Note: The job is a remote job and is open to candidates in USA. SimplePractice is a company dedicated to improving access to quality care by providing health and wellness clinicians with essential tools. They are seeking a Legal Counsel to serve as a trusted advisor across various domains including product development, privacy, and regulatory compliance, while ensuring the company adheres to its mission of supporting independent mental health practitioners.
Responsibilities
- Serve as a legal advisor to product and engineering teams, providing guidance on new features, product launches, and platform changes
- Conduct regulatory impact assessments for new product initiatives, with a particular focus on responsible AI use in healthcare technology
- Monitor and analyze emerging SaaS, AI, and digital health regulations that affect SimplePractice's platform and the mental health technology space more broadly
- Review marketing materials, website content, and promotional assets to confirm alignment with healthcare advertising regulations, FTC guidelines, and platform-specific requirements
- Conduct impact assessments for new and existing product features, with a primary focus on HIPAA (Privacy Rule, Security Rule, and Breach Notification Rule)
- Advise on data collection, use, storage, and sharing practices across the platform, including the EHR and client portal
- Support incident response processes and breach notification obligations
- Stay current on federal and state privacy developments (including state health data laws, CCPA/CPRA, and sector-specific requirements) and translate regulatory changes into actionable guidance for cross-functional teams
- Collaborate with Compliance, Security, Data, and Engineering teams on data protection practices and compliance documentation
- Draft, review, and negotiate a range of commercial agreements, including customer contracts, SaaS subscription agreements, BAAs, vendor contracts, partnership agreements, and data processing agreements
- Evaluate potential business partners and vendors through legal review
- Manage contract lifecycle processes and maintain accessible records of key agreements
- Draft, update, and maintain SimplePractice's privacy policies, terms of service, acceptable use policies, and related user-facing legal documents
- Develop internal policies, playbooks, and training materials on privacy, data handling, AI governance, and regulatory compliance
- Build scalable legal processes and templates that help the business move quickly without sacrificing compliance
Skills
- J.D. from an accredited law school and active membership in good standing with at least one U.S. state bar (California bar membership or eligibility preferred)
- 7-8+ years of legal experience, with meaningful exposure to healthcare privacy (HIPAA), technology transactions, or SaaS/digital health product counseling; a combination of law firm and in-house experience is ideal
- Working knowledge of HIPAA, including the Privacy Rule, Security Rule, and Breach Notification Rule
- Experience drafting and negotiating technology agreements (SaaS, licensing, vendor, and data processing agreements)
- Ability to translate legal and regulatory requirements into clear, practical guidance for non-legal stakeholders
- Strong judgment and comfort operating independently in a fast-paced environment with competing priorities
- CIPP/US or other privacy certification
- Experience with HIPAA and healthcare privacy laws
- Experience advising on AI/ML products in a regulated industry, including familiarity with emerging AI governance frameworks
- Experience with state consumer health data privacy laws (Washington MHMD Act, Connecticut, Nevada, and similar)
- Experience building legal processes, templates, and resources from the ground up
Benefits
- Employees may also be eligible for an annual bonus or commission.
- Some roles may also be eligible for overtime pay.
Company Overview