Associate, Privacy

Hi, we're Oscar. We're hiring an Associate, Privacy to join our Corporate Compliance team.

Oscar is the first health insurance company built around a full stack technology platform and a focus on serving our members. We started Oscar in 2012 to create the kind of health insurance company we would want for ourselves—one that behaves like a doctor in the family.

The Privacy Associate is a Senior Privacy incident responder and investigator involving Protected Health Information (PHI) and PII. You will be an advisor on complex Privacy risks, trends, and root-cause issues to ensure Oscar to improve management of healthcare data for Oscar Members in all markets. You will be responsible for daily management of Oscar's records management program under the direction of Privacy leadership.

You will report to the VP, Chief Privacy Officer & Associate GC.

Work Location:

Oscar is a blended work culture where everyone, regardless of work type or location, feels connected to their teammates, our culture and our mission.

If you live within commutable distance to our New York City office (in Hudson Square), our Tempe office (off the 101 at University Dr), or our Los Angeles office (in Marina Del Rey), you will be expected to come into the office at least two days each week. Otherwise, this is a remote / work-from-home role.

You must reside in one of the following states: Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Florida, Georgia, Illinois, Indiana, Iowa, Kansas, Kentucky, Maine, Maryland, Massachusetts, Michigan, Minnesota, Missouri, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Utah, Vermont, Virginia, Washington, or Washington, D.C. Note, this list of states is subject to change. #LI-Remote

Pay Transparency:

The base pay for this role in the states of California, Connecticut, New Jersey, New York, and Washington is: $103,200 - $135,450 per year. The base pay for this role in all other locations is: $92,880 - $121,905 per year. You are also eligible for employee benefits, participation in Oscar's unlimited vacation program and annual performance bonuses.

• Deliver daily operations of the privacy compliance program, including compliance with HIPAA, regulations promulgated thereunder, and state law. Conduct and project manage risk analyses and assessments.
• Provide opportunities for privacy improvement plans where required.
• Understand federal and state privacy laws, HIPAA and state healthcare privacy-related laws and regulations.Independently conduct investigations into reported or observed violations.
• Communicate with team members concerning the importance of protecting Protected Health Information (PHI) and other sensitive information including Personally Identifiable Information (PII).
• Anticipate Privacy issues and initiate appropriate actions to ensure potential incidents are investigated thoroughly and following company policies and applicable laws and regulations.
• Independently analyze and address all required breach determination and notification processes under HIPAA and applicable state breach rules and requirements in collaboration with others on the Privacy team and internal partners (IT Security, Legal).
• Proficiently draft multiple communications, including notification letters, risk assessments, incident response reports and regulatory responses.
• Manage Privacy business process issues in collaboration with internal partners
• Support Privacy leadership in developing Privacy Training & Awareness materials
• Develop Oscar's records management program in collaboration with Privacy leadership.
• Analyze and solution Privacy programs, issues, and concerns across the enterprise
• Compliance with all applicable laws and regulations
• Other duties as assigned

• Bachelor's degree or 4 years commensurate experience.
• 3+ years of experience in healthcare privacy programs, including incident and breach investigations and responses.
• 3+ years of experience with HIPAA and other federal and state Privacy laws and regulations applicable to the healthcare industry.
• 3+ years of experience conducting Comprehensive Privacy investigations

• Masters Degree or Juris Doctorate
• Privacy Certification from the International Associate of Privacy Professionals (IAPP)
• Experience documenting and implementing policies, procedures and guidelines
• Technical experience, including the ability to understand the technology landscape, identify opportunities, and overcome technical obstacles
• Experience navigating complex Privacy issues and identifying solutions
• Experience supporting a data privacy, security or equivalent function directly or indirectly for a large, regulated and matrixed organization
• Project/program management experience
• Experience directly or indirectly with IT Security, Compliance or similar function
• Experience with privacy principles and privacy operations