• Job Description

  Req#: R-004425

  GEHA (Government Employees Health Association, Inc., pronounced G.E.H.A.) is a nonprofit member association that provides medical and dental benefits to more than two million federal employees and retirees, military retirees and their families. We celebrate diversity and are committed to creating an inclusive environment for all employees.

  GEHA has one mission: To empower federal workers to be healthy and well.

  Offering one of the largest medical and dental benefit provider networks available to federal employees in the United States, GEHA empowers health and wellness by meeting its members where they are, when they need care. We serve our members with products they value and a personalized customer experience, sustained by a nimble and efficient organization.

  GEHA is seeking an experienced healthcare data privacy and data security attorney to manage privacy related legal matters for the organization. Applicants must have extensive knowledge of HIPAA, GDPR, TCPA, and state privacy and data breach notification laws. Applicants must also have prior experience working with data incident investigation and response.

  SKILLS

  KEY DUTIES

  • Maintain knowledge of applicable current and proposed laws, regulations, sub-regulatory guidance, and contracts.

  • Support compliance plans for new and changing obligations that includes review of functional business requirements, compliance, risks, and internal controls.

  .

  • Collaborate with leadership and key internal stakeholders to ensure the organization possesses the appropriate privacy and confidentiality consent documentation and privacy notices.

  • Support GEHA’s privacy program, and related policies, procedures, documentation, and communication materials.

  • Help set and drive consistent privacy policy and practices across the business through counsel and review of privacy impact assessments, vendor risk management tools, contracts, and training materials.

  • Independently manage projects related to ongoing compliance with privacy and data protection laws, and related requirements.

  • Assist in data incident investigation and data breach response.

  • Partner with the privacy program and cross-functional teams to develop data maps, conduct privacy impact assessments, and create and maintain accurate and auditable records.

  • Review, negotiate, and draft a wide range of agreements and contracts, including HIPAA Business Associate Agreements.

  • Support GEHA’s Third Party Risk Management Program.

  • Monitors advancements in information privacy and cybersecurity technology law and privacy law to ensure organizational compliance.

  • Manage outside counsel on privacy and cybersecurity related matters.

  • Works autonomously.

  REQUIREMENTS

  • Requires a Juris Doctorate degree from an ABA accredited law school.
  • Must be admitted to a recognized bar.
  • Requires at least 6 years of experience in a law firm and/ or in-house legal department.
  • Requires at least 5 years of privacy law experience.
  • Experience with conducting privacy risk assessments.
  • Experience with state privacy and data breach notification laws.
  • Subject matter expert in relevant privacy statutes, regulations, and sub-regulatory guidance relating to health plans.
  • Requires highly effective verbal, written, and interpersonal communication skills. Strong oral, and written communications skills.
  • Requires strong analytic and problem-solving capabilities and the ability to identify solutions and recommendations that effectively address business and control needs along with how to train and guide others in this area.
  • Requires the ability to multi-task effectively, responding to changing business priorities and deadlines.
  • Requires the ability to collaborate with team members across multiple divisions and departments.
  • Requires a proven record of meeting commitments and achieving goals through the encouragement, guidance and influencing of others.
  • Requires working knowledge of Microsoft Office applications.

  Preferred Qualifications

  • Preferred – Experience interacting with regulators regarding statutory/regulatory requirements, compliance issues/risks, and regulatory audits.
  • Preferred – Nationally recognized privacy certification, such as those offered by the International Association of Privacy Professionals CIPP/U preferred.

  #LI-Remote

  Work-at-home requirements

  • Must have the ability to provide a non-cellular High Speed Internet Service such as Fiber, DSL, or cable Modems for a home office.
  • A minimum standard speed for optimal performance of 30x5 (30mpbs download x 5mpbs upload) is required.
  • Latency (ping) response time lower than 80 ms
  • Hotspots, satellite and wireless internet service is NOT allowed for this role.
  • A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information

  How we value you

  • Competitive pay/salary ranges
  • Incentive plan
  • Health/Vision/Dental benefits effective day one
  • 401(k) retirement plan: company match – dollar for dollar up to 4% employee contribution (pretax or Roth options) plus a 6% annual company contribution
  • Robust employee well-being program
  • Paid Time Off
  • Personal Community Enrichment Time
  • Company-provided Basic Life and AD&D
  • Company-provided Short-Term & Long-Term Disability
  • Tuition Assistance Program

  Please note that the salary information is a general guideline only. GEHA considers factors such as (but not limited to) scope and responsibilities of the position, candidate’s work experience, education/training, key skills, internal peer equity, as well as, market and business considerations when extending an offer.

  The annual base salary range for this position is $138,295 - $194,945 USD.

  GEHA is an Equal Opportunity Employer, which means we will not discriminate against any individual based on sex, race, color, national origin, disability, religion, age, military status, genetic information, veteran status, pregnancy, marital status, gender identity, and sexual orientation, as well as all other characteristics and qualities protected by federal, state, or local law. GEHA will not discriminate against employees or applicants because they have inquired about, discussed, or disclosed their compensation or the compensation of another employee or applicant. We are committed to creating an inclusive environment for all employees. Our diversity drives innovation deepens connections and strengthens our organization.

  GEHA is headquartered in Lee's Summit, Missouri, in the Kansas City area. We recognize the importance of balance and flexibility and offer hybrid and work-from-home options for many of our roles.

• About the company

  The company currently offers traditional fee-for-service medical plan options with a preferred provider organization along with a high deductible health plan that can be paired with a health savings account.

Notice