Director, Corporate Compliance, Risk Management and Privacy Officer

About The Position

Requirements

• Bachelor’s degree in Healthcare Administration, Law, Compliance, Business, or related field required.
• In-depth knowledge of healthcare regulations, HIPAA/HITECH, OIG guidelines, and CMS requirements.
• Strong analytical, investigative, and problem-solving skills.
• Excellent communication and interpersonal abilities.
• Ability to manage confidential and sensitive information with integrity.
• Proficiency in compliance management software and Microsoft Office Suite.

Nice To Haves

• Master’s degree or Juris Doctor (JD) preferred.
• Preferred 5–7 years of progressively responsible experience in healthcare compliance, privacy, or regulatory affairs.
• Experience in hospital systems, physician groups, health plans, or other healthcare delivery settings preferred.
• Certified in Healthcare Compliance (CHC)
• Certified in Healthcare Privacy and Security (CHPS)
• Certified Compliance & Ethics Professional (CCEP)

Responsibilities

• Lead the development, implementation, and ongoing monitoring of a comprehensive Corporate Compliance Program and annual work plan.
• Oversee day-to-day compliance activities, investigations, reporting, and follow-up actions.
• Serve as Chair of the Corporate Compliance Committee and report regularly to executive leadership and the Board of Trustees.
• Develop and oversee compliance policies, procedures, education, orientation, and annual training programs.
• Identify regulatory risk areas and ensure timely mitigation strategies.
• Maintain oversight of the compliance hotline and all internal and external compliance inquiries.
• Serve as the primary compliance advisor to the Board, senior leadership, and department leaders.
• Maintain current knowledge of applicable laws, regulations, and accreditation standards and coordinate reporting with legal counsel as required.
• Direct an integrated, organization-wide Risk Management program focused on patient, staff, and visitor safety and liability prevention.
• Oversee incident reporting, investigation, tracking, and follow-up using the Meditech Risk Management system.
• Coordinate response to liability claims, malpractice events, and regulatory risk assessments, including MLMIC reviews.
• Advise leadership on risk mitigation strategies, regulatory compliance, and loss prevention.
• Collaborate with Patient Safety, Quality, Safety Officer, and Patient Experience teams to address incidents and grievances.
• Develop and deliver risk management education and training for staff and medical providers.
• Serve as the HIPAA-mandated Privacy Officer for the organization.
• Oversee the development, implementation, and enforcement of privacy policies and procedures.
• Ensure compliance with federal and state privacy laws through audits, risk assessments, and monitoring activities.
• Manage privacy complaints, investigations, corrective actions, and reporting.
• Oversee privacy education, training, and business associate agreement compliance.
• Collaborate with Information Systems, legal counsel, and operational leaders to align privacy and security practices.
• Prepare and submit required annual privacy and security reports.
• Ensure compliance with Joint Commission Patient Rights standards.
• Prepare departmental budgets and conduct staff performance evaluations.
• Serve as a resource for staff concerns and participate in Revenue Cycle–related initiatives.
• Perform other duties as assigned by leadership.