Manager, RIsk Compliance

Job Title: Manager, Risk & Compliance

Reports To: Chief Operations Officer

Job Summary: The Risk & Compliance Manager oversees and manages the activities, projects, programs, and efforts of the organization-wide risk management and corporate compliance department. The Risk & Compliance Manager develops and maintains systems within the organization to detect, monitor, prevent, organize, measure, investigate, report, and manage corporate compliance, risk management, and HIPAA Privacy.

Qualifications and Requirements:

To perform this job successfully, an individual must be able to perform each essential job duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. This job description in no way implies that these are the only duties to be performed and may be modified, interpreted and/or applied in any way as necessary. Maintaining regular and punctual attendance is required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.

Essential Job Duties:

• Provides Risk and Compliance Management Leadership


• Supervises Risk Management and Compliance staff, to include hiring, training, evaluating, and conducting disciplinary actions and other personnel actions as required.


• Ensures organizational compliance with all applicable laws, rules, and regulations, and organizational policies and procedures.


• Mitigates legal risks by understanding current and proposed legislation, enforcing regulations, recommending new procedures, and complying with legal requirements.


• Evaluates areas of organizational risk based on internal assessment and external benchmarking and implements strategies and policies that promote patient and staff safety.


• Promotes a culture of accountability, safe reporting, and 'just culture' organization wide.


• Oversees risk and compliance management systems and reporting organization wide.


• Develops and monitors an occurrence reporting process including trending and reporting of results, identification of problem-prone areas, and facilitation of prevention initiatives.


• Directs the investigation of all potentially compensable events (preventable adverse events).


• Facilitates the review of serious occurrences requiring root-cause analysis or failure mode and effects analysis.


• Coordinates provider peer review in collaboration with the Chief Medical Officer.


• Meets regularly with leadership to provide detailed reports on all serious incidents, claims, and risk-related issues.


• Facilitates response to sentinel events and other serious occurrences in collaboration with clinical leadership.


• Conducts immediate/appropriate response to any serious occurrence/complaint representing actual or potential patient, visitor, or employee injury.


• Monitors Incident Reports and takes subsequent actions to ensure learning, compliance, and documentation.


• Analyzes all statistical reports, advisories and contracts that identify risk management and patient safety patterns and trends for leadership.


• Ensures compliance with Federal Tort Claims Act (FTCA) and HRSA requirements and leads FTCA annual submission.


• Coordinates processing of claims-related activities, to include claims investigation, and services as the claims point of contact.


• Ensures compliance, and proper reporting of violations or potential violations to the Office of Inspector General (OIG), Office of Civil Rights (OCR), Health Resources and Services Administration (HRSA), and Health Insurance Portability and Accountability Act (HIPAA) authorized agencies as appropriate and/or required.


• Serves as liaison to external regulatory agencies for purposes of patient and physician reporting, event investigation, and response.


• Creates, reviews and evaluates related policies and procedures and recommends revisions.


• Assists in the review and evaluation of contracts, agreements, MOU's.


• Actively participates in a variety of committees as appropriate.


• Annually evaluates risk management and patient safety program for improvement opportunities and develops regular risk management reports to the Board of Directors.

• Acts as CCHCI's HIPAA Privacy Officer


• Performs privacy risk assessments and related compliance monitoring initiatives.


• Ensures Covered Entity (CE) maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials that reflect the CE's policies and regulatory requirements.


• Manages, oversees, directs, and delivers privacy training, policies and procedures, and orientation to all employees.


• Establishes policies and procedures to track access to private Health Information (PHI) so that it can be reviewed during audits.


• Assists in implementing a process for receiving, documenting, tracking, investigating, and acting on all complaints concerning breaches in privacy policies and procedures.


• Ensures an annual Standard Risk Assessment (SRA) is completed either internally or by way of third party.


• Reports all PHI breaches to the OCR in accordance to HIPAA regulatory requirements.


• Works with employees involved in the release of PHI to ensure full coordination and cooperation under policies and procedures and federal HIPAA regulation.


• Maintains up to date knowledge of federal and state privacy laws and HIPAA regulation to ensure organizational compliance.


• Works with HIPAA security officer to ensure all federal regulatory requirements are followed and that CCHCI has developed and implemented policies and procedures that follow administrative, technical, and physician safeguards under OCR.

Required Education, Experience, Certificates & Licenses:

• Bachelor's degree required.


• At least 3 (three) years of progressively responsible risk and/or related experience in a health care setting, with preference for experience in a Federally Qualified Health Center (FQHC).


• Nationally-recognized risk management certification (i.e. CPHRM from the American Hospital Association) required within one year of hire. Other job-related certifications will be considered on a case-by-case basis.


• Any combination of education and/or experience that provides the necessary skills and sensitivity.


• Driver's License and Proof of Insurance may be required if requesting mileage reimbursement.

Preferred Qualifications:

• Master's Degree preferred.


• Five (5) years patient safety, risk and regulatory agency experience.

Required Language Skills:

• Ability to comprehend and compose instructions, correspondence and communications in English in both oral and written format.


• Ability to effectively present information in one-on-one and small group situations to patients, internal providers and staff and other agency staff working in cooperation with the organization.

Physical Requirements:

• Ability to occasionally exert enough force to move objects weighing up to 10 pounds.


• Ability to continuously remain in a stationary position.


• Ability to occasionally move about inside the work place to access files, office machinery, etc.


• Possesses hand-eye coordination and manual dexterity necessary to constantly operate computer, telephone, and other office machinery.


• Possesses close visual acuity necessary to accurately record and view information on a computer monitor, handwritten and typed documents.


• Ability to discern the nature of sounds at a normal spoken volume.

Other Required Knowledge, Skills, and Abilities:

• Ability to employ statistical / mathematical methods to collect and analyze data and develop solutions.


• Ability to create and interpret graphs.


• Ability to perform a variety of assignments and make decisions requiring considerable independent judgment.


• Displays sound and accurate judgment and ability to make timely decisions.


• Knowledge and understanding of all CCHCI policies and procedures.


• Knowledge of OSHA requirements in health care.


• Knowledge of licensing regulations.


• Knowledge of Up-to-date FQHC and Community Health Center (CHC) requirements.


• Computer literacy required with proficiency in use of all Microsoft Office programs. Knowledge of Electronic Health Records preferred.


• Ability to prioritize and plan work activities, use time efficiently and develop realistic action plans.


• Ability to employ motivational techniques to train and mentor staff.

Work Environment & Conditions:

• Work environment is usually typical of an administrative office setting with no substantial exposure to adverse environmental conditions.


• Occasionally, work environment is typical of a health clinic setting with occasional exposure to communicable diseases, bodily fluids and hazardous chemicals.


• Work requires reliable transportation as position requires occasional travel and extended hours to include early mornings, evenings, holidays and weekends.


• Work requires ability to be contacted by cell phone during or outside of regular work hours. Cell Phone stipend will be provided.