Associate Attorney, Compliance

Marathon Health is a leading provider of advanced primary care in the U.S., serving 2.5 million eligible patients through approximately 630 employer and union-sponsored clients. Our comprehensive services include advanced primary care, mental health, occupational health, musculoskeletal, and pharmacy services, delivered through our 680+ health centers across 41 states. We also offer virtual primary care and mental health services accessible in all 50 states. Transforming healthcare delivery with a patient-first approach, we prioritize convenient access to both in-person and virtual care, resulting in improved health outcomes and significant cost savings. Committed to inclusivity and collaboration, we foster a positive work environment and recruit exceptional talent to ensure expertise and compassion in healthcare delivery. Marathon has been recognized as a five-time Modern Healthcare Best Places to Work in Healthcare winner and a six-time Best in KLAS award winner for employer-sponsored healthcare services.

ABOUT THE JOB

Associate Attorney, Compliance will be a key partner to the Compliance team. With limited supervision, this role will provide practical, day-to-day legal support for Marathon’s compliance and privacy program in a fast-paced, highly regulated healthcare environment. The role focuses on translating regulatory and legal requirements into clear, workable guidance and ensuring consistent execution across the organization.

This position will support compliance governance, privacy program activities, policy lifecycle management, regulatory tracking, vendor and data-sharing relationships, audits, investigations, and readiness efforts including HITRUST.

ESSENTIAL DUTIES & RESPONSIBILITIES

• Provide practical legal guidance on healthcare compliance and privacy matters, including HIPAA-related questions, internal policies, and operational workflows.
• Support compliance and privacy investigations and incident response activities, including documentation, analysis support, tracking, escalation, and remediation follow-through.
• Review and support routine compliance- and privacy-related agreements, including, business associate agreements, and data-sharing agreements, with appropriate attorney oversight.
• Partner with Compliance and Legal leadership to support vendor, third-party, and data-handling compliance processes and documentation.
• Support Compliance, Privacy, and GRC governance activities, including preparing agendas, drafting meeting minutes, tracking action items, and maintaining complete committee records.
• Assist with policy lifecycle management across Compliance and Privacy, including drafting support, updates, approvals, version control, attestations, and audit documentation.
• Support auditing and monitoring activities, including evidence collection, remediation tracking, and regulatory readiness initiatives such as HITRUST.
• Assist with regulatory and business obligation tracking, including licenses, registrations, and other compliance requirements as assigned.
• Support litigation tracking and insurance-related matters in coordination with Legal and Risk, including maintaining trackers and organizing documentation.
• Maintain organized, audit-ready compliance and privacy documentation and trackers to support internal and external reviews.
• Other duties as assigned.

QUALIFICATIONS

Juris Doctor (JD) from an accredited law school and admission (or ability to become admitted promptly) to practice law in at least one U.S. jurisdiction. Two to four years of experience in healthcare compliance, privacy, regulatory, or in-house legal support, or an equivalent combination of experience and training. Familiarity with healthcare regulatory frameworks, including HIPAA and related privacy and compliance requirements, is required.

DESIRED ATTRIBUTES

• Strong written and verbal communication skills with the ability to turn complex requirements into clear, practical guidance.
• Highly organized with strong attention to detail and consistent follow-through.
• Ability to manage multiple priorities and exercise good judgment regarding escalation and risk.
• Collaborative working style and ability to build effective relationships across Compliance, Legal, Operations, Risk, and business teams.
• Interest in healthcare compliance and privacy and commitment to Marathon’s mission.
• Interest in professional development in privacy and compliance (e.g., IAPP or similar organizations) preferred.

Pay Range: $110,000 - $140,000/yr

The actual offer may vary dependent upon geographic location and the candidate’s years of experience and/or skill level. This position is also eligible for an annual incentive.

We are accepting applications for this position until a candidate has been selected.  To apply to this position and learn more about open jobs at Marathon Health, visit our careers page.