Director, Privacy
About the role
Omada Health is seeking a Director, Privacy Counsel to manage and mature our enterprise-wide privacy program across a complex and rapidly evolving regulatory landscape. This individual contributor role will operate at the intersection of healthcare regulatory law, consumer technology, and clinical operations, providing practical, business-oriented guidance that enables innovation while protecting our members' data and trust.
Responsibilities
Manage Omada’s HIPAA privacy program, including policy and procedure development, incident investigations, and breach determination and response, ensuring compliance with HIPAA Privacy, Security, and Breach Notification Rules.
Drive privacy-by-design across digital products and services by embedding privacy requirements into product development, engineering workflows, clinical operations, and other business processes.
Execute Omada’s privacy risk assessment program, including data governance, vendor due diligence, and privacy review for commercial deals with employers, health plans, and PBMs, ensuring our contractual and regulatory obligations are met.
Provide expert guidance on consumer privacy compliance, including state consumer health data and general consumer privacy laws, digital advertising, and tracking technologies.
Serve as a key advisor on AI and emerging technologies, including AI privacy guidance and governance considerations across Omada’s AI and machine-learning initiatives.
Support interoperability and health information exchange participation (e.g., Carequality, CommonWell, TEFCA) by counseling on privacy and data use requirements and helping design compliant data flows.
Partner with internal stakeholders on ERISA and self-funded health benefit plan privacy considerations.
Design and deliver privacy training, awareness, and culture-building initiatives that enable Omada teammates to understand and live our privacy obligations in their day-to-day roles.
Requirements
You have a J.D. from an accredited law school and active bar admission.
You bring 8+ years of privacy law experience, including meaningful in-house experience at a healthcare, digital health, or life sciences company and/or at a top-tier law firm counseling healthcare, digital health, and/or life sciences clients.
You have deep substantive expertise in HIPAA Privacy, Security, and Breach Notification Rules and are fluent in the evolving landscape of state consumer privacy and consumer health data laws (e.g., WMHMDA, CCPA/CPRA) and AI governance.
You have demonstrated experience managing end-to-end privacy incident response and breach notification processes, from triage and investigation through regulator and stakeholder notifications.
You have a strong track record of advising on privacy-by-design for digital products, and in digital marketing and advertising ecosystems.
You communicate complex regulatory concepts clearly and succinctly for non-legal audiences and are skilled at crafting guidance that is practical, actionable, and aligned with business goals.
You are comfortable operating with substantial autonomy, exercising sound judgment in ambiguous regulatory environments with material legal and reputational stakes.
You are highly organized, able to manage multiple complex projects simultaneously, and known for strong attention to detail.
You bring a collegial, low-ego working style, enjoy cross-functional collaboration, and balance rigor with perspective and a sense of humor.
Qualifications
You have experience at a digital health, telehealth, or health technology company with direct patient or member engagement.
You have familiarity with AI and machine-learning privacy governance and emerging federal and state AI regulations.
You have experience with HIEs and health data interoperability frameworks such as Carequality, CommonWell, and TEFCA.
You have knowledge of ERISA and self-funded health benefit plan privacy considerations.
You have privacy certifications (e.g., CIPP/US, CIPM, CHPS).
You have experience supporting clinical research privacy compliance and IRB-adjacent studies relating to clinical evidence generation.
Skills
Strong legal background with focus on privacy law.
Proven ability to manage privacy incidents and breaches.
Excellent communication and interpersonal skills.
Ability to work independently and collaboratively.
Experience with digital health and consumer technology.
Familiarity with AI and machine learning privacy considerations.
Knowledge of HIEs and interoperability frameworks.
Understanding of ERISA and self-funded health benefit plan privacy.
Privacy certifications (e.g., CIPP/US, CIPM, CHPS).
Benefits
Competitive salary with generous annual cash bonus
Equity grants
Remote first work from home culture
Flexible Time Off to help you rest, recharge, and connect with loved ones
Generous parental leave
Health, dental, and vision insurance (and above market employer contributions)
401k retirement savings plan
Lifestyle Spending Account (LSA)
Mental Health Support Solutions