech company, health plan, provider organization, HIE, or law firm with health IT practice
- Demonstrated ability to provide strategic counsel to C-suite executives and boards
- Track record of building compliance programs and legal infrastructure in growth-stage companies
- Experience representing organizations in regulatory proceedings or industry advocacy
- Familiarity with FDA digital health regulations, FTC health privacy enforcement (preferred)
Core Competencies: - Strategic thinking: Ability to balance legal risk with business opportunity
- Business acumen: Understanding of health tech business models and competitive dynamics
- Communication excellence: Translate complex legal concepts for non-legal audiences
- Pragmatic judgment: Provide practical, solutions-oriented advice under ambiguity
- Leadership: Influence cross-functional teams and drive consensus
- Stakeholder management: Build trust with executives, board members, and external partners
- Adaptability: Thrive in fast-paced, evolving regulatory environment
- Technical fluency: Understand health IT architecture and data flows sufficiently to provide informed counsel
Key Performance Indicators
Strategic Impact: - Quality and timeliness of legal advice enabling business objectives
- Executive and Board satisfaction with legal counsel and risk management
- Successful navigation of regulatory changes without business disruption
- Contribution to competitive advantage through regulatory strategy
Regulatory Excellence: - Zero material regulatory violations or enforcement actions
- Timely, high-quality regulatory submissions and comment letters
- Positive relationships with regulatory agencies
- Industry recognition for thought leadership
Operational Effectiveness: - Contract turnaround times meeting business needs
- Scalable legal templates and processes reducing bottlenecks
- Effective privacy program with strong training and awareness metrics
- Successful data breach or investigation response (if applicable)
Team & Culture: - Cross-functional partner satisfaction scores
- Effective management of outside counsel spend and resources
- Contribution to company culture of compliance and ethical data stewardship
The target salary range for this position is $235,000 - $275,000 and is part of a competitive total rewards package including stock options and benefits. Individual pay may vary from the target range and is determined by a number of factors including experience, location, internal pay equity, and other relevant business considerations. We review all employee pay and compensation programs annually at minimum to ensure competitive and fair pay.
Data shows that women, people of color, and other underrepresented groups may be less likely to apply for jobs unless they believe they are a perfect match. But b.well holds diversity amongst its key values, and we have a strong commitment to building our workforce and products through that lens.
You don't have to check every box in this job description to be a great fit for the role! If you're excited about this position and the prospect of working for b.well, please apply. If it turns out this role isn't for you, there may be other openings that could align with your experience and expertise!
We are committed to an inclusive and diverse b.well. We are an equal opportunity employer. We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran, genetic information, marital status or any other legally protected status.
|
