About PHIflow

Founded in early 2018, PHIflow is a data and technology company combining artificial intelligence and legal expertise to help companies understand their HIPAA Business Associate Agreement (BAA) risks and requirements. Our founders have deep experience in healthcare, technology and strategy.  We’re looking for energetic and resourceful team members to help shape our company’s culture and join us on our exciting journey. 


Essence of the Role

PHIflow is looking to hire a Privacy & Compliance Director to be the Team’s subject matter expert on HIPAA, regulatory requirements, privacy laws and interpretation of those laws specifically as they apply to HIPAA Business Associate Agreements (BAAs).  We are looking for an experienced compliance professional who is interested in taking an innovative, outside the box approach to HIPAA compliance and data security regulations; someone who understands the regulatory compliance landscape but feels that it can be managed better.  The ideal candidate is creative and willing to take a hands-on role working alongside PHIflow’s leadership, legal and product teams and will also play a key role in many public-facing aspects of the Company.  This position will report directly to the Chief Operating Officer.


  • Maintains current knowledge of HIPAA/HITECH/BAA Privacy Rule Standards and other privacy laws, regulations, requirements and best practices
  • Develops and maintains process for reviewing BAAs on regular basis to ensure compliance with HIPAA and privacy laws and changing regulations
  • Works closely with the Product, Development, Marketing, Customer and other teams to coordinate review of BAAs 
  • Develops and disseminates education materials to support internal and external teams in effective management of BAAs
  • Identifies high-risk situations in the area of privacy, security and regulatory compliance
  • Hire, train and retain a support team of other Compliance Specialists
  • Partner with outside counsel on various HIPAA and other privacy matters


This role is best suited for someone with at least 10 years of hands-on healthcare compliance experience, specifically in Health Information Management, with a focus on privacy and security and protection of PHI. Experience reading and reviewing BAAs is required. Experience with Office of Civil Rights’ (OCR) HIPAA Privacy and Security Audit Program is a plus.  This candidate has deep understanding of the 2013 Omnibus Final Rule and is up to date on HITECH changes and changing state privacy laws.  Successful completion of undergraduate studies is required.  Law degree or legal coursework is a plus, but not required.  Various healthcare compliance certifications (CHC, CCEP, CHPC, CISSP, CIPP and the like) are welcomed and continuous education will be supported! 


Why this Role is Compelling

As a startup, all PHIflow team members wear many hats.  We expect that the Privacy & Compliance Director will as well.  This role offers the chance to take part in a very unique and innovative entrepreneurial journey.  We are building a diverse team to help us on our mission, where each individual will be a valuable contributor.  We value professional development and learning, having an open mind, teamwork and striking the proper Life-Work balance.    


PHIflow is an equal opportunity employer and offers salaries commensurate with qualifications and experience, complemented by competitive benefits for all employees.  The Privacy & Compliance Director role is a full-time position and will be eligible for performance bonuses and stock options based on performance.  Position Start date is ASAP.  


How to Apply

Email a copy of your resume to  apply@phiflow.cowith “Privacy & Compliance Director – Your Name” in the subject line.  In the body of the email, please introduce yourself and reference how and where you found our Job Description.  Please be willing to provide professional references upon request.  

This position has been filled. Would you like to see our other open positions?