Chief Compliance and Privacy Officer

As a company our “North Star” is our unwavering focus on delivering patient-centered care , ensuring better outcomes for those we serve.

Job Summary

The Chief Compliance and Privacy Officer (CCO/PO) is responsible for developing, implementing, and maintaining an effective compliance and privacy program to ensure that Revere Medical adheres to all relevant federal and state laws, regulations, and internal policies. The CCO/PO will serve as a key leader in identifying, preventing, and resolving compliance and privacy issues, ensuring the organization's operations are consistent with federal, state, and local regulations, including Anti-Kickback Statute, Physician Self-Referral Law (Stark) fraud and abuse laws, HIPAA Privacy, HITECH and healthcare compliance and privacy program best practices. This position requires strategic leadership, a thorough understanding of healthcare and privacy regulations, and a commitment to promoting a culture of compliance within the organization.

Key Responsibilities

• Leadership and Strategic Oversight
• Lead the strategic development, implementation, and continuous improvement of the organization’s comprehensive compliance and privacy program, aligning with organizational goals and regulatory requirements.
• Collaborate with senior leadership, legal, and operations teams to ensure compliance strategies are integrated into business operations and decision-making.
• Chair the Compliance Committee, leading a review of data and metrics to determine risk areas and work plan initiatives.
• Report on the status of compliance and privacy initiatives, key risks, audits, investigations, and regulatory changes.
• Oversee and manage the compliance team, ensuring effective collaboration, performance, and alignment with the organization’s compliance goals and objectives.
• Regulatory Compliance and Policy Development
• Establish, review, revise, and provide education on written compliance and privacy policies, procedures, and standards of conduct to address regulatory requirements, industry best practices and the organization’s specific needs.
• Ensure the organization maintains compliance with applicable federal, state, and local regulations, including but not limited to Centers for Medicare and Medicaid Services (CMS), Office of Inspector General (OIG), Department of Justice (DOJ) and Department of Health and Human Services (DHHS).
• Establish and manage systems for auditing, monitoring, reporting, and investigating compliance and privacy violations, ensuring timely and accurate reports to regulatory authorities where necessary.
• Interpret and communicate complex regulatory requirements to leadership and various departments, providing clear guidance on compliance obligations and responsibilities.
• Ensuring the Accountable Care Organization’s (ACO) continued eligibility for participation in Medicare Shared Savings Programs (MSSP) and other government programs.
• Training and Education
• Manage, review and update, as necessary, the organization’s compliance training program for all employees, contractors, and third-party vendors to ensure awareness of relevant regulations, policies, and the organization’s commitment to ethical practices.
• Oversee and enhance the organization’s privacy training program to ensure all employees are aware of their responsibility to protect patient information and comply with applicable laws.
• Risk Management and Monitoring
• Conduct regular and in-depth risk assessments to identify emerging compliance and privacy issues, vulnerabilities, and areas of concern, proposing solutions to mitigate risks.
• Develop compliance and privacy work plans based on identified risks to the organization.
• Internal Controls, Auditing and Monitoring
• Develop, implement, and maintain a robust system of internal controls and effective monitoring tools to detect, prevent, and correct compliance and privacy deficiencies while ensuring operational accountability.
• Oversee the execution of internal audits, ensuring alignment with regulatory standards and organizational policies. Ensure timely and comprehensive corrective action plans based on findings.
• Manage the preparation and submission of all required compliance-related reports, including annual compliance program reports, audit findings, and regulatory filings.
• Investigations, Corrective Actions and Breach Management
• Oversee the identification, investigation, and management of compliance and privacy incidents or breaches, ensuring timely responses and reporting as required by applicable law.
• Conduct thorough root cause analyses to identify trends or patterns of noncompliance and recommend as well as implement corrective actions to prevent the recurrence of similar incidents or breaches.
• Act as the primary point of contact for regulatory bodies, including CMS, OIG, OCR, state health agencies, and accreditation organizations, ensuring the organization is prepared for audits and regulatory inspections.
  
  

Education

Required Qualifications and Experience:

• Bachelor’s degree in Business Administration, Healthcare Administration, Law, or a related field or equivalent experience (required).
• Master’s degree in Healthcare Administration (MHA), Public Health (MPH), Juris Doctor (JD), or other advanced degree preferred.
  
  

Experience

• Minimum of seven years of professional experience in healthcare compliance or a related field, with at least five years in a leadership or executive role.
• Knowledge of value base care organization structures and eligibility requirements.
• Proven expertise in healthcare compliance regulations, including Stark Law, Anti-Kickback Statute, Fraud, Waste and Abuse laws and other federal/state regulations.
• Deep understanding of healthcare laws, regulations, and compliance frameworks.
• In-depth knowledge and experience with healthcare privacy laws, including HIPAA, HITECH, and state-specific privacy regulations.
• Significant experience in developing and implementing compliance and privacy programs, training, risk assessments, audits, investigations, and policy development within a healthcare setting.
• Experience managing large-scale compliance teams, including training, mentoring, and ensuring accountability across multiple departments.
• Strong leadership skills, with the ability to influence and drive change across all levels of the organization.
  
  

Certifications

• Certified in Healthcare Compliance (CHC) and Certified in Healthcare Privacy Compliance (CHPC) or ability to obtain certifications within one year of employment is required.
• Additional certifications in healthcare privacy, data security or information management are preferred.
  
  

Skills

• Ability to analyze complex regulatory requirements and translate them into actionable policies and procedures.
• Knowledge of emerging privacy risks, trends, and technologies affecting healthcare organizations, including cybersecurity threats, data breaches, and cloud computing.
• Excellent communication skills, both written and verbal, with the ability to interact with all levels of staff, leadership, and regulatory bodies.
• Strong project management skills, with the ability to prioritize and manage multiple projects effectively.
• Detail-oriented with a strong focus on data-driven decision-making and risk mitigation.
  
  

Travel

Up to 10 % local and national travel is required for this role. Remote position with occasional travel to various Revere Medical locations (currently located in AZ, FL, MA, NH, TN and TX).