HIPAA Compliance Manager

Job Title: HIPAA Compliance Manager 
Duration: 9 months
Location-: Remote (Philadelphia Preferred) otherwise East Coast based
Role type -: Part time 32 Hours/week (3-4 days/week)

About the Role
Client is seeking an experienced Health Data & Regulatory Compliance leader to support the development, deployment, and commercialization of digital health and AI-enabled clinical solutions, including ClinicalKey AI (CKAI) and related products. This role sits at the intersection of HIPAA data governance and Software as a Medical Device (SaMD) regulatory compliance, ensuring that our products meet applicable privacy, security, and regulatory requirements throughout the product lifecycle. The successful candidate will work cross-functionally with Product, Engineering, Cybersecurity, Privacy, Legal, and Commercial teams to embed compliance into product design, architecture, and customer deployments while enabling innovation in AI-driven healthcare solutions.

Key Responsibilities

• HIPAA & Health Data Governance
• Lead implementation of HIPAA Privacy Rule and Security Rule requirements across products handling PHI
• Define and operationalize controls for:
• PHI collection, use, storage, and retention
• access control and minimum necessary principles
• audit logging and monitoring
• Support Business Associate Agreement (BAA) requirements and customer compliance expectations
• Partner with Privacy and Security teams on risk assessments, incident response, and remediation planning
• Regulatory Affairs – SaMD / Clinical Software
• Support regulatory strategy for products that may qualify as Software as a Medical Device (SaMD)
• Provide guidance on:
• FDA pathways (e.g., 510(k), De Novo, CDS guidance)
• EU MDR / IVDR considerations (as applicable)
• Partner with Product and Clinical teams on:
• intended use definition
• clinical risk classification
• regulatory positioning and documentation
• AI & Clinical Software Governance
• Provide oversight for AI/LLM-enabled clinical solutions, including CKAI
• Advise on:
• appropriate use of PHI in AI workflows
• boundaries between inference vs. training data
• secondary use considerations and compliance risks
• Support development of clinical evaluation and validation frameworks
• Product & Engineering Collaboration
• Work directly with engineering teams to translate regulatory requirements into technical controls and architecture decisions
• Review system designs and data flows for compliance with:
• HIPAA
• security best practices
• regulatory expectations for clinical software
• Support implementation of secure development and deployment practices
• Risk Assessment & Compliance Oversight
• Lead or support HIPAA and regulatory risk assessments for new and existing products
• Maintain compliance documentation and evidence for:
• internal audits
• customer due diligence
• regulatory inquiries
• Identify gaps and define remediation roadmaps
• Customer & Commercial Support
• Partner with Legal and Commercial teams to:
• review BAAs and customer data protection requirements
• support RFPs and compliance questionnaires
• Provide guidance on customer-specific regulatory and data protection expectations
• Cross-Functional Education
• Educate internal teams on:
• HIPAA requirements
• PHI handling in digital products
• SaMD regulatory considerations
• Develop guidance materials and training for Product and Engineering teams

Required Qualifications

• 8-10+ years of experience in healthcare compliance, regulatory affairs, or health data governance
• Deep expertise in at least one of the following areas:
• HIPAA Privacy & Security compliance
• OR SaMD / medical device regulatory affairs
• Working knowledge of the other domain, including:
• PHI handling and governance
• OR clinical software regulatory frameworks
• Experience working with:
• healthcare technology or SaaS products handling PHI
• cross-functional teams (Product, Engineering, Security, Legal)
• Strong understanding of:
• cloud environments (AWS, Azure)
• data security and access control principles
• Education Requirements
• Bachelor’s degree in a relevant field required such as:
• Health Sciences
• Public Health
• Life Sciences
• Engineering (Biomedical, Software, or related)
• Information Security / Computer Science
• Healthcare Administration
• Advanced degree preferred, such as:
• Master’s degree (e.g., MPH, MS, MBA)
• OR Juris Doctor (JD) with healthcare or regulatory focus
• Relevant professional certifications (preferred but not required):
• Certified in Healthcare Compliance (CHC)
• Certified in Healthcare Privacy Compliance (CHPC)
• Certified Information Privacy Professional (CIPP/US or CIPP/E)
• HCISPP, CISSP, or equivalent (for security-focused candidates)

Preferred Qualifications

• Experience with AI / machine learning systems in healthcare
• Familiarity with:
• FDA CDS / AI guidance
• EU MDR / IVDR frameworks
• Experience supporting:
• clinical decision support systems
• digital health or AI-driven healthcare products
• Certifications such as:
• CHC / CHPC
• CIPP/US
• HCISPP
• CISSP (security-focused candidates)
• Key Competencies
• Ability to balance regulatory rigor with product innovation
• Strong collaboration across technical and non-technical teams
• Ability to translate complex regulatory requirements into practical, implementable solutions
• Strategic thinking with a risk-based approach to compliance

Why This Role Matters This role is critical to ensuring Elsevier Clinical Solutions can continue to innovate in AI-enabled healthcare technologies while maintaining the highest standards of patient data protection, regulatory compliance, and clinical integrity. 
 
At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws. This position’s starting pay is: $ 65.00/daily.