At Wellframe, we reimagine healthcare relationships through a new approach that uses high-tech to deliver the high-touch support people need, when and where they need it. We call it Digital Health Management. Our comprehensive suite of Digital Health Management solutions for care management, advocacy, and navigation help organizations forge more meaningful connections with members, across their healthcare journey. 

Wellframe was founded to counter a pressing industry problem: the healthcare system has struggled to find ways to support people in between care settings, at scale. We believe health plans are in the best position to advocate for their members as they navigate their health and care, but know that technology alone can’t help us achieve this ambition. That’s why our team of physicians, clinicians, public health experts, data scientists, engineers, and healthcare industry experts ensure our patented technology works in service of the person-to-person connections that make healthcare work best.

The Privacy Analyst will report to the Senior Manager of Data Privacy within the Legal team. The Legal team, working closely with the Security team, is responsible for both the administrative and legal safeguarding of our users’ data. They review the regulations applicable to Wellframe and distill those requirements into controls for Wellframe to implement in product features, infrastructure, or business practices. These teams work closely with other teams within Wellframe such as Product, Engineering, and Client Strategy & Operations. 

The Privacy Analyst will join Wellframe’s legal team and will be responsible for answering privacy questions from internal stakeholders, maintaining data processing records, working with customers to complete assessments, facilitating privacy by design, and managing policy enforcement. All of these responsibilities require a pragmatic approach to meet requirements while balancing business needs.We are looking for an experienced professional to work on novel questions on developing healthcare technology in a complex regulatory realm. The person filling this role will be expected to maintain and elevate our current privacy program to aid in scaling the operations of a growing company. 

Areas of Responsibility: 

Privacy operations

• Collaborate with the security team on executing our privacy and security program. 
• Use our OneTrust instance to manage privacy program such as maintaining data processing records and performing impact assessments.
• Manage privacy training.
• Maintain records and documentation necessary to demonstrate compliance with applicable laws and regulations.
• Translate privacy-related legal, contractual, and regulatory requirements for internal staff to implement related fixes and functionality in our product and processes.
• Assist with other compliance projects as necessary.

Assessments and audits:

• Work with security to respond to customer assessment requests.
• Conduct internal HIPAA and other privacy audits.
• Work with external SOC 2 auditors.
• Perform vendor assessments.

Guidance:

• Keep up with changes in applicable privacy laws and regulations.
• Assist and advise other teams on privacy and security related questions or concerns.
• Provide ad hoc guidance to all employees.

Education, Experience, & Skills Required:

• 3 years experience in privacy, data governance, or similar field (1 - 2 years with JD).
• Holds one or more privacy certifications from the IAPP or equivalent certification.
• JD a plus but not required.
• Experience with software as a service model and working in an agile environment.
• Knowledge of HIPAA, the CCPA, other state privacy laws, and privacy best practices. 
• Knowledge of compliance with Centers of Medicare and Medicaid regulations.
• Experience using OneTrust or other GRC preferred.
• Familiarity with JIRA and Confluence.

Behaviors & Traits Required:

• Excellent analytic skills and ability to effectively establish and achieve privacy and compliance requirements in collaboration with other teams.
• Strong written and verbal communication skills.
• Comfortable with changing requirements and navigating ambiguity.
• Generally adept at picking up new technologies.
• Support Wellframe’s mission by exhibiting Tenacity, Humility, and Collaboration.

Wellframe, Inc. is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status or any other characteristic protected by local, state, or federal laws, rules, or regulations.

This posting is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee and any percentages listed are approximate. Duties, responsibilities and activities may change or new ones may be assigned at any time with or without notice.