Director of Compliance and Risk Management

DIRECTOR COMPLIANCE & RISK MGT Position Summary The Director, Compliance & Risk Management is a senior leadership role responsible for the day-to-day operation, execution, and continuous improvement of ADCS's enterprise-wide compliance and risk management program. Reporting directly to the General Counsel & Chief Compliance Officer, this role will lead a mature compliance infrastructure supporting a large, multi-state dermatology physician practice with approximately 400 providers and more than 150 clinic locations. The Director will oversee the following compliance related functions: auditing and monitoring,  investigations, regulatory and educational training, location site assessments, risk register maintenance, annual Compliance Work Plan execution, committee reporting, policy management, patient discharge oversight, and insurance/risk management coordination. The role requires strategic judgment,  operational discipline, and highly effective communication skills, and will have regular interaction with executive leadership, clinical leadership, the Compliance Committee, the Audit & Compliance Committee, and the Board of Directors. Role Opportunity. This position offers the opportunity to lead and further strengthen an established, high-performing healthcare compliance function. The successful candidate will inherit a formal compliance program with mature governance, strong executive visibility, structured audit and training processes, enterprise risk tracking, and a clear mandate to support ethical, accurate, and compliant operations across the practice. Key Responsibilities Enterprise Compliance Program Operations Lead the day-to-day implementation, operation, and continuous improvement of the enterprise compliance and risk management program under the oversight of the GC & CCO. Ensure consistent implementation and operationalization of up to date compliance policies, procedures, and standards across clinical, operational, administrative, and revenue cycle functions. Serve as the primary operational escalation point for complex, sensitive, or high-risk compliance matters. Monitor daily compliance activities to identify emerging risks, recurring trends, and urgent matters requiring leadership attention. Provide practical compliance guidance to leaders, department managers, clinicians, and staff regarding regulatory obligations, Company policies, and compliance expectations. Governance, Committees & Board Reporting Support Chair, prepare agendas, dashboards, minutes, action-item trackers, executive summaries, and presentation materials for the monthly Compliance Committee meeting. Support the GC & CCO in preparing and presenting quarterly Audit & Compliance Committee materials and annual Board compliance reporting. Prepare and, as requested, present compliance updates, investigation summaries, risk trends, Work Plan status, and mitigation recommendations to executive leadership and governance committees. Ensure timely follow-up and tracking of Compliance Committee, Audit & Compliance Committee, and Board action items. Promote a transparent governance structure in which compliance issues are reported, tracked, remediated, and escalated appropriately. Plan, prepare and chair monthly compliance department meetings with the GC&CCO, Quality Manager, Audit Manager, Legal Department Paralegal, Compliance Coding Auditors, and Medical Records. Attend and participate in the monthly Revenue Integrity Committee meetings. Risk Assessment, Risk Register & Annual Compliance Work Plan Lead the annual compliance risk assessment process, including structured meetings with business departments to identify regulatory, operational, clinical, billing, documentation, privacy, patient safety, reputational, and enterprise-wide risks. Maintain, audit, and further develop the Compliance Risk Register, including risk identification, scoring, ownership assignment, mitigation planning, and closure tracking. Develop, manage, and execute the annual Compliance Work Plan, ensuring alignment with OIG compliance program guidance, enterprise-wide risk priorities, prior-year findings, audits, investigations, and regulatory developments. Review open Work Plan items regularly, assess progress, identify barriers, adjust timelines, and coordinate with responsible departments to drive targeted completion thresholds. Analyze recurring risks and emerging health care compliance trends to inform strategic compliance priorities and resource allocation. Clinical Auditing, Monitoring & Revenue Integrity Oversee clinical auditing and monitoring activities, including clinician documentation and coding reviews, provider scorecards, probe audits, corrective action plans, and follow-up education. Partner with the Audit Manager, Compliance Coding Auditors, Revenue Cycle, Legal, Clinical Operations, and Coding Education to identify and address documentation, coding, billing, and medical necessity risks. Ensure audit activity addresses both compliance risk and revenue integrity, including upcoding, downcoding, insufficient documentation, modifier usage, incident-to concerns, payer requirements, and identified CMS risk areas. Coordinate or support overpayment analysis, disclosures, refunds, and remediation when indicated. Use audit findings to identify education opportunities, policy gaps, recurring provider issues, or operational