Data Protection Programs Director

Everly Health

Everly Health

United States
Posted on Monday, May 22, 2023
Everly Health's mission is to transform lives with modern, diagnostics-driven care, and we believe that the future of healthcare is meeting people where they are. Headquartered in Austin, Texas, Everly Health is the parent company to Everlywell, Everly Health Solutions, Natalist, and Everly Diagnostics. We've set a new standard of people-focused, diagnostic-driven care that puts patients at the center of their own health journey.
Our infrastructure guides the full testing experience with the support of a national clinician network that's composed of hundreds of physicians, nurses, genetic counselors, PharmDs, and member care specialists. Our solutions make world-class virtual care more attainable with rigorous clinical protocols and best-in-class science to tackle some of the healthcare industry's biggest problems.
Reporting to the VP of Compliance & Risk, the Data Protection Programs Director is integral to the development, maintenance, and enhancement of Everly Health’s data protection program as it evolves with the business. Incumbent will be responsible for advising multiple levels of the organization on laws, regulations, and industry best practices concerning data protection, and will facilitate the translation of those requirements into operation. Leading the daily operations of the data protection program including development, implementation and maintenance of policies and procedures, auditing and monitoring program compliance, investigation and tracking of incidents.

What You'll Do:

  • Builds a strategic and comprehensive data protection program that defines, develops, maintains and implements policies and processes that enable consistent, effective data protection practices which minimize risk and ensure the confidentiality of personally identifiable information (PII) and protected health information (PHI), paper and/or electronic, across all media types.
  • Ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organization and legal practices and requirements.
  • Establishes, with the information security officer, an ongoing process to track, investigate and report potential unauthorized access and disclosure of protected information (PII/PHI). Monitor patterns of access and/or disclosure of protected health information.
  • With oversight from the Chief Privacy Officer, recommends and manages all required breach determination and notification processes.
  • Complete research and apply a risk-based assessment of how legal requirements affect new services, offerings, projects, products, or initiatives.
  • Lead privacy by design reviews of client-facing services, offerings, projects, products or initiatives, incorporating data privacy principles into those initiatives.
  • Build and maintain strong and trusted relationships with internal and external stakeholders and provide support and advice in support of rapid-solutioning to meet current and future business needs.
  • Performs initial and periodic risk assessment/analysis, mitigation and remediation.
  • Collaborates with the information security officer to ensure alignment between security and privacy compliance programs including policies, practices and investigations.
  • Support contract negotiations on an as-needed basis to review data privacy contractual provisions with customers and third-party suppliers, such as data processing agreements, data transfer agreements, and business associate agreements.
  • Keep abreast of technological developments, changes in the law, and enforcement trends, and their impact on data privacy. Develop guidance, training, and thought leadership as needed for internal audiences.
  • Conducts related ongoing compliance monitoring activities in coordination with the organization's other compliance and operational risk assessment functions.
  • Oversees, develops and delivers initial and ongoing privacy training to the workforce, Initiates, facilitates and promotes activities to foster information privacy awareness within the organization and related entities.
  • Works cooperatively with business teams in overseeing patient rights to inspect, amend, and restrict access to protected health information when appropriate.
  • Establishes and administers a process for investigating and acting on privacy and security complaints.

Who You Are:

  • Bachelor’s degree from an accredited college or university
  • Law degree from an ABA-accredited law school
  • Minimum of 10 years of professional experience in data protection/privacy. Experience in digital health preferred.
  • CIPP/CIPM/CIPT certification preferred
  • Professional experience with the data privacy laws, regulations, and industry codes in the U.S.
  • Professional experience conducting privacy by design reviews, particularly in the healthcare, healthtech and medical device verticals
The base salary range for this role is $147,000-165,000, based on the selected candidate's qualifications, market data/ranges, and internal equity. This position is also eligible for a yearly bonus.
You'll Love Working Here:
· Venture backed by top-tier firms
· The opportunity ahead knows no bounds
· Open vacation policy for salaried team members
· Front Loaded PTO for hourly team members
· Employee discounts
· Paid parental leave
· Health benefits
· 401(k)
Everly Health is committed to providing equal employment opportunities in all employment practices. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, citizenship status, marital status, age, disability, protected veteran status, sexual orientation or any other characteristic protected by law.
HIPAA Disclaimer: This role will be in an environment that has access to protected health information (PHI) and all security standards to protect PHI must be followed.