Regulatory Specialist

3-5+ years of experience in privacy or healthcare compliance roles, ideally in digital health, health tech, telehealth, and/or payer/provider environments. Strong working knowledge of HIPAA, HITECH, and U.S. privacy laws. Ability to translate complex rules into clear, actionable guidance. Exceptional attention to detail and comfort navigating ambiguity. Collaborative communication style with a commitment to integrity, confidentiality, and member-first thinking. Certifications such as CHPC, CHC, CIPP/US, or CIPM (Nice to have). Experience supporting audits, accreditation, or compliance program development (Nice to have). Familiarity with digital health workflows, clinical operations, employer-sponsored benefit models, or pharmacy services (Nice to have).

Support the Privacy Program with guidance grounded in HIPAA, HITECH, CCPA/CPRA, state data privacy laws, GDPR, and emerging privacy requirements. Review new products, features, data flows, and vendor relationships through a privacy lens. Conduct Privacy Impact Assessments and recommend safeguards. Manage the Privacy email inbox, triaging and responding to inquiries. Assist with privacy and data incident investigations. Support day-to-day healthcare compliance activities across digital health, virtual care, pharmacy, and surgical care services. Stay on top of regulatory changes affecting digital health services. Assist with CMS, OCR, OIG, and state-level requirements. Prepare and support internal and external audits. Draft and update policies, SOPs, playbooks, and training decks. Design and implement a process to manage data subject requests. Organize compliance documentation and support risk assessments. Use tools like OneTrust and ticketing systems for request tracking and reporting. Offer practical guidance to teams across the organization. Help teams operationalize compliance requirements.