Compliance and Privacy Director

About us

LifeMD is a leading digital healthcare company committed to expanding access to virtual care pharmacy services and diagnostics by making them more affordable and convenient for on both treatment and prevention our unique care model is designed to optimize the patient experience and improve outcomes across more than 200 health concerns.

To support our expanding patient base LifeMD leverages a vertically-integrated proprietary digital care platform a 50-state affiliated medical group a 22500-square-foot affiliated pharmacy and a U.S.-based patient care company with offices in New York City; Greenville SC; and Huntington Beach CA is powered by a dynamic team of passionate professionals. From clinicians and technologists to creatives and analysts were united by a shared mission to revolutionize enjoy a collaborative and inclusive work environment hybrid work culture and numerous opportunities for growth. Want your work to matter Join us in building a future of accessible innovative and compassionate care.

About the role

The Compliance and Privacy Director is a key member of the LifeMD Compliance team responsible for developing implementing and administering compliance program requirements. Core areas of focus include HIPAA privacy incident response workforce training policy and procedure management and the seven elements of an effective compliance program. This role requires a hands-on professional with significant experience at a mid-size to large healthcare organization. Digital health experience is preferred. The position reports directly to the Chief Compliance Officer.

The Director will lead efforts to enhance and sustain an effective compliance program requiring expertise in HIPAA OIG compliance program requirements data governance and compliance with federal Fraud and Abuse regulations including the Stark Law and Anti-Kickback Statute. This role works closely with Information Security Technology Legal Operations and other business stakeholders. The successful candidate will combine traditional healthcare experience with the ability to navigate a growth-stage digital health environment demonstrating the ability to adapt compliance controls to evolving regulatory issues and shifting business operations.

Essential Job Functions

• Develop and implement compliance initiatives with a focus on HIPAA and data governance partnering with Security Technology Legal Operations and other teams to manage project priorities deadlines and deliverables.
• Identify gaps in compliance policy implementation across business units and regions and collaborate with stakeholders to remediate.
• Monitor federal and state regulatory developments relevant to LifeMDs business.
• Draft revise and administer policies procedures and guidelines to ensure operational compliance with applicable laws and regulations.
• Manage the companys HIPAA breach assessment and notification processes including responses to affected individuals and external agency investigations corrective action plans and remediation.
• Oversee internal compliance reviews and audits including Business Associate Agreement (BAA) controls medical record access audits and similar activities.
• Manage payer contract compliance requirements related to data controls third-party vendor audits and offshore access to protected health information.
• Collaborate with Procurement IT and Security on the review and negotiation of BAAs data protection addenda and related documents.
• Lead and participate in risk assessments gap analyses corrective action plans and other compliance audits.
• Manage compliance investigations and complaint resolution in collaboration with internal leaders and outside counsel as appropriate.
• Prepare compliance tracking reportscovering data incidents customer complaints and business practicesto identify process improvement opportunities.
• Develop and oversee employee compliance training with an emphasis on HIPAA fraud and abuse and topical issues of particular relevance to the business.
• Maintain current knowledge of applicable regulations and serve as a subject matter expert to the organization on related compliance requirements. .
• Assist with ensuring clinical processes and revenue collection align with federal Fraud and Abuse laws including the False Claims Act Anti-Kickback Statute Stark Law and comparable state laws.
• Manage the companys compliance newsletter to keep employees informed on key compliance developments.
• Collaborate with the Chief Compliance Officer on the development and enhancement of the companys AI Governance program.

• Minimum eight years of healthcare compliance experience with demonstrated expertise in HIPAA compliance and OIG compliance program guidance.
• Proven ability to proactively identify and manage risk and to develop internal controls through cross-functional collaboration.
• Sound risk-based judgment enabling compliance efforts and resources to be focused where they matter most.
• Strong working knowledge of federal and state healthcare laws regulations and compliance standards including HIPAA and OIG compliance program requirements.
• Experience managing compliance with federal healthcare Fraud and Abuse laws including the False Claims Act Anti-Kickback Statute and Stark Law.
• Experience coordinating compliance efforts across multiple departments.
• Experience developing and revising key compliance program documents including compliance manuals policies and procedures work plan materials training materials committee agenda materials and compliance alerts.
• Bachelors degree.
• Strong project management skills with the ability to meet deadlines prioritize work and manage multiple concurrent initiatives.
• Excellent written and verbal communication skills with the ability to engage effectively with both technical and non-technical audiences.
• In-depth understanding of privacy principles policies and technologies including familiarity with privacy control frameworks.

Preferred Qualifications

• Experience in a managed care setting and/or with Medicare compliance requirements.
• Advanced degree or healthcare compliance certification such as CHC CPCO CHPC; IAPP certification such as CIPP or CIPM a plus.
• Digital health or telemedicine company experience.

• Health Care Plan (Medical Dental & Vision)

• Retirement Plan (Roth 401k)
• Life Insurance (Basic Voluntary & AD&D)
• Flexible PTO Policy
• Paid Holidays
• Short Term Disability
• Training & Development

Required Experience:

Director