Director of Compliance & Privacy

Website MarylandConnect Maryland Health Benefit Exchange

Main Purpose of Job

This position is responsible for overseeing compliance within the Exchange, and ensuring compliance with laws, regulatory requirements, policies, and procedures. This position provides leadership, direction, and integration of compliance activities in support of the Exchange’s vision, mission, and values. The position will assure the Exchange complies with the Code of Conduct, 45 CFR 155 Exchange Establishment Standards and Related Standards Under the Affordable Care Act, Privacy regulations including those found in the CMS and MHBE Computer Matching Agreement, Minimum Acceptable Risk Standards (MARS-E) v2.0, and 45 CFR 155.260 as well as Ethics Law as set forth in set forth in Md. Code Ann., State Gov’t §§ 15-101 through 15-1001.


Position Duties

Strategy, Planning, and Leadership – 30%

  • Provide key strategic direction to build and oversee a coordinated compliance program that meets regulatory requirements and reflects the Exchange’s unique characteristics and responsibilities.
  • Chair and collaborate with the compliance committee to effectively incorporate the compliance program into the Exchange.
  • Present quarterly updates to the Board of Trustees Finance and Compliance committee. Present an annual compliance report to the Board of Trustees.
  • Initiate, facilitate and promote activities to foster compliance with the MHBE Code of Conduct, Compliance program, Fraud, Waste and Abuse reporting, and Privacy requirements and awareness within the agency.
  • Maintain current knowledge of applicable federal and state privacy laws.
  • Conduct analyses and advise senior managers about compliance implications of business decisions.
  • Supervise and support direct reports fostering a collaborative teamwork environment with direct reports and the leadership team. Model commitment to a team environment that operates in alignment with MHBE values of diverse & inclusive, innovative, collaborative, and ethical.

Compliance Program Oversight and Implementation – 30%

  • Develop an internal and external audit and monitoring program, to include the conduction of audits and systematic reviews in the investigation of fraud, waste, and abuse.
  • Develop an annual compliance work plan reflective of key compliance strategies, initiatives, and a culture of compliance.
  • Create an annual Audit plan that encompasses regulations, internal and external audits, and contract monitoring.
  • Coordinate the development, implementation, and maintenance of internal controls (policies and procedures) across the Exchange.
  • Oversee the coordination, preparation, and implementation of external, independent, State, and federal auditors and any commensurate corrective action plans.
  • Coordinate with the federal Health and Human Services, Centers for Medicaid and Medicare Services, Center for Consumer Information and Insurance Oversight, Office of Attorney General, Office of Civil Rights, and other legal entity organization officers in any compliance reviews or investigations.
  • Update employee orientation materials annually, as well as employee and external stakeholder training to include lessons learned, best practices and updates to federal and state regulations. Provide ad hoc training in the event regulations or best practice necessitates.
  • Provide notice to stakeholders and their supervisors on completion of required training and any attestations related to Code of Conduct, Privacy and IT security procedure adherence, and IRS 1075 training. Inform Human Resources and IT Security as necessary.
  • Work with staff responsible for contracts and procurement ensuring compliance with Section 31 of Maryland Insurance and 45 CFR 155 Privacy and IT Security.

Privacy Program Oversight and Implementation – 25%

  • Develop and implement a Privacy Program, to include a comprehensive privacy incident management system, Privacy Notice, consent process, and accounting of disclosures.
  • Develop an annual privacy plan that incorporates privacy policies, procedures and practices, monitoring, and training.
  • Develop standards and initiate periodic information privacy risk assessments; complete annual Privacy Impact Assessment and MARS-E v2.0 Privacy self-assessment as mandated by CCIIO and CMS, respectively.
  • Coordinate the development of and maintain all official records regarding due diligence and compliance for all MHBE Non-Exchange Entities Agreements, Data Sharing or Use Agreements with State agencies, and any combination thereof