About the RoleThe Director of Compliance is responsible for designing, overseeing, and monitoring the effectiveness of Commure, Inc.'s corporate compliance program. This role is critical in promoting a culture of integrity and ensuring the company adheres to the complex web of laws, regulations, and standards governing the Health IT industry. This role will function as an independent and objective leader, reviewing and evaluating compliance issues throughout the organization. They will monitor systems and processes to ensure compliance with all applicable healthcare laws, data privacy regulations, and company policies, including the Code of Conduct.
The Director of Compliance will report directly to the Chief Legal Officer and dotted line to the Board of Directors (the Board), ensuring independence and authority. This role will serve as a key advisor to senior leadership and a resource for all employees, providing guidance on the company's ethical values and facilitating compliant and integral business operations.
What You'll DoThe key accountabilities include, but are not limited to, the following:
- Knows, understands, and champions Commure's mission, vision, and values through leadership behaviors, practices, and decisions.
- Chairs the Corporate Compliance Committee, ensuring regular meetings with appropriate cross-functional representation from Legal, Human Resources, Engineering, Product, Security, and Sales.
- Develops, implements, and maintains policies, procedures, and controls for the compliance program to prevent and detect illegal, unethical, or improper conduct, with a strong focus on Health IT-specific risks.
- Conducts regular, comprehensive risk assessments to identify potential areas of compliance vulnerability, including those related to HIPAA/HITECH, data security, the Anti-Kickback Statute, Stark Law, information blocking, and FDA regulations for Software as a Medical Device (SaMD).
- Develops, implements, and tracks corrective action plans to resolve compliance issues, providing guidance to prevent future occurrences.
- Establishes and executes an annual compliance work plan based on risk assessment results, including targeted auditing and monitoring activities.
- Develops and reports on key compliance metrics and data analytics to senior leadership and the Audit Committee of the Board, detecting potential fraud, waste, abuse, and other aberrant patterns.
- Directs and oversees the creation and delivery of effective compliance training and educational materials for all employees, executives, board members, and key vendors, focusing on the real-world application of compliance principles to Commure's business model.
- Manages and promotes effective lines of communication, including the company's compliance hotline, ensuring a safe and anonymous channel for reporting concerns.
- Monitors the performance and effectiveness of the compliance program on an ongoing basis and implements continuous improvements.
- Maintains expert knowledge of the evolving healthcare regulatory landscape and advises the company on the potential impact of new laws and regulations.
- Liaises with senior management to ensure a strong "tone at the top," integrate compliance activities into business operations, and evaluate the compliance-related performance of employees.
What You Have- Bachelor's degree required; Juris Doctorate (JD) or relevant Master's degree (e.g., MBA, MHA) is strongly preferred.
- Certification in Healthcare Compliance (CHC) or similar compliance certification is highly desirable.
- A minimum of 6-10 years of experience in a healthcare regulatory and compliance role, with experience in a leadership capacity, preferably within a Health IT, SaaS, or medical device company.
- Proven ability to develop and implement effective compliance policies, procedures, and training programs.
- Expert knowledge of the U.S. healthcare regulatory landscape, including deep expertise in HIPAA, HITECH, the Anti-Kickback Statute, and state/federal data privacy laws (e.g., CCPA/CPRA).
- Demonstrated experience with FDA regulations for digital health tools or Software as a Medical Device (SaMD) and ONC Cures Act Final Rule requirements (including information blocking and interoperability) is a significant plus.
- Exceptional leadership and management skills with the ability to motivate and influence others positively.
- Superior verbal and written communication skills, with the ability to articulate complex regulatory concepts to a variety of audiences.
- Strong interpersonal skills and the ability to build collaborative relationships across all levels of the organization.
- Excellent organizational and strategic planning skills.
- A deep commitment to fostering teamwork and continuous quality improvement.
- Analytical and strategic thinker with strong problem-solving capabilities.
- Ability to work effectively in a fast-paced, innovative tech environment.