JOB FUNCTION: Director of Compliance
Reporting directly to the Chief Technology Officer, the Director of Compliance ensures that Kemberton is in compliance with industry regulations and company policies. In addition, the Director of Compliance develops, maintains and assures corporate adherence to Kemberton's policies and procedures covering confidential corporate information, protected health information, and personally identifiable information entrusted to Kemberton to ensure it remains private by our officers and employees.
- Acts as the liaison between Kemberton and all outside auditors with respect to SOC, HIPAA, HITRUST or similar audit activity related to compliance and privacy audits by third parties.
- Provides development guidance and assists in the identification, implementation, and maintenance of organization information privacy policies and procedures in coordination with Operations Management, Human Resources and the Training Department.
- Reviews company goals and corporate initiatives regarding privacy policies and procedures with management staff.
- Manages the company's Security Awareness Program.
- Coordinates with Kemberton's Legal Department to ensure that policies and procedures support and are in compliance with industry specific rules and regulations promulgated at the federal and state level.
- Coordinates and manages the annual review of Kemberton's policies and procedures and works with the Human Resources and Training Departments to inform Officers and employees of changes and updates.
- Conducts and directs the internal investigation of compliance issues.
- Conducts periodic internal reviews and audits to ensure that compliance procedures are being followed and recommends corrective action in the case of a deviation.
- Works with Operations Management in communications with clients as needed regarding privacy issues.
- Works with legal counsel, management, training, quality control, and other key departments to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current legal practices and requirements.
- Works with key departments to establish and administer a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization's privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel.
- Maintains current knowledge of applicable federal and state privacy laws and monitors changes in information privacy requirements to ensure organizational adaptation and compliance, including HITECH.
- Serves as information privacy consultant to the organization for all departments and appropriate entities.
- Works with IT and Operations Management to track identified HIPAA Breaches to ensure company protocol is followed.
- Demonstrates a complete understanding of corporate manuals, training information, policies, and procedures.
- Maintains the confidentiality of all patient, client and company information at all times.
- Attends quarterly meetings of Senior Management Team and other meetings as requested.
- Ensures that a designated member of the Legal Department is trained as the Privacy Officer back-up in the event the Corporate Privacy Officer is not available.
- Serves on various Disaster Recovery and/or Business Continuity Committees or Groups as needed.
- Performs other duties as assigned.
Consideration for the role of Director of Compliance requires all of the following:
- 5+ years experience with corporate HIPAA compliance, SOC and HITRUST audit compliance, document control procedures, and writing and managing effective policies and procedures
- Proven experience completing internal audits and correcting deviations
- Proven experience developing processes related to corporate privacy and security.
- Must communicate effectively at all levels inside and outside of the organization and express ideas and information clearly and concisely, in both verbal and written form.
- Must be accountable, organized, mature, and must conduct themselves professionally at all times.
- Must pass annual HIPAA examination. (Testing to be given annually as part of the employee review.)
Associated topics: benefit, benefit specialist, enrollment, hr, human resource, hunter, labor, recruiter, talent management, train