Compliance / Security Officer Job Description

Role Overview

The Compliance Officer is a key member of the executive leadership team, responsible for the development, implementation, and ongoing management of the organization’s Comprehensive Compliance Program. This role ensures that the organization operates in full accordance with federal and state laws, including HIPAA, CMS (Medicare Advantage/ODAG), and OIG guidelines.

Core Responsibilities and Duties

1. Program Structure and Implementation
   1. Define Program Structure: Establish and maintain the foundational "Seven Elements" of an effective compliance program as defined by the OIG.
   2. Policy Development: Draft, implement, and update compliance policies and procedures.
2. Educational Requirements and Training
   1. Define Educational Requirements: Determine the mandatory compliance curriculum for all employees and contracted providers.
   2. Training Oversight: Ensure completion of Fraud, Waste, and Abuse (FWA), HIPAA, and General Compliance training within 90 days of hire and annually thereafter.
3. Regulatory Oversight and FDR Management
   1. FDR Compliance: Oversee the organization’s status as a First Tier, Downstream, and Related Entity (FDR), ensuring all contracted physicians and vendors meet CMS criteria.
   2. Exclusion Screening: Manage the monthly screening process against OIG (LEIE) and GSA (SAM) databases for all staff and contractors.
   3. ODAG Monitoring: Audit the timeliness of Organization Determinations, Appeals, and Grievances to ensure compliance with CMS.
4. Auditing, Monitoring, and Reporting
   1. Internal Audits: Define the annual audit calendar, focusing on high-risk areas such as multi-state licensure, billing accuracy, and telehealth prescribing.
   2. Reporting Mechanisms: Maintain and publicize an anonymous reporting "hotline" or channel for staff to report concerns without fear of retaliation.
   3. Investigations: Lead internal investigations into potential compliance breaches or unethical conduct and oversee corrective action plans.
5. Governance and Communication
   1. Compliance Committee: Chair the internal Compliance Committee and provide regular reports to the Board of Directors and Executive Leadership.
   2. External Liaison: Act as the primary liaison for external audits from payers (e.g., IBX) or government agencies.
   3. Risk Assessment: Conduct an annual enterprise-wide risk assessment to identify and mitigate emerging regulatory threats.
6. Cybersecurity
   1. Oversight: work with the technology org to ensure secure, compliant, and safe function across Engineering and IT. Jointly track customer assessments, requirements, and remediation where needed, and keep abreast of industry trends and standards.
   2. Vendor Management: evaluate current and potential vendors for trustworthiness, security principles and practices, and overall risk to the company. Own vendor relationships in the security and compliance space.

Qualifications

• Education: Bachelor’s degree required; Master’s, or healthcare-related advanced degree preferred.
• Certification: Certification in Healthcare Compliance (CHC) or equivalent is highly desirable.
• Experience: 10+ years of experience in healthcare compliance. Past roles at healthtech/other highly regulated technology companies preferred.
• Skills: Deep knowledge of HIPAA/HITECH, False Claims Act, Anti-Kickback Statute, and CMS ODAG requirements. Strong ability to manage a remote, nationwide workforce.

Key Performance Indicators (KPIs)

• On-time completion of annual compliance training.
• Zero "Late" ODAG submissions.
• 100% accuracy in monthly OIG/GSA exclusion logs.
• Successful completion of external payer audits with no material findings.
• Effective management of Healthcare Compliance Dashboard.