Foundation Medicine
Privacy Counsel
Foundation Medicine, Boston, Massachusetts, us, 02298
About the Job
FMI is seeking a Privacy Counsel to support FMI’s privacy program, helping to advise on US and ex-US privacy laws and regulations. This position will involve interpreting and assessing risk under various global data privacy laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), under which FMI is a Covered Entity, the General Data Protection Regulation (GDPR), and US state laws like the California Consumer Privacy Act (CCPA). The Privacy Counsel will also be responsible for supporting the drafting and negotiation of data privacy terms in FMI’s corporate and commercial agreements. This role will work cross-functionally across our legal, compliance, information security, marketing, and business teams.
Key Responsibilities
Maintain current knowledge of applicable privacy laws, regulatory guidance, and industry guidelines in the US (state and federal) and ex-US (e.g., European Union and foreign national laws), including in the areas of consumer privacy, health information privacy, genetic testing, DNA analysis, and human subjects research.
Support legal colleagues in drafting, reviewing, and negotiating data use and data protection terms in commercial agreements, vendor agreements, data sharing agreements (e.g., BAAs, DPAs, DUAs), research agreements, clinical trial agreements, and other collaboration agreements.
Work in strong partnership and collaboration with other members of the privacy team, and the broader legal and compliance department, to continually advance and maintain an effective and dynamic privacy program, including assisting with the development of policies and procedures, privacy training, and awareness activities.
Help advise FMI on matters related to informed consent, HIPAA authorization, and research protocols.
Support investigation, analysis, remediation, and notification of privacy and security incidents.
Create internal legal and compliance guidelines and tools for common privacy topics.
Participate in certain internal FMI committees as a standing team member.
Appropriately triage workflow, set clear priorities and expectations with clients, and efficiently deliver results.
Other duties as assigned.
Qualifications
Basic Qualifications:
Juris Doctor degree from an accredited law school
Admission in good-standing to any state bar association in the United States
1-3 years of prior legal experience with at least 1 year of demonstrated experience working in data privacy within the healthcare sector.
Preferred Qualifications:
1+ years of experience at a top-tier law firm
Experience advising business and legal colleagues on data privacy laws, regulatory guidance, and industry guidelines, including but not limited to HIPAA, GDPR, the Federal Trade Commission (FTC) Act, CCPA, and other state privacy laws, and genetic information privacy laws.
Experience drafting, reviewing, and negotiating privacy-related contractual terms
Ability to apply a risk-based analysis to privacy issues and demonstrate creativity and flexibility in developing solutions that satisfy both business requirements and legal obligations.
Demonstrated ability to prioritize numerous, and sometimes conflicting, requests for assistance and offer superior advice in a timely, thoughtful, and complete manner
Ability to: establish and maintain strong relationships within FMI's business and legal teams; engage professionally with colleagues at all levels, including external partners; and work in a dynamic, evolving, and fast-paced work environment, with the confidence and abilities to work independently.
Strong analytical skills and attention to detail
Demonstrated organization, facilitation, written and oral communication, and presentation skills.
High level of integrity and trust
Commitment to FMI values: Patients, Innovation, Collaboration, and Passion
#LI-Hybrid
#J-18808-Ljbffr
FMI is seeking a Privacy Counsel to support FMI’s privacy program, helping to advise on US and ex-US privacy laws and regulations. This position will involve interpreting and assessing risk under various global data privacy laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), under which FMI is a Covered Entity, the General Data Protection Regulation (GDPR), and US state laws like the California Consumer Privacy Act (CCPA). The Privacy Counsel will also be responsible for supporting the drafting and negotiation of data privacy terms in FMI’s corporate and commercial agreements. This role will work cross-functionally across our legal, compliance, information security, marketing, and business teams.
Key Responsibilities
Maintain current knowledge of applicable privacy laws, regulatory guidance, and industry guidelines in the US (state and federal) and ex-US (e.g., European Union and foreign national laws), including in the areas of consumer privacy, health information privacy, genetic testing, DNA analysis, and human subjects research.
Support legal colleagues in drafting, reviewing, and negotiating data use and data protection terms in commercial agreements, vendor agreements, data sharing agreements (e.g., BAAs, DPAs, DUAs), research agreements, clinical trial agreements, and other collaboration agreements.
Work in strong partnership and collaboration with other members of the privacy team, and the broader legal and compliance department, to continually advance and maintain an effective and dynamic privacy program, including assisting with the development of policies and procedures, privacy training, and awareness activities.
Help advise FMI on matters related to informed consent, HIPAA authorization, and research protocols.
Support investigation, analysis, remediation, and notification of privacy and security incidents.
Create internal legal and compliance guidelines and tools for common privacy topics.
Participate in certain internal FMI committees as a standing team member.
Appropriately triage workflow, set clear priorities and expectations with clients, and efficiently deliver results.
Other duties as assigned.
Qualifications
Basic Qualifications:
Juris Doctor degree from an accredited law school
Admission in good-standing to any state bar association in the United States
1-3 years of prior legal experience with at least 1 year of demonstrated experience working in data privacy within the healthcare sector.
Preferred Qualifications:
1+ years of experience at a top-tier law firm
Experience advising business and legal colleagues on data privacy laws, regulatory guidance, and industry guidelines, including but not limited to HIPAA, GDPR, the Federal Trade Commission (FTC) Act, CCPA, and other state privacy laws, and genetic information privacy laws.
Experience drafting, reviewing, and negotiating privacy-related contractual terms
Ability to apply a risk-based analysis to privacy issues and demonstrate creativity and flexibility in developing solutions that satisfy both business requirements and legal obligations.
Demonstrated ability to prioritize numerous, and sometimes conflicting, requests for assistance and offer superior advice in a timely, thoughtful, and complete manner
Ability to: establish and maintain strong relationships within FMI's business and legal teams; engage professionally with colleagues at all levels, including external partners; and work in a dynamic, evolving, and fast-paced work environment, with the confidence and abilities to work independently.
Strong analytical skills and attention to detail
Demonstrated organization, facilitation, written and oral communication, and presentation skills.
High level of integrity and trust
Commitment to FMI values: Patients, Innovation, Collaboration, and Passion
#LI-Hybrid
#J-18808-Ljbffr