Job Title: HIPAA Privacy & Compliance Consultant


About PHIflow

Founded in early 2018, PHIflow is a data and technology company combining artificial intelligence and legal expertise to help companies understand their HIPAA Business Associate Agreement (BAA) risks and requirements. Our founders have deep experience in healthcare, technology and strategy.  We’re looking for energetic and resourceful team members to help shape our company’s culture and join us on our exciting journey. 


Essence of the Role

PHIflow is looking to hire a Privacy & Compliance Consultant to provide subject matter expertise on HIPAA, regulatory requirements, privacy laws and interpretation of those laws specifically as they apply to HIPAA Business Associate Agreements (BAAs).  We are looking for an experienced compliance professional who is interested in taking an innovative, outside the box approach to HIPAA compliance and data security regulations; someone who understands the regulatory compliance landscape but feels that it can be managed better.  This is a contract-based position that will report directly to the Chief Operating Officer.



  • Provides expertise regarding HIPAA/HITECH/BAA Privacy Rule Standards and other privacy laws, regulations, requirements and best practices
  • Develops a process for reviewing BAAs to ensure compliance with HIPAA and privacy laws and changing regulations
  • Works closely with the Product, Development, Marketing, Customer and other teams to coordinate review of BAAs 
  • Develops and disseminates education materials to support internal and external teams in effective management of BAAs
  • Identifies high-risk situations in the area of privacy, security and regulatory compliance

·      Collaborate with outside counsel on various HIPAA and other privacy matters


This role is best suited for someone with at least 10 years of hands-on healthcare compliance experience, specifically in Health Information Management, with a focus on privacy and security and protection of PHI. Experience reading and reviewing BAAs is required. Experience with Office of Civil Rights’ (OCR) HIPAA Privacy and Security Audit Program is a plus.  This candidate has deep understanding of the 2013 Omnibus Final Rule and is up to date on HITECH changes and changing state privacy laws. Successful completion of undergraduate studies is required.  Law degree or legal coursework is a plus, but not required.  Various healthcare compliance certifications (CHC, CCEP, CHPC, CISSP, CIPP and the like) are welcomed!


Why this Role is Compelling

As a startup, all PHIflow team members wear many hats.  We expect that the Privacy & Compliance Consultant will as well.  This role offers the chance to take part in a very unique and innovative entrepreneurial journey.  We are building a diverse team to help us on our mission, where each individual will be a valuable contributor.  We value professional development and learning, having an open mind, teamwork and striking the proper Life-Work balance.    


PHIflow is an equal opportunity employer and offers salaries and contracted compensation commensurate with qualifications and experience.  The Privacy & Compliance Consultant role is a contract-based position, with a full-time position available upon successful completion of deliverables and a fit with Company culture.  Full-time positions are complemented by competitive benefits and eligibility for performance bonuses and stock options based on performance. Position Start date is ASAP.  


How to Apply

Email a copy of your resume to  apply@phiflow.cowith “Privacy & Compliance Consultant – Your Name” in the subject line.  In the body of the email, please introduce yourself and reference how and where you found our Job Description.  Please be willing to provide professional references upon request.  




This position has been filled. Would you like to see our other open positions?