Compliance/Security Officer

Compliance / Security Officer Job Description  

Role Overview  

The Compliance Officer is a key member of the executive leadership team, responsible for the  development, implementation, and ongoing management of the organization's Comprehensive  Compliance Program. This role ensures that the organization operates in full accordance with  federal and state laws, including HIPAA, CMS (Medicare Advantage/ODAG), and OIG  guidelines.  

Core Responsibilities and Duties 

1. Program Structure and Implementation 
   1. Define Program Structure: Establish and maintain the foundational "Seven Elements"  of an effective compliance program as defined by the OIG.  
   2. Policy Development: Draft, implement, and update compliance policies and procedures.  
2. Educational Requirements and Training 
   1. Define Educational Requirements: Determine the mandatory compliance curriculum  for all employees and contracted providers.  
   2. Training Oversight: Ensure completion of Fraud, Waste, and Abuse (FWA), HIPAA, and  General Compliance training within 90 days of hire and annually thereafter.  
3. Regulatory Oversight and FDR Management 
   1. FDR Compliance: Oversee the organization's status as a First Tier, Downstream, and  Related Entity (FDR), ensuring all contracted physicians and vendors meet CMS criteria.  
   2. Exclusion Screening: Manage the monthly screening process against OIG (LEIE) and  GSA (SAM) databases for all staff and contractors.  
   3. ODAG Monitoring: Audit the timeliness of Organization Determinations, Appeals, and  Grievances to ensure compliance with CMS.  
4. Auditing, Monitoring, and Reporting 
   1. Internal Audits: Define the annual audit calendar, focusing on high-risk areas such as  multi-state licensure, billing accuracy, and telehealth prescribing.  
   2. Reporting Mechanisms: Maintain and publicize an anonymous reporting "hotline" or  channel for staff to report concerns without fear of retaliation.  
   3. Investigations: Lead internal investigations into potential compliance breaches or  unethical conduct and oversee corrective action plans.  
5. Governance and Communication 
   1. Compliance Committee: Chair the internal Compliance Committee and provide regular  reports to the Board of Directors and Executive Leadership.  
   2.  External Liaison: Act as the primary liaison for external audits from payers (e.g., IBX)  or government agencies. 
   3.  Risk Assessment: Conduct an annual enterprise-wide risk assessment to identify and  mitigate emerging regulatory threats.  
6. Cybersecurity 
   1. Oversight: work with the technology org to ensure secure, compliant, and safe function across Engineering and IT. Jointly track customer assessments, requirements, and remediation where needed, and keep abreast of industry trends and standards.
   2. Vendor Management: evaluate current and potential vendors for trustworthiness, security principles and practices, and overall risk to the company. Own vendor relationships in the security and compliance space.

Qualifications  

• Education: Bachelor's degree required; Master's, or healthcare-related advanced degree  preferred.  
• Certification: Certification in Healthcare Compliance (CHC) or equivalent is highly  desirable.  
• Experience: 10+ years of experience in healthcare compliance.  Past roles at healthtech/other highly regulated technology companies preferred.
• Skills: Deep knowledge of HIPAA/HITECH, False Claims Act, Anti-Kickback Statute,  and CMS ODAG requirements. Strong ability to manage a remote, nationwide  workforce. 

Key Performance Indicators (KPIs)  

• On-time completion of annual compliance training.  
• Zero "Late" ODAG submissions.  
• 100% accuracy in monthly OIG/GSA exclusion logs.  
• Successful completion of external payer audits with no material findings. 
• Effective management of Healthcare Compliance Dashboard.