Job Description
Job Title: COMPLIANCE MANAGER Location: Ossining, NY Salary: $108,312.00 per year Schedule: Monday – Thursday, 8:00am – 5:15pm or Monday – Friday, 8:30am – 4:00pm Job Description The Compliance Manager serves as the Compliance Officer and Privacy Officer and reports to the Chief Operations Officer and the General Council for international and national programs. This position is responsible for developing, implementing, and overseeing the organization's compliance and privacy program to ensure compliance with the global General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and applicable State regulations, as well as the Office of Inspector General (OIG) Seven Elements of an Effective Compliance Program. This role serves as the primary point of contact for all compliance and privacy related matters, including patient rights, workforce training, policy enforcement, breach response, and related investigations, and internal auditing and monitoring. The Compliance Manager ensures that protected health information (PHI) is used and disclosed in accordance with global, federal and state regulations, maintains the facility’s Notice of Privacy Practices, policies and procedures and fosters a culture of confidentiality and compliance throughout the organization. The Compliance Manger leads the organization's privacy program, ensuring full compliance with the global GDPR, the HIPAA Privacy Rule (45?CFR?Parts?160 & 164), Title 10 of the New York Code of Rules and Regulations (NYCRR), the New York Stop Hacks and Improve Electronic Data (SHIELD Act) as well as any new global or national legislative requirements and/or new regulations. This role safeguards the confidentiality, integrity, and availability of PHI and regulated health information while fostering organizational compliance. The Compliance Manager oversees the compliance and privacy program across multiple locations including internationally and nationally, functioning as an independent and objective body that reviews and evaluates compliance and privacy issues/concerns within the organization. The Compliance Manager ensures the General Council, leadership, Society Members in administrative roles, and employees are in compliance with the global, federal and state rules, that the organization's policies and procedures are being followed, and that behavior in the organization meets the organization's Code of Conduct. The Compliance Manager oversees all internal audit and administrative functions related to the compliance and privacy program. The Compliance Manager shall be responsible for the overall development and implementation of the organization's compliance and privacy program in multiple states and internationally. Additional responsibilities will include meeting the requirements of the General Council. Qualifications Bachelor’s degree in Health Administration, Legal Studies, Compliance, or related field (Master’s or JD preferred). Minimum 5-7 years of experience in healthcare privacy or compliance, preferably in a long-term care or other health care setting. In-depth knowledge of the OIG Seven Elements of an Effective Compliance Program, global GDPR, HIPAA Privacy Rule and State regulatory and privacy laws. Strong analytical, communication, and problem-solving skills. Ability to maintain confidentiality and exercise sound judgment. Expertise in PHI lifecycle and permissible disclosures. Ability to interpret and apply complex regulations. Skilled in breach response and regulatory reporting. Strong training and policy development capabilities. Certified in Healthcare Compliance (CHC) and/or Certified in Healthcare Privacy. Compliance (CHPC) or ability to become certified within first six months of hire. Proficiency in Microsoft Office, including advanced skills in Microsoft Excel for data tracking, analysis, and reporting. Familiarity with enterprise (ERP) systems and document/workflow management platforms (e.g., Microsoft SharePoint) and the ability to assess data flows and access to sensitive information. Experience with electronic health record systems (EHR/EMR) and an understanding of how protected health information (PHI) is created, maintained, and accessed. Familiarity with compliance, audit, or incident tracking systems in a plus.