ClearWellness - Legal Counsel & HIPAA Compliance Officer (100% Remote)

Summary:

The Legal Counsel & HIPAA Compliance Officer is responsible for overseeing the implementation and maintenance of policies and procedures within ClearWellness, ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA), safeguarding patient health information (PHI) by conducting risk assessments, monitoring data access, investigating potential breaches, and educating staff on privacy practices. In addition to overseeing ClearWellness’ HIPAA program, this role will work on a wide range of business legal matters associated with all aspects of health and wellness focused organization including state and federal regulatory issues, contract review and negotiation, BAA review and privacy policies.

This is a Remote/Work from Home position reporting to the Chief Regulatory & Compliance Officer.

What This Role Does:

• Develops, reviews, updates, and communicates HIPAA compliance policies, procedures, and operational standards to ensure alignment with applicable legal and regulatory requirements.

• Conducts regular HIPAA audits, risk assessments and compliance reviews to identify gaps or vulnerabilities and implement corrective actions.  

• Implements and oversees appropriate technical, physical, and administrative safeguards to mitigate identified regulatory risks.

• Monitors ongoing compliance activities and supports compliance programs to ensure continued adherence to HIPAA and applicable legal standards.

• Investigates incidents of suspected or reported HIPAA breaches and manages required reporting in accordance with Federal and State Laws and HIPAA guidelines.  

• Develops, maintains, and delivers comprehensive HIPAA training programs, including regular updates to ensure staff awareness of regulatory requirements and best practices.

• Reviews and manages contracts with third-party vendors who access PHI to ensure they comply with HIPAA regulations.

• Drafts, reviews, and negotiates contracts and legal documents with third parties, including vendors that access or process PHI.

• Oversees litigation, dispute resolution, and coordination with external counsel and third-party law firms as needed.

• Collaborates with healthcare providers, IT staff, legal counsel, and senior management to address HIPAA concerns and implement compliance strategies. 

• Provides strategic and accurate legal advice to executive leadership and various departments to support business objectives.

• Collaborates as needed with ClearCaptions’ Sr. Legal Counsel to ensure overall alignment on high-risk legal matters.

• Advises on and ensures adherence to applicable local, state, and federal regulations affecting the organization

• Manages the Company’s Consumer focused policies and agreements including the Privacy Policy, CCPA, DOPPA and Terms of Use agreements.

• Monitors changes to legislation and regulatory guidance and assesses their impact on organization’s policies and operations of ClearWellness.

• Advises on Medicare and Medicaid DME supplier enrollment, accreditation (ACHC/The Joint Commission), and competitive bidding program requirements under 42 C.F.R. Part 414.

• Interprets and applies CMS Local Coverage Determinations (LCDs) and National Coverage Determinations (NCDs) relevant to PERS and DME product lines.

• Advises on Anti-Kickback Statute (AKS), Stark Law, and False Claims Act (FCA) exposure in referral, marketing, and reimbursement arrangements.

• Support product development and launch teams with regulatory pathway analysis, labeling review, and promotional material approval for new PERS devices.

• Advises on privacy and data security obligations arising from PERS devices and monitoring platforms, including the intersection of PERS data with HIPAA Privacy and Security Rules where PHI is involved.

• Counsels operational teams on liability, informed consent, and disclosure obligations related to PERS program deployment and emergency response protocols.

• Assists in developing internal policies and procedures governing DME/PERS program operations, incident response, and user rights.

• Performs other duties as assigned.

What You Will Bring:

• A Juris Doctor degree is required.

• Bar admission, in good standing, licensed to practice in one or more states.

• A minimum of seven (7) years of combined experience in a law firm and/or as in-house counsel is required.

• Previous Experience as a HIPAA Compliance Officer.

• Deep understanding of HIPAA regulations, including Privacy Rule, Security Rule, and Enforcement Rule.

• Strong analytical and problem-solving skills to identify and address potential compliance risks.

• Demonstrated ability to lead through influence, including mentoring others, leading initiatives or workstreams, contributing to best practices, and driving cross-functional outcomes.

• Excellent communication and interpersonal skills to effectively train staff and collaborate with stakeholders.

• Self-starter with strong organizational and time management skills, self-directed and able to handle multiple priorities with demanding timeframes.

• Ability to work collaboratively with colleagues and staff to create a high-quality results-driven, team-oriented environment.

• Demonstrated ability to use discretion, make sound decisions, and maintain confidentiality.

• Willingness and ability to work flexible hours as needed, and travel up to 10%, which may include occasional overnight travel.

• Proficiency in Microsoft Office Suite and modern communication tools for virtual teams (e.g., Microsoft Teams, Slack).

Preferred:

• Experience implementing a HIPAA compliance program from start to finish.

• Experience with Personal Emergency Response Systems (PERS), including legal oversight of PERS vendor relationships, device data privacy, and regulatory compliance.

• ISO 13485:2016 Medical Devices and 21 CFR 820 experience.

• Experience with telehealth, remote patient monitoring (RPM), or connected medical device platforms.

• Prior in-house healthcare legal or compliance experience at a DME supplier, PERS company, or home health organization.

• General health care related compliance programs.

Physical Demands:

In accordance with the Americans with Disabilities Act (ADA) and applicable state and local laws, the Company will provide reasonable accommodations to qualified individuals with documented disabilities to enable them to perform the essential functions of the job, unless such accommodations would impose an undue hardship. Employees seeking accommodation should contact the People Department to initiate the interactive process.

Employees may experience the following physical demands for extended periods of time:

• Sitting, standing, and walking (95-100%)

• Keyboarding (40-60%)

• Viewing computer monitor, tablet, and cell phone requiring close vision (95-100%)

Work Environment:

100% Remote with Travel: Work environment is primarily indoors (home office, customer of vendor sites, or other business meeting venues); travel may involve exposure to varying weather and temperature conditions, as well as driving and traffic hazards. Travel is required, approximately 10%, and may include overnight and out-of-state trips.