Senior Counsel: Privacy, Compliance, and Technology

Thyme Care is a value-based oncology management platform that provides personalized, clinically coordinated care to individuals with cancer. Thyme Care pairs human guidance with software and analytics to engage members with a cancer diagnosis , quickly connect them to the right care, and provide ongoing support through targeted, evidence-based interventions. The company’s unique approach establishes deep provider relationships and integrates with a health plan’s existing infrastructure, coordinating value-driven care that leads to better outcomes, lower costs and an improved member experience. Backed with venture funding from Andreessen Horowitz (a16z), Alley Corp, Frist Cressey Ventures, Casdin Capital and Bessemer, Thyme Care partners with health insurance plans and providers to extend the reach of high-quality cancer care through flexible value-based payment arrangements, including risk-based programs.

Your Role:

In this role you will report to the VP, Legal & Compliance and it will be your mission to advise, counsel and support Thyme Care compliance, privacy and data protection practices. This is a cross functional role and you’ll have the opportunity to work across Thyme Care’s Compliance, Engineering, Product, Operations, Marketing, and Member Experience teams to advise our new products and existing business on all aspects of privacy and data protection laws, including data breach rules and requirements. This could mean that you’re supporting our organizational healthcare privacy and data protection governance policies, vendor contracts, or the care delivery integrations within our rapidly growing healthcare technology startup. It will be your responsibility to handle privacy and data protection-related questions from across Thyme Care and provide actionable advice and counsel. This is a part time role, which may have the opportunity to turn into a full time role in the future.

We’ll expect that by the completion of your third month on the team you will have…

• Carried out assessments to determine how we need to mature our Thyme Care privacy and data policies against evolving industry standards. This will include creating, maintaining, and implementing policies, processes, templates, and records to ensure our data is handled and maintained in the best of ways. 
• Partnered closely with the Engineering and Security teams to create the right processes to review and respond to potential privacy and data protection incidents should they arise.
• Created and implemented a framework for privacy and data protection requirements for the team to use when evaluating programs, products, vendors and initiatives.
• You'll build programs and processes, and it will be important that you educate the team at large on what you establish.

After 6 months you will be expected to…

• Lead privacy and security legal workflows for new and existing technology vendors. You’ll have improved the way we review and negotiate agreements, NDAs, MSAs, and statements of work.
• Work with legal and product teams to review new and new versions of products, features, applications, and initiatives to provide risk mitigation strategies and make sure that products comply from a privacy and data protection perspective.  You’ll bring in outside counsel when you need more support, too. 

On an ongoing basis we will expect you to:

• Monitor and summarize new relevant legislative developments, case law, regulatory guidance and enforcement actions in relevant areas.
• Review, draft and negotiate various types of agreements (e.g., vendor/service provider agreements, customer agreements [including business associate agreements], data processing, data transfer and data usage agreements).

WHAT LEADS TO SUCCESS

• People-first. Thyme Care’s mission and members matter to you, deeply.
• Comfort with ambiguity.  You have a proven track record of success within scaling businesses, fast-paced environments, and startups. You understand that rapid changes to the business, strategy, organization, and priorities is par for the course.
• Experience. You have a JD and have passed the Bar in at least one state. You’ve been practicing law for 6+ years, 2 of which have been in-house. It’s important that your career has focused on corporate transactions vs. litigation. You’ve worked on healthcare privacy, security, technology or related regulatory experience with law firms or corporations, ideally a healthcare tech startup.
• Transactional know-how. You have deep experience guiding all facets of complex transactions, this includes data processing, use and/or transfer agreements.
• Privacy expert. You’ve conducted privacy impact assessments and have given advice from a legal perspective. You’re also familiar with data breach laws and can respond to any sort of data breach situation. You may have a CIPP or CISSP. You’re also interested in privacy relating to emerging tech in healthcare such as AI or ML and have experience thinking through and implementing policies around these emerging technologies.
• Biased to action. You’re a self-starter and don’t need anyone to tell you when to do something.

We are committed to promoting the health and well-being of all individuals. As a provider of cancer care navigation, we recognize that those with cancer constitute a vulnerable population at risk of contracting COVID-19.  As such, Thyme Care has adopted a mandatory COVID-19 vaccination policy, requiring all employees to receive a COVID-19 vaccination as a condition of employment, subject only to conflicting laws and approved exemptions based on medical or religious objections. 

Additionally, we believe employees should be paid fairly compared to their peers inside the company and in the market. We also believe that your personal needs and preferences should be taken into consideration so we allow some choice between equity and cash.

We recognize a history of inequality in healthcare. We’re here to challenge the status quo and create a culture of inclusion through the care we give and the company we build. We embrace and celebrate a diversity of perspectives in reflection of our members and the members we serve. We are an equal opportunity employer.