HIPAA Compliance Manager

Job TitleHIPAA Compliance Manager Duration9 monthsLocation-: Remote (Philadelphia Preferred) otherwise East Coast basedRole type -: Part time 32 Hours/week (3-4 days/week)About the RoleClient is seeking an experienced Health Data & Regulatory Compliance leader to support the development, deployment, and commercialization of digital health and AI-enabled clinical solutions, including ClinicalKey AI (CKAI) and related products. This role sits at the intersection of HIPAA data governance and Software as a Medical Device (SaMD) regulatory compliance, ensuring that our products meet applicable privacy, security, and regulatory requirements throughout the product lifecycle. The successful candidate will work cross-functionally with Product, Engineering, Cybersecurity, Privacy, Legal, and Commercial teams to embed compliance into product design, architecture, and customer deployments while enabling innovation in AI-driven healthcare solutions.Key ResponsibilitiesHIPAA & Health Data GovernanceLead implementation of HIPAA Privacy Rule and Security Rule requirements across products handling PHIDefine and operationalize controls for:PHI collection, use, storage, and retentionaccess control and minimum necessary principlesaudit logging and monitoringSupport Business Associate Agreement (BAA) requirements and customer compliance expectationsPartner with Privacy and Security teams on risk assessments, incident response, and remediation planningRegulatory Affairs - SaMD / Clinical SoftwareSupport regulatory strategy for products that may qualify as Software as a Medical Device (SaMD)Provide guidance on:FDA pathways (e.g., 510(k), De Novo, CDS guidance)EU MDR / IVDR considerations (as applicable)Partner with Product and Clinical teams on:intended use definitionclinical risk classificationregulatory positioning and documentationAI & Clinical Software GovernanceProvide oversight for AI/LLM-enabled clinical solutions, including CKAIAdvise on:appropriate use of PHI in AI workflowsboundaries between inference vs. training datasecondary use considerations and compliance risksSupport development of clinical evaluation and validation frameworksProduct & Engineering CollaborationWork directly with engineering teams to translate regulatory requirements into technical controls and architecture decisionsReview system designs and data flows for compliance with:HIPAAsecurity best practicesregulatory expectations for clinical softwareSupport implementation of secure development and deployment practicesRisk Assessment & Compliance OversightLead or support HIPAA and regulatory risk assessments for new and existing productsMaintain compliance documentation and evidence for:internal auditscustomer due diligenceregulatory inquiriesIdentify gaps and define remediation roadmapsCustomer & Commercial SupportPartner with Legal and Commercial teams to:review BAAs and customer data protection requirementssupport RFPs and compliance questionnairesProvide guidance on customer-specific regulatory and data protection expectationsCross-Functional EducationEducate internal teams on:HIPAA requirementsPHI handling in digital productsSaMD regulatory considerationsDevelop guidance materials and training for Product and Engineering teamsRequired Qualifications8-10+ years of experience in healthcare compliance, regulatory affairs, or health data governanceDeep expertise in at least one of the following areas:HIPAA Privacy & Security complianceOR SaMD / medical device regulatory affairsWorking knowledge of the other domain, including:PHI handling and governanceOR clinical software regulatory frameworksExperience working with:healthcare technology or SaaS products handling PHIcross-functional teams (Product, Engineering, Security, Legal)Strong understanding of:cloud environments (AWS, Azure)data security and access control principlesEducation RequirementsBachelor's degree in a relevant field required such as:Health SciencesPublic HealthLife SciencesEngineering (Biomedical, Software, or related)Information Security / Computer ScienceHealthcare AdministrationAdvanced degree preferred, such as:Master's degree (e.g., MPH, MS, MBA)OR Juris Doctor (JD) with healthcare or regulatory focusRelevant professional certifications (preferred but not required):Certified in Healthcare Compliance (CHC)Certified in Healthcare Privacy Compliance (CHPC)Certified Information Privacy Professional (CIPP/US or CIPP/E)HCISPP, CISSP, or equivalent (for security-focused candidates)Preferred QualificationsExperience with AI / machine learning systems in healthcareFamiliarity with:FDA CDS / AI guidanceEU MDR / IVDR frameworksExperience supporting:clinical decision support systemsdigital health or AI-driven healthcare productsCertifications such as:CHC / CHPCCIPP/USHCISPPCISSP (security-focused candidates)Key CompetenciesAbility to balance regulatory rigor with product innovationStrong collaboration across technical and non-technical teamsAbility to translate complex regulatory requirements into practical, implementable solutionsStrategic thinking with a risk-based approach to complianceWhy This Role Matters This role is critical to ensuring Elsevier Clinical Solutions can continue to innovate in AI-enabled healthcare technologies while maintaining the highest standards of patient data protection, regulatory compliance, and clinical integrity.