Compliance Director

About The Position

Requirements

• Minimum 10 years of health care compliance, privacy, and risk management experience; experience in telehealth, behavioral health and/or addiction medicine settings
• Deep knowledge and proven experience with HIPAA, state privacy laws, and healthcare regulatory compliance in multi-state environments
• Experience leading incident response, internal audits, policy development, and regulatory-driven investigations
• Strong leadership skills; ability to manage cross-functional teams, influence without direct authority, and drive culture change
• Excellent communication skills—written, verbal; able to deliver training, to work with executive leadership and with staff at all levels
• Strong analytical skills; comfort with interpreting complex regulatory requirements and translating them into practical operational policies
• High integrity, ethical mindset, attention to detail, ability to maintain composure under pressure

Nice To Haves

• Experience with managing both HIPAA and 42 CFR Part 2 compliance programs
• Professional certifications (e.g. Certified in Healthcare Compliance (CHC), Certified Healthcare Privacy Compliance (CHPC), or equivalent), or attainable within one year of hire
• Prior experience building and scaling compliance/privacy programs in a startup environment

Responsibilities

• Develop, maintain, and enhance compliance policies, procedures, and controls for telehealth-based addiction treatment services in multiple states in accordance with best practices and applicable state and federal laws and regulations; lead periodic reviews and updates as laws/regulations evolve
• Manage national accreditation and state behavioral health certification program compliance, including policy development and new market applications
• Serve as the designated Privacy Officer and oversee compliance with HIPAA, 42 CFR Part 2, and applicable state privacy laws and regulations
• Conduct privacy & compliance risk assessments, internal audits, and gap analyses; implement corrective plans and monitor remediations as necessary
• Manage incident response: oversee investigations of privacy or compliance breaches, coordinate response, notification, and remediation
• Lead training & awareness programs for clinical, operational, technical, and other staff on privacy, security, and regulatory compliance topics
• Monitor regulatory landscape: track changes and developments in relevant laws and regulations, assess their impact on Boulder Care’s operations, and advise leadership accordingly
• Support compliance with contractual obligations (e.g. with payors, vendors, partners) related to privacy, consent, data use and sharing
• Serve as liaison to external regulators or auditors, manage audit or investigation responses, ensure documentation readiness
• Maintain metrics, dashboards, and reporting to leadership on compliance/privacy performance, risk indicators, and program health
• Lead or participate in internal compliance committees; coordinate with Chief Legal Officer, clinical operations, and information security teams
• Demonstrate knowledge of ethical standards, professional codes, and applicable laws affecting the department and company
• Uphold and model organizational policies and professional codes of ethics; document and escalate reports of unethical behavior as required by Boulder policies, licensing bodies, or legal standards
• Promote ethical, patient-centered decision-making by engaging in constructive discussions on the impact of work decisions on patients, staff, and stakeholders
• Collaborate with colleagues across clinical, operations, product, IT, and executive leadership to develop and progress organizational policies and procedures
• Communicate policies, procedures, and organizational culture effectively to new employees and colleagues
• Foster a culture of professionalism, transparency, and accountability to ensure consistent compliance across the team

Benefits

• Contribution to meaningful, life-saving work!
• Comprehensive medical, dental, vision, and short-term disability benefits designed to take care of our employees and their families
• Mental Health Services via insurance coverage, including Talkspace, and EAP for continuous care
• 4 weeks of vacation accrued per calendar year with a tenured increase to 5 weeks at 2 years of employment
• Sick leave accrued at 1 hr for every 30 hrs paid
• 9 Paid Holidays per year
• 12 weeks of 100% paid parental leave for the birth or adoption of a child (after 6 months of employment)
• 401(k) retirement savings
• Remote friendly with hardware provided to complete your work duties