Healthcare Data Privacy Associate Attorney

A law firm is seeking a Healthcare Data Privacy Associate Attorney to join its global Data Privacy, Cybersecurity, and Digital Assets Practice Group. The candidate will play a crucial role in advising clients on digital healthcare privacy, data protection, cybersecurity, and compliance strategies, while also actively participating in contract negotiations, M&A transactions, and incident response efforts.

Job Details

Duties:

• Assist and advise clients on digital healthcare privacy, data privacy, cybersecurity, and digital assets counseling and transactions.
• Lead or assume significant responsibility for projects, working directly with partners globally in the Data Privacy, Cybersecurity, and Digital Assets Practice Group.
• Conduct compliance gap assessments and implement remediation plans.
• Draft policies and procedures, including privacy policies, privacy statements, incident response plans, vendor contracting templates, and Data Processing Agreements (DPAs).
• Advise on contract and M&A negotiations.
• Assist clients in determining compliance risks and priorities, implementing data protection compliance, and developing information governance programs.

Requirements:

• J.D. degree or equivalent.
• Admission to practice and in good standing in any U.S. state where a firm's office resides.
• 4+ years of experience with meaningful knowledge of healthcare industry data privacy and security issues, including info blocking.
• Incident response experience is desirable.
• Digital healthcare and privacy experience are strongly preferred.
• Healthcare industry experience is necessary.

Certifications:

• Certified Information Privacy Professionals (CIPP) are strongly preferred.
• Specific certifications required: CIPP-US, CIPP-EU, and CIPM.

Skills:

• In-depth understanding of international, federal, state, and local privacy and security laws.
• Familiarity with technologies supporting compliance.
• Experience drafting privacy and security policies for compliance with FDA, FTC, State AG guidance, and various privacy laws such as HIPAA, GLBA, HITECH Act, CAN-SPAM, TCPA, COPPA, FCRA, FERPA, VPPA, Cable Act, Privacy Act, Cal-OPPA, Shine the Light, state breach notification, and security laws, US-EU and US-Swiss Privacy Shield, and state consumer privacy laws (CCPA/CPRA/CDPA/CPA).

The San Francisco office of this premier international law firm has strong practices in Internet and technology, cross-border transactions, and financial services. The firms out-of-state management appears to have a clear understanding of the essentials of rapidly building a preeminent multi-national firm. Associates are generally content; the firm has a folksy, relaxed feel to it. The firm is very selective in who it hires; however, the standards are generally more relaxed for lateral attorneys. The firm seems committed to remaining competitive with other large firms in terms of salary.