The Compliance and Privacy Official is responsible for providing strategic direction and oversight for the organization's corporate compliance and privacy programs, ensuring alignment with evolving healthcare regulations, industry standards, and internal policies. As a key advisor to executive leadership, the Board of Directors, and governance committees, the role fosters a culture of ethics, accountability, and transparency across the enterprise.
The Compliance and Privacy Official leads a team of compliance and privacy professionals, driving continuous improvement and operational excellence. This role is critical for risk mitigation, regulatory readiness, and the development of policies and practices that safeguard patient and organizational data.
Responsibilities include but are not limited to:
- Privacy Program Leadership
- Oversee the organization’s Privacy Program, including HIPAA and GDPR compliance.
- Lead cross-functional efforts to investigate and resolve privacy incidents.
- Corporate Compliance Oversight
- Manage the Compliance and Ethics Program, including the Code of Business Conduct and annual reporting to leadership and the Board.
- Address compliance issues in collaboration with internal stakeholders.
- Government Programs Compliance
- Serve as the subject matter expert for Medicare Part D and other government program compliance.
- Chair the MPDP Compliance Committee and report findings to senior leadership.
- Team Leadership
- Lead and develop a high-performing compliance and privacy team, fostering professional growth and a positive, inclusive work environment.
- Systemwide Engagement
- Promote best practices and coordinate incident response efforts across the system.
- Training & Education
- Oversee compliance and ethics training programs for Blue Plan Compliance leaders.
Required Education, Certifications and Experience:
Education:
- Required Bachelor's Degree or equivalent work experience
- Preferred Master's Degree in Law; Business Administration; or equivalents
Experience:
- 12+ Years Experience in the healthcare industry with demonstrated knowledge of regulatory, privacy (HIPAA), and compliance and ethics issues Required
Knowledge Skills and Abilities:
- Proven ability to lead teams, drive organizational change, and influence cross-functional initiatives in complex environments.
- Deep understanding of healthcare compliance, privacy program administration, and data security technologies, including HIPAA and GDPR.
- Strong capability to assess regulatory and operational risks and develop effective mitigation strategies.
- Excellent analytical skills with sound business judgment, creativity, and initiative to solve complex problems.
- Advanced interpersonal and communication skills, including experience facilitating training and presenting to executive leadership and governance bodies.
- Ability to build and maintain credible relationships with internal and external stakeholders, including senior executives and board members.
- Skilled in strategic project planning and execution, with the ability to remain composed and tactful under pressure.
- Competent in Microsoft Office applications and other relevant compliance and privacy tools.
Understanding of data security technologies and privacy program administration
Certifications & Licenses:
- Preferred: Licensed Attorney (varies by state) - Various
- Preferred: Professional, Academy for Health Care Management (PAHM) - AHIP
- Preferred: Certified Information Privacy Professional (CIPP) - IAPP
Additional Information:
- Minimum twelve years' experience in the healthcare business arena with demonstrated knowledge of current regulatory and compliance and ethics issues, including knowledge of and experience working with Centers for Medicare and Medicaid Services/Medicare compliance requirements.
- Experience managing privacy programs subject to healthcare laws and regulations, including HIPAA
- Must have at least one year of experience managing privacy programs subject to healthcare laws and regulations, and a proven track record of leading and implementing regulatory compliance initiatives.
- Direct experience with CMS/Medicare compliance requirements is required.
- Proven record in leading and implementing regulatory compliance programs
#LI_HYBRID
The posted salary range is the lowest to highest salary we, in good faith, believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the hiring range and this hiring range may also be modified in the future. A candidate’s position within the hiring range may be based on several factors including, but not limited to, specific competencies, relevant education, qualifications, certifications, relevant experience, skills, seniority, performance, shift, travel requirements, and business or organizational needs. This job is also eligible for annual bonus incentive pay.
We offer a comprehensive package of benefits including paid time off, 11 holidays, medical/dental/vision insurance, generous 401(k) matching, lifestyle spending account and many other benefits to eligible employees.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.
Top Skills
What We Do
Blue Cross Blue Shield Association is a national federation of 34 independent, community-based and locally operated Blue Cross and Blue Shield companies that collectively provide health care coverage for one in three Americans. BCBSA provides health care insights through The Health of America Report series and the national BCBS Health Index.
