About the Job

The Privacy Counsel is responsible for advising Foundation Medicine (FMI) on US and ex-US privacy laws and regulations. The position’s responsibilities include, but are not limited to, interpreting and assessing risk under various global data privacy laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the United States, under which FMI is a Covered Entity, the General Data Protection Regulation (GDPR) in the European Union, and US state laws like the California Consumer Privacy Act (CCPA).

Key Responsibilities

• Maintain current knowledge of applicable privacy laws in the US (state and federal) and ex-US (e.g., European Union and foreign national laws), including in the areas of consumer privacy, genetic testing, DNA analysis, human subjects research, health information exchanges, and medical privacy).

• Demonstrate expertise in HIPAA, state laws, GDPR, HHS Common Rule, and FDA policies for protection of human subjects, with only limited need for consultation with outside counsel.

• Advise FMI on matters related to informed consent, HIPAA authorization, and research protocols, including obtaining any appropriate waivers or exemptions.

• Advise FMI on de-identification and anonymization standards and requirements, including expert determinations under HIPAA.

• Assist Legal colleagues in connection with need for or negotiation of Business Associate Agreements.

• Along with Privacy Officer, serve as a privacy subject matter expert to FMI for all privacy-related issues.

• In collaboration with Privacy Officer and the EU Data Protection Officer (as applicable), advise on required breach determination and notification processes under HIPAA, GDPR, and applicable US state breach laws and requirements.

• Create internal Legal and Compliance guidelines and tools for common privacy topics.

• Work in strong partnership and collaboration with other members of the Legal and Compliance department to develop, implement, and share best practices, leverage learnings, and create an effective privacy program within the larger Roche enterprise.

• Participate in certain internal FMI committees as a standing team member.

• Prepare materials and make presentations to FMI senior leadership, Compliance Committee, and board members, as requested.

• Manage and coordinate with outside privacy counsel, as needed on a case-by-case basis.

• Other duties as assigned.

Qualifications

Basic Qualifications

• Juris Doctor (JD) degree and membership in at least one state bar

• 8+ years of demonstrated experience working in data privacy

Preferred Qualifications

• 3+ years of direct privacy experience in a healthcare company or institution (Diagnostics, Medical Device, Pharma/Biotech, hospital system)

• Experience working in privacy program at a HIPAA Covered Entity or advising HIPAA Covered Entity clients on privacy matters

• Experience working in a privacy program of a Controller that complied with GDPR or advising clients on GDPR compliance/privacy matters

• CIPP/US or CIPP/E certification

• Demonstrated ability to establish and maintain open and trusting work relationships

• Demonstrated ability to work efficiently and independently, prioritize workflow, meet demanding deadlines, and manage multi-faceted projects in a fast-moving environment

• Demonstrated ability to apply a risk-based analysis to privacy issues and demonstrate creativity and flexibility in developing solutions that satisfy both business requirements and legal obligations

• Knowledge and understanding of the importance of global privacy laws including, but not limited to, HIPAA, GDPR, and CCPA, and particularly the importance of the obligations of a covered entity to safeguard personal health information

• Demonstrated organization, facilitation, written and oral communication, and presentation skills

• Strong analytical skills

• Excellent collaboration and influencing skills

• High level of integrity and trust

• Strong attention to detail, with a pragmatic, practical, decisive, and direct approach

• Superior judgment and rigor in relation to problem-solving and appropriate escalation of issues

• Commitment to FMI values: patients, innovation, collaboration, and passion

#LI-hybrid