barriers requiring corrective action. MIPS/MACRA and Quality Reporting Compliance Oversee compliance support for MIPS/MACRA documentation, reporting, audit, and education functions. Work with the Quality Manager to monitor provider-level and State professional corporation-level performance, support accurate submissions, and help maintain the highest achievable CMS reimbursement levels. Ensure providers and teams with identified MIPS/MACRA documentation gaps receive timely education, follow-up, and corrective action support. Escalate broader documentation or coding concerns identified through MIPS/MACRA audits to the Audit Manager or Director of Coding & Education as appropriate. Use MIPS/MACRA results and documentation trends to inform training, auditing, and Work Plan priorities. Clinic Compliance Assessments & Corrective Action Plans Oversee the Company’s customized iAuditor/SafetyCulture clinic assessment program, including weekly and monthly operational mini-audits and comprehensive Compliance Department assessments at each clinic location at least once every two years. Ensure clinic assessments evaluate applicable operational, documentation, HIPAA, OSHA, CLIA, medication management, office posting, safety, and Company policy requirements. Review deficiency reports, corrective action plans, reassessments, and recurring trends to ensure issues are corrected and closure is documented. Coordinate with operational leadership to address barriers to remediation and reinforce accountability at the site level. Report location assessment performance, systemic deficiencies, and remediation outcomes through the Compliance Committee, Audit and Compliance Committee and other appropriate governance channels. Investigations, Hotline & Issue Management Oversee and/or conduct internal compliance investigations, including matters involving complex facts, multi-day reviews, privacy concerns, documentation issues, patient complaints, billing concerns, or alleged policy violations. Ensure investigative steps, witness interviews, document reviews, findings, conclusions, and corrective actions are appropriately documented and performed at the direction of the GC&CCO. Coordinate with Legal, Human Resources, Clinical, Quality, Revenue Cycle, IT, and Operations teams as needed. Monitor hotline reports and other compliance communications through resolution, ensuring timely follow-up and appropriate remediation. Identify patterns across investigations and use findings to inform training, policy updates, audits, and risk mitigation efforts. Training, Code of Conduct & Compliance Alerts Oversee the annual compliance education strategy, including Medicare/Medicaid Fraud, Waste and Abuse, HIPAA privacy and security, OSHA, and dermatology-specific compliance modules. Monitor completion of mandatory training for all employees, clinicians, and executive leadership, and ensure appropriate escalation for non-compliance. Support annual Code of Conduct review, update, dissemination, and employee attestation through the Learning Management System. Develop and distribute Compliance Alerts and targeted communications when changes in law, regulation, payer guidance, Company policy, or identified risk areas affect clinicians, staff, or operations. Update training and communication content based on regulatory changes, investigation findings, audit trends, and organizational needs. Privacy, Access Auditing & Records Requests Oversee privacy-related compliance functions, including EHR and practice management system access auditing, HIPAA incident review, minimum necessary compliance, and escalation of potential privacy violations. Monitor access auditing results and coordinate appropriate follow-up, including progressive discipline when warranted. Supervise centralized handling of subpoenas and institutional medical record requests, including litigation, government, disability, life insurance, and other formal requests routed to Compliance. Ensure unusual, sensitive, or high-risk record requests are escalated to Operations, the Audit Manager, the GC & CCO, or other appropriate leaders. Oversee tracking of production, invoices, payments, and records retrieval fee collections where applicable. Responsible for tracking and regulatory reporting of HIPAA privacy incidents, including annual OCR reporting for smaller breaches and special or expedited OCR reporting for larger breach events. Coordinate with Legal, Privacy, IT, Operations, outside counsel, and business partners to ensure timely investigation, remediation, patient notification, and regulatory reporting consistent with HIPAA, HITECH, and applicable state privacy laws. Policy Committee and Policy Management Oversee the operational administration of the Company Policy Committee and the annual review of Company policies as part of the Compliance Work Plan. Coordinate with senior leaders and policy owners to ensure policies are reviewed, updated, retired, or escalated as appropriate. Maintain the SharePoint-based policy management process, including reminders, review tracking, approval documentation, and policy accessibility. Ensure policy revisions are informed by operational subject-matter expertise and aligned with legal, regulatory, and compliance requirements. Report policy review progress and significant policy issues to the Compliance Committee. Quality Assurance, Peer Review & Patient Safety Support Support the Quality Assurance & Peer Review Committee by coordinating compliance-referred quality concerns, patient safety matters, documentation concerns, corrective action plans, and follow-up reporting. Work with the Chief Medical Officer, clinical leaders, the GC&CCO, and Compliance to ensure peer review matters are appropriately routed, documented, and reported through proper governance channels. Monitor quality-related issues reported to Compliance and coordinate follow-up with clinical and operational stakeholders. Ensure compliance issues involving documentation, medical necessity, patient experience, or patient safety are appropriately escalated and remediated. Support confidential handling of quality and peer review matters consistent with applicable privilege and confidentiality protections. Patient Discharge and Sensitive Patient Matters Review and coordinate compliance involvement in patient discharge requests, disruptive patient matters, and other sensitive patient-related concerns. Coordinate with clinical, legal, and administrative teams to ensure patient discharge decisions comply with applicable state requirements, Company policy, patient abandonment considerations, and continuity-of-care expectations. Draft or review patient discharge communications and maintain documentation of compliance review and approvals. Ensure patient discharge matters are handled in a manner that protects staff and the practice while respecting patient rights and access to necessary follow-up care. Insurance Placement & Enterprise Risk Management Coordinate annual insurance placement support for professional liability, general liability, D&O, cyber, property, umbrella/excess, workers’ compensation, employment practices liability, and other coverage lines. Serve as a primary operational contact with brokers to coordinate applications, data requests, claims history, exposure information, COIs, and renewal materials. Support competitive bid review for major coverages and assist in preparing recommendations for the Executive Leadership Team. Coordinate with departments to collect complete and accurate renewal information, including statements of value, employee data, claims information, provider counts, location data, and other required submissions. Use claims history, loss trends, and enterprise risk considerations to support strategic insurance and risk management recommendations. Annual Program Evaluation & Continuous Improvement Conduct or support an annual evaluation of the compliance program’s effectiveness, including assessment of policies, procedures, reporting mechanisms, training, auditing, investigations, and governance reporting. Identify program gaps, regulatory changes, operational risks, and opportunities for enhancement. Prepare annual compliance summaries, risk assessments, and strategic recommendations for executive leadership, the Compliance Committee, the Audit & Compliance Committee, and the Board as directed by the GC & CCO. Promote a culture of integrity, accountability, continuous improvement, and practical compliance across the organization. Qualifications Required Bachelor’s degree required; JD, MHA, MPH, MBA, nursing, coding, or other relevant advanced credential preferred. Minimum 5-10 years of progressive healthcare compliance, risk management, audit, privacy, revenue integrity, or physician practice operations experience. Demonstrated experience leading or materially supporting an enterprise compliance program in a multi-site healthcare environment. Strong working knowledge of OIG compliance program expectations, CMS billing and documentation principles, HIPAA/privacy requirements, exclusion screening, investigations, corrective action plans, and healthcare compliance training. Experience preparing executive-level reports, dashboards, committee materials, and Board-facing summaries. Proven ability to work effectively with physicians, advanced practice providers, executive leadership, operations, revenue cycle, HR, IT, and legal. Preferred Experience in a large physician group, dermatology, multispecialty practice, MSO/friendly-PC structure, ambulatory care platform, or private equity-backed healthcare organization. Experience with provider documentation audits, MIPS/MACRA, CLIA, OSHA healthcare safety, peer review processes, payer audits, overpayment analysis, and enterprise risk assessments. Certification in Healthcare Compliance (CHC), Certified Professional Coder (CPC), Certified in Healthcare Privacy Compliance (CHPC), Certified Internal Auditor (CIA), or similar credential preferred. Experience using or managing compliance technology platforms, learning management systems, policy management systems, access-monitoring tools, audit platforms, or risk registers. Core Competencies Strategic compliance judgment and practical operational execution Healthcare regulatory interpretation and risk assessment Investigation leadership, documentation, and issue resolution Executive communication and Board-level reporting support Ability to influence cross-functional teams without direct authority Physician and clinician communication skills, including credibility with providers Project management, follow-through, and accountability for open items High integrity, discretion, confidentiality, and sound decision-making Comfort operating in a fast-paced, multi-state, multi-site healthcare environment