Position Description: Chief Compliance Officer (CCO)
The Chief Compliance Officer (CCO) is appointed by, and serves at the pleasure of, the corporate Compliance Committee. The CCO must be an individual in a high-level position within PRI and who has a substantial role in making PRI policies and ensuring compliance of said policies. The CCO will assume the managerial and administrative tasks involved in maintaining the Corporate Compliance Plan and its varied subparts, including monitoring and auditing and shall continue to act as CCO until such time as he or she is replaced by another appointee of the Compliance Committee. The CCO shall at all times have direct access to the CEO and, collectively or individually, the Board of Directors of the corporation.
Responsibilities:
- Understand and represent PRITM?s mission, vision, and values to all internal and external customers
- Engage clients in appropriate communication that manages client expectations and builds a collaborative relationship with the client
- Interact with government and private sector clients, partners, and PRITM staff in a professional and accountable manner, and as a representative of PRITM management
- Instills integrity throughout the organization via active participation in ISO requirements including but not limited to timely submission of Corrective Action Plans for all matters in which either PRITM standards and/or corporate contract standards have not been met. Communicating outcomes to team members to ensure a positive, open, environment which mitigates risk and achieves a culture of Continuous Quality Improvement
- Contribute to business development efforts for new sales and marketing to promote the business, including responses to requests for quotes, sources sought, proposals, and/or presentations as requested
- Primarily responsible for annual risk assessments for the corporation and report deficiencies in, and recommendations for improving, current policies, procedures and processes.
- Responsible for oversight of contract compliance, corporate policy compliance and PRITM accreditations such as but not limited to: ISO Registration and URAC certification.
- Conduct periodic, ongoing monitoring, audits, or reviews of corporate adherence to all relevant policies and procedures, both corporate and governmental
- Conduct risk assessment of Virtual Office policy adherence.
- Develop policies and procedures for business associates where Privacy and Protected Health Information (PHI) or Personally Identifiable Information (PII), or other sensitive corporate-or client-centered knowledge, could be jeopardized whether within the corporation or between the corporation and business associates.
- Ensure compliance of annual training requirements for all current employees and business associates on matters pertaining to Privacy, Ethics, HIPAA Awareness, HIPAA Security, Virtual Office policies, the CMS Program Integrity Manual or other
- authoritative federal agency requirements Conflicts of Interest, Financial Disclosure, and other relevant regulatory policies and procedures
- Ensure that any PHI/PII, such that may be in possession of the corporation from time to time, shall not be released to unauthorized individuals without valid consents and/or legal authority prior to any such disclosure. The CCO shall resolve differences between multiple consents/authorizations, if necessary. Oversee totality of all corporate effort to protect the confidentiality of such PHI at all times
- The CCO may engage outside counsel, as necessary for risk assessment of privacy and security and/or compliance related matters.
- Provide for secure storage of any PHI/PII such that it is compartmentalized and access-controlled apart from other corporate records.
- Investigate, resolve and document any reported, noted, or suspected violations of privacy of PHI/PII, and file reports with DHHS or other federal agency as may be necessary and cooperate with such authority in further review of such violation.
- Maintain current knowledge of federal and state privacy laws; monitor advancements in information privacy technologies to ensure practice adaptation and compliance
- Develop and continually improve compliance policies and standards.
- Oversee/monitor implementation of all compliance activities including oversight of Corrective Action Plans (CAPS) as required whether the CAP is required for internal or external compliance.
- Provides monitoring of CAP compliance through resolution and implementation.
- Carry out corrective actions with approval of the compliance committee, or, when needed, the approval of the CEO and/or Board of Directors
- Assist leadership in developing methods for reducing the corporate vulnerability to fraud, abuse, and waste, privacy violations, data corruption, or other intrusion into corporate compliance.
- Periodically revise the Plan in draft to reflect changes in practice, or in the law and policies of government and private health plans.
- Responsible for conducting Compliance Committee meetings/activities to review, approve and adopt any and all modifications to corporate policies/plans.
- Report on a regular basis to corporate executive management, compliance committee, and, as necessary, the Board of Directors, on policy implementation progress and compliance related activities and outcomes including risk analysis and mitigation.
- Develop, coordinate and/or conduct educational activities in conjunction with the Marketing, Education and Outreach division and other methods of communication that focus on the elements of the compliance program and the specific risk areas identified in the Plan (e.g., training modules, seminars, disseminate educational materials)
- Leverages PRITM?s best practices for change management as outlined within the communications guides such as: announcement of policy changes, etc. within the Newsflash and manual updates being distributed and posted in accordance with the Quality Management System Manual.
- Ensure that all employees, inclusive of all management, have read the Plan and have executed a statement of such relevant to federal and state standards
- Ensure that independent contractors and other agents of the corporation are aware of, and comply with, the components of the Plan, particularly as may relate to assigned tasks or work orders
- Assist corporate management responsible for personnel decisions to ensure that appropriate due diligence is conducted for all potential and/or new employees and independent contractors, including drug screening when applicable or indicated, if needed.
- Develop policies and programs that encourage reporting of suspected fraud and other improprieties without fear of retaliation, utilizing appropriate fraud reporting mechanisms
- Responsible for monitoring the compliance reporting mechanisms such as email, phone, etc. and documenting compliance related activity including outcomes (compliance logs).
- Independently investigate compliance problems and bring them to the attention of compliance committee or executive management for appropriate response
- Adhere to federal, state, and local laws and regulations as well as conditions of participation for healthcare programs as expected of all members of the Provider Resources team
- Advise compliance committee of new or emerging compliance issues or related information
- May interview and evaluate employee candidates as requested by the CEO or Human Resources Manager, conduct due diligence checks of potential employees, conduct and/or evaluate background investigations of employees and any relevant screening for illegal substances
- Position chairs the Compliance Committee, establishes meetings, agendas and responsible for discussions, outcomes and minutes.
- As a subcommittee of the Compliance Committee, the position provides governance of the Security Committee.
- Maintains a project plan for cyclical compliance related activities.
- Perform other duties as requested