At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Senior Director, Digital Legal Office – Health and Wellness Privacy Counsel

Purpose:

The successful candidate will be an experienced and strategic attorney with impeccable judgement who will provide legal and regulatory guidance on privacy issues related to health and wellness data collection and processing, including particular focus on Health Insurance Portability and Accountability Act (HIPAA) compliance, digital health privacy, and related healthcare data protection laws and pharmacy operations. The individual must be motivated by working in a dynamic environment with broad responsibility, as this position will effectively partner with a wide range of collaborators across the company. You will have direct, front-line responsibility providing strategic counsel to various functions, including ethics and compliance, information technology, cybersecurity, and privacy, artificial intelligence, data governance and will liaise with specialty legal colleagues to counsel and strategize on these issues. This attorney will also collaborate with the government affairs team in influencing legislation and industry standards related to relevant information privacy. The position reports to the Associate Vice President, Assistant General Counsel, Digital Legal Office Global Legal Lead (Privacy).

Responsibilities:

Serve as the primary legal advisor on HIPAA Privacy and Security Rules, HITECH, and related healthcare data protection laws.Provide legal counsel on the design and implementation of digital health technologies, Pharmacy Management Systems, EHR platforms, health plans, onsite employee health clinics and related primacy care services, mobile health applications and other healthcare IT solutions.Advise on legal risks and mitigation strategies related to pharmacy intake and dispensing operations, including patient data intake, prescription processing, and digital consent.Draft, review, and negotiate contracts involving protected health information (PHI), including Business Associate Agreements (BAAs), data sharing agreements, and vendor contracts.Collaborate with IT, Compliance, and Product teams to ensure privacy-by-design principles are embedded in all digital solutions.Monitor and interpret evolving federal and state privacy laws (e.g., CCPA, CPRA, state-specific pharmacy laws) and advise on their impact.Support incident response and breach notification processes in accordance with HIPAA and state breach laws.Provide training and education to internal team members on HIPAA, digital privacy, and pharmacy compliance.Draft and review, and otherwise support negotiations regarding privacy provisions in a wide variety of agreementsOversee legal response to data breaches or privacy/security incidents including investigations, notifications, and remediationSupport audits, regulatory inquiries, and enforcement actions

Basic Qualifications

J.D. degree from accredited schools.Active license to practice law in the United States.Minimum of 7 years of legal experience, with a focus on healthcare law.Extensive experience and in-depth knowledge of the Health Insurance Portability and Accountability Act (HIPAA) and its regulations with consistent record of providing legal support to pharmacies, Covered Entities, and Business Associates.

Additional Skills/Preferences

Demonstrated experience standing up, supporting, and maintaining complex health and wellness privacy programs for regulated entitiesWorking knowledge and understanding of various privacy regulations, frameworks, and accompanying guidanceExperience successfully and strategically handling privacy risks, threats, and breachesAbility to research, track, and turn regulations and enforcement trends into practical, actionable adviceDemonstrated collaboration skills with corporate business partners and/or clients, including the ability to work closely with information technology and security teammates and a clear understanding of roles and responsibilitiesBasic knowledge of and understanding of privacy regulators, including the FTC, states attorneys general, and HHSFamiliarity with AI/ML in healthcare, interoperability standards, and health information exchangesHighly motivated and collaborative partner with strong interpersonal skills and the ability to work effectively with team members and members of management across all levels of the companyGood judgement and a meticulous level of attention to detailExcellent written and verbal communication skills with a demonstrated ability to influence othersDemonstrated commitment to expand knowledge and adapt to the changing environmentComfortable operating with a sense of urgency and ability to manage competing priorities in a fast-paced and evolving environmentExperience counseling on emerging regulations and best practices in data governance, artificial intelligence, privacy, and cyber securityExperience counseling technology teamsPreferred Location: Indianapolis based.  Open to remote with willingness to travel to Indianapolis on a quarterly basis or more often as required to meet relevant business needs

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups.

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.  The anticipated wage for this position is

$177,000 - $259,600

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly