Legal Counsel advising on product development, HIPAA privacy, AI regulatory compliance, and commercial contracting for a healthcare SaaS platform serving mental health practitioners. Requires JD, 7-8+ years experience in healthcare privacy and tech transactions.
185k – 235k
Remote7+ YOELegal
About the role
Key Responsibilities
Product and Regulatory Counsel
Serve as a legal advisor to product and engineering teams, providing guidance on new features, product launches, and platform changes.
Conduct regulatory impact assessments for new product initiatives, with a particular focus on responsible AI use in healthcare technology.
Monitor and analyze emerging SaaS, AI, and digital health regulations that affect SimplePractice's platform and the mental health technology space more broadly.
Review marketing materials, website content, and promotional assets to confirm alignment with healthcare advertising regulations, FTC guidelines, and platform-specific requirements.
Privacy
Conduct impact assessments for new and existing product features, with a primary focus on HIPAA (Privacy Rule, Security Rule, and Breach Notification Rule).
Advise on data collection, use, storage, and sharing practices across the platform, including the EHR and client portal.
Support incident response processes and breach notification obligations.
Stay current on federal and state privacy developments (including state health data laws, CCPA/CPRA, and sector-specific requirements) and translate regulatory changes into actionable guidance for cross-functional teams.
Collaborate with Compliance, Security, Data, and Engineering teams on data protection practices and compliance documentation.
Contracting and Partnerships
Draft, review, and negotiate a range of commercial agreements, including customer contracts, SaaS subscription agreements, BAAs, vendor contracts, partnership agreements, and data processing agreements.
Evaluate potential business partners and vendors through legal review.
Manage contract lifecycle processes and maintain accessible records of key agreements.
Policy and Terms Development
Draft, update, and maintain SimplePractice's privacy policies, terms of service, acceptable use policies, and related user-facing legal documents.
Develop internal policies, playbooks, and training materials on privacy, data handling, AI governance, and regulatory compliance.
Build scalable legal processes and templates that help the business move quickly without sacrificing compliance.
Required Qualifications
J.D. from an accredited law school and active membership in good standing with at least one U.S. state bar (California bar membership or eligibility preferred).
7-8+ years of legal experience, with meaningful exposure to healthcare privacy (HIPAA), technology transactions, or SaaS/digital health product counseling; a combination of law firm and in-house experience is ideal.
Working knowledge of HIPAA, including the Privacy Rule, Security Rule, and Breach Notification Rule.
Experience drafting and negotiating technology agreements (SaaS, licensing, vendor, and data processing agreements).
Ability to translate legal and regulatory requirements into clear, practical guidance for non-legal stakeholders.
Strong judgment and comfort operating independently in a fast-paced environment with competing priorities.
Preferred Qualifications
CIPP/US or other privacy certification.
Experience with HIPAA and healthcare privacy laws.
Experience advising on AI/ML products in a regulated industry, including familiarity with emerging AI governance frameworks.
Experience with state consumer health data privacy laws (Washington MHMD Act, Connecticut, Nevada, and similar).
Experience building legal processes, templates, and resources from the ground up.
Skills & Competencies
Business judgment: Think like a business partner first, identify risk clearly, propose practical solutions.
Clarity of communication: Explain regulatory requirements to engineers, summarize contract risk for sales, draft accessible policies.
Adaptability: Comfortable shifting between legal disciplines, learn quickly.
Efficiency and ownership: Manage workload independently, build repeatable processes.
Cultural alignment: Value transparency, directness, simplicity; collaborative and low-ego.
Senior Commercial Counsel role negotiating SaaS customer and vendor contracts to enable revenue growth while managing risk at a cybersecurity company. Requires 6+ years legal experience, preferably in-house at a SaaS/tech firm.
185k – 200k
Remote6+ YOELegal
Lending Regulatory Counsel
SquareCalifornia
Regulatory counsel advising on state and federal lending laws, bank partnerships, and consumer/commercial lending compliance. Leads resolution of complex regulatory issues and provides strategic guidance on novel financial products to senior stakeholders. Requires JD, 8+ years relevant experience, and bar membership.
185k – 327k
On-site8+ YOELegal
Sr. Counsel, Commercial
DatabricksBellevue, WA +4
Experienced attorney to lead complex SaaS and commercial transactions for Databricks' sales organization, advising on data privacy, security, AI, IP, and open source issues while partnering with cross-functional teams.
187k – 272k
On-site7+ YOELegal
Sr. Legal Counsel
RulaLos Angeles, CA
Lead employment, privacy, and security legal matters for a remote-first mental healthcare company. Provide strategic guidance on compliance, worker classification, HIPAA, and state privacy laws to HR, IT, and security teams.
Rover is seeking a Senior Counsel to manage complex litigation, regulatory disputes, and public policy advocacy. This role involves active case management, policy analysis, and strategic partnership with internal and external stakeholders.