Director, Compliance - Remote

Job Description:

Sharecare is a digital healthcare company that delivers software and tech-enabled services to stakeholders across the healthcare ecosystem to help improve care quality, drive better outcomes, and lower costs. Through its data-driven AI insights, evidence-based resources, and comprehensive platform – including benefits navigation, care management, home care resources, health information management, and more – Sharecare helps people easily and efficiently manage their healthcare and improve their well-being. Across its three business channels, Sharecare enables health plan sponsors, health systems and physician practices, and leading pharmaceutical brands to drive personalized and value-based care at scale. To learn more, visit www.sharecare.com.

Job Summary:

This position supports the Chief Privacy Officer in setting privacy strategy and enterprise risk posture, including monitoring emerging state and federal regulations that directly affect the organization. The Director, HIPAA Compliance owns operational execution of privacy and Release of Information (ROI) compliance across assigned portfolios, regions, or client segments, and serves as an external-facing leader with clients, auditors, and regulators. This role interprets HIPAA, state medical record laws, and client contracts and operationalizes requirements into Sharecare ROI policies, SOPs, training materials, and quality controls. The Director ensures compliance considerations are embedded into implementations, product adoption, renewals, and expansions while balancing regulatory risk, client experience, and operational scalability.

****Travel: Candidates must be comfortable with approximately 30% domestic travel.

Essential Functions:

• Owns operational execution of privacy and ROI compliance across assigned portfolios, regions, or client segments.
• Supports the Chief Privacy Officer in setting privacy strategy and assessing risk, including potential state and/or federal regulations that directly affect the organization.
• Interprets HIPAA, state medical record laws, and client contract requirements and operationalizes them into Sharecare ROI policies, SOPs, training materials, and quality controls.
• Ensures consistent application of request processing standards, including authorizations, TAT requirements, disclosure limitations, and fee rules.
• Ensures Sharecare policies and procedures regarding Release of Information (ROI) are accurately maintained, organized, and updated when changes are required, and ensures updates are completed in a timely manner.
• Leads and supports internal audits, client audits, and regulatory inquiries (e.g., OCR investigations, client compliance reviews), including development of audit response strategy, documentation, and corrective actions.
• Exercises broad discretion in compliance decisions affecting multiple clients, teams, or regions; escalates enterprise risks as appropriate to the Chief Privacy Officer.
• Leads root-cause analysis for audit findings, client escalations, and compliance incidents and drives sustainable remediation plans to closure.
• Oversees the investigation and documentation of all privacy and security incidents and ensures required reporting is completed in accordance with applicable requirements.
• Along with the Security Department, conducts audits of security and privacy systems to ensure compliance with governing laws and regulations including, but not limited to, HIPAA, HITECH, and Omnibus as they pertain to Sharecare’s role as a Business Associate.
• Partners closely with Legal, Compliance, Security, Product, Operations, Sales, and Client Success leadership to align operational practices with compliance and business objectives.
• Ensures compliance requirements and quality controls are embedded in implementations, integrations, product adoption, renewals, and expansions.
• Serves as a senior escalation point and participates in escalated compliance discussions with clients, including sensitive disclosures and multi-state compliance scenarios.
• Maintains strong relationships with HIM leaders and enterprise stakeholders; supports client trust, renewal outcomes, and long-term business performance through consistent compliance execution.
• Manages experienced professionals and/or subordinate analysts and is accountable for compliance outcomes across assigned client portfolios.
• Oversees and partners with Learning and Development on all required training for Sharecare personnel including annual HIPAA training, biannual CRIS certification (if applicable), onboarding training, and policy/procedure training regarding privacy and security.
• Acts as a resource to answer compliance questions/issues from Sharecare field staff and operational leaders.
• Actively participates in local Health Information Association and/or other similar organizations.
• Conducts seminars/webinars for clients and potential clients regarding topics such as HIPAA, HITECH, internal auditing, ROI compliance, and operational privacy best practices.
• Manages assigned audit and compliance programs across Sharecare and joins project teams as required.
• Writes internal training briefs and operational guidance on privacy and compliance topics.

Qualifications:

• Bachelor’s degree required; Master’s degree preferred; or equivalent experience.
• Typically requires 8–10+ years of ROI operations, privacy, compliance, and/or client success experience, including leadership responsibility.
• Privacy credentials such as RHIA, CHPS, CHPC or equivalent preferred.
• Must have experience with or expertise in the following:
  • HIPAA / HITECH / Omnibus Final Rule.
  • Office for Civil Rights guidance and processes; regulatory inquiry and audit response.
    Federal ROI requirements and state medical record/privacy laws and fee rules, including multi-state operational implications.
  • Operationalizing privacy requirements into policies, SOPs, training, and quality controls at scale.
  • Leading internal/client audits, root-cause analysis, corrective action planning, and sustainable remediation.
  • Incident investigation, documentation, and cross-functional breach/incident response partnership with Security and Legal.
• Cross-functional leadership with Product, Operations, Legal, Security, Sales, and Client Success; ability to embed compliance into implementations, product adoption, renewals, and expansions.
• Strong executive presence and client-facing capability, including participation in escalated discussions with clients and (as needed) regulators.
• Excellent written and verbal communication skills.
• Ability to prepare, submit, and conduct presentations for employees and/or clients.
• Well-versed in current EHR technology usage with hands-on experience with systems such as Epic, Allscripts, Cerner, NextGen or similar (preferred).
• Proven ability to write comprehensive policy and procedure documents.
  Capacity to interact successfully with all levels of the organization.
• Excellent Microsoft Office skills.

HIPPA/ Compliance:

• Maintain privacy of all patient, employee and volunteer information and access such information only on a need-to-know basis for business purposes.
• Comply with all regulations regarding corporate integrity and security obligations.
• Report unethical, fraudulent, or unlawful behavior or activity.
• Maintain current and yearly HIPAA certification.

Sharecare and its subsidiaries are Equal Opportunity Employers and E-Verify users. Qualified applicants will receive consideration for employment without regard to race, color, sex, national origin, sexual orientation, gender identity, religion, age, equal pay, disability, genetic information, protected veteran status, or other status protected under applicable law.