Director of Risk Management and Compliance

Job Title

Director of Risk Management and Compliance

Reports To:

Chief Operations Officer

FLSA Status:

Exempt

POSITION SUMMARY

The Compliance & Risk Manager is responsible for supporting the development, implementation, and ongoing oversight of the CCHC's Compliance Program and Enterprise Risk Management (ERM) framework. This position ensures adherence to federal and state regulations\u2014including HRSA, CMS, FTCA, HIPAA, OSHA, 340B, Medicaid/Medicare billing requirements\u2014and proactively identifies and mitigates organizational risks.

The Compliance & Risk Manager partners closely with clinical, operational, finance, pharmacy, and administrative departments to ensure policies, procedures, performance improvement, and quality initiatives are aligned with HRSA compliance, industry best practices, and organizational goals.

KEY RESPONSIBILITIES

1. Compliance Program Oversight

• Support administration of the organization's Corporate Compliance Program in accordance with HRSA's requirements, Federal Sentencing Guidelines, and OIG Compliance Program Guidance.
• Conduct routine audits and compliance reviews of operational, clinical, financial, and billing functions.
• Help develop and maintain policies and procedures addressing compliance, regulatory, privacy, and risk matters.
• Coordinate the annual HRSA Operational Site Visit (OSV) preparation, monitoring, and corrective action plans.
• Monitor regulatory updates and communicate changes to leadership and staff.

2. Risk Management & Regulatory Readiness

• Support the organization's Enterprise Risk Management (ERM) process, including risk identification, risk scoring, mitigation planning, and tracking.
• Conduct Root Cause Analyses (RCA) and implement corrective actions for adverse events, near misses, or compliance concerns.
• Maintain incident reporting processes and track trends.
• Serve as liaison for insurance carriers, including liability, property, workers' compensation, and FTCA requirements.
• Assist with emergency preparedness compliance, OSHA oversight, and Environment of Care coordination.

3. HIPAA Privacy & Security Compliance

• Participate in monitoring compliance with HIPAA Privacy, Security, and Breach Notification Rules.
• Investigate privacy incidents and potential breaches; develop corrective action plans.
• Conduct annual HIPAA training and workforce education.
• Collaborate with IT to ensure alignment with information security policies and safeguards.

4. 340B Program Oversight (as applicable)

• Assist with compliance monitoring of the 340B Drug Pricing Program in collaboration with pharmacy leadership.
• Support internal audits for 340B eligible encounters, prescription validation, contract pharmacy oversight, diversion, and duplicate discount prevention.
• Maintain documentation required for HRSA 340B audits and program integrity monitoring.

5. Internal Audits & Monitoring

• Develop, schedule, and perform compliance and risk audits, including:
• Billing and coding
• Eligibility and sliding fee scale
• Documentation standards
• Credentialing compliance
• Referral and care coordination documentation
• Quality improvement program alignment
• Prepare audit reports and present findings to leadership.

6. Training, Education & Communication

• Conduct compliance, HIPAA, regulatory, and risk management training for new hires and current staff.
• Provide coaching and support to leaders on compliance-related questions.
• Maintain communication tools such as newsletters, alerts, intranet posts, and compliance dashboards.

7. Investigations

• Conduct internal compliance investigations, including interviewing staff, reviewing documentation, and analyzing findings.
• Document outcomes and ensure appropriate corrective or disciplinary actions are implemented.

8. Corporate Governance Support

• Support the compliance committee and quality/risk committees.
• Assist with board reporting, annual risk assessments, and organizational compliance metrics.

Maintain documentation necessary for HRSA Section 330-related compliance elements.

QUALIFICATIONS

• Masters degree in Health Administration, Public Health, Nursing, Business, or related field required,
• Minimum 3\u20135 years of experience in healthcare compliance, risk management, quality improvement, or regulatory operations (FQHC preferred).
• Knowledge of HRSA, FTCA, CMS, Medicaid/Medicare, HIPAA, OSHA, and 340B program requirements.
• Certification preferred (one or more):
• CHC (Certified in Healthcare Compliance)
• CCEP (Certified Compliance and Ethics Professional)
• CPHRM (Certified Professional in Healthcare Risk Management)
• CPPS (Patient Safety)
• CHPC (HIPAA Privacy Certified)

KEY COMPETENCIES

• Strong understanding of FQHC regulatory and compliance frameworks
• Ability to conduct audits, analyze findings, and drive corrective action
• Knowledge of healthcare billing, coding, eligibility, and reimbursement processes
• Excellent communication, training, and investigation skills
• Strong analytical, organizational, and project management abilities
• Ability to collaborate effectively with clinical and administrative leaders
• High integrity, discretion, and sound judgment

Employee Benefits offered to Fulltime Staff

• Blue Cross Blue Shield Medical Insurance
• Blue Cross Blue Shield Dental and Vision Insurance
• Supplemental Benefits
• Life Insurance (Provided by the company)