SEARCH CAREER OPPORTUNITIES

GENERAL SUMMARY OF POSITION: 

Under the direction of the University of Massachusetts Medical School’s (UMMS) Deputy Executive Vice Chancellor for Management (DEVCM), who directs and oversees UMMS’ Office of Management (OOM) within the Office of Administration and Finance, the Contracts and Compliance Associate is responsible for advising business and research personnel in matters of contract drafting, negotiation, and compliance with contractual, healthcare and/or research data privacy and compliance / legal requirements.

The OOM provides assistance to UMMS’ Departments and business units in addressing and managing areas of risk, data privacy and compliance requirements related to UMMS’ business and research operations.  The OOM’s privacy and compliance personnel also provide workforce training regarding data privacy and compliance and advise on issues for Commonwealth Medicine (CWM), a health-care consulting division of UMMS, and other UMMS departments regarding research grants and data privacy requirements.  The overall legal authority for the University of Massachusetts (University) and its five campuses (including UMMS) is the Office of General Counsel (OGC), which is within the University’s President’s Office, and this position is not within the University’s OGC but rather within the OOM at UMMS, which coordinates its on-campus risk management and legal-related efforts with the OGC. 

MAJOR RESPONSIBILITIES:

• Draft and review business, consultant and research contracts, including but not limited to healthcare services contracts, research grants, business associate agreements, data management agreements, data use agreements, and non-disclosure agreements.
• Consult with UMMS’ and CWM’s programs and business units, and advise their staff, managers, directors and department heads to help ensure that activities being performed are in accordance with federal, state and contractual requirements.
• Work with UMMS’ Information Security Office to advise UMMS workforce in matters related to protecting data and reviewing and fulfilling data security requirements in contracts.
• Draft and update privacy and compliance policies, standards, and procedures, and assist business units to adapt and implement their departmental data privacy standards to meet their business needs and contractual requirements.
• Assist business units in identifying their risk areas with periodic risk analyses.
• Develop and help conduct annual training related to privacy and compliance policies and standards.
• Maintain current knowledge of applicable federal and state laws and regulations governing privacy, HIPAA, and data security and identify how they impact UMMS and CWM operations.
• Conduct investigations of noncompliance and recommend mitigation measures. 
• Assist UMMS Department and business units with potential conflict of interest issues and public procurement requirements.
• Research and respond to ad hoc risk and legal-related inquiries.

REQUIRED QUALIFICATIONS:

• A J.D. degree and a current and valid license to practice law in the Commonwealth of Massachusetts.
• 4-8 years relevant legal experience in contract administration, healthcare and/or privacy and compliance.
• Prior experience in contract drafting and review, developing policies and procedures, and the ability to issue spot and analyze legal implications.
• Knowledge of federal and state laws and regulations affecting the field of healthcare and/or data privacy and compliance, including HIPAA and M.G.L. c. 93H.
• Strong ability to write memos and make oral presentations.

PREFERRED QUALIFICATIONS:

• Massachusetts government, healthcare, research, or public sector legal experience including providing advice and counsel to corporate, government or healthcare clients.
• Experience with the Commonwealth of Massachusetts’ Executive Office of Health and Human Services (including MassHealth) and/or the Center for Medicare and Medicaid Services (CMS) is a plus.
• Certification in Healthcare Compliance (CHC), Healthcare Privacy Compliance (CHPC) or Healthcare Research Compliance (CHRC).
• Certified Information Privacy Professional (CIPP) or Privacy Law Specialist (PLS).

*LI-MR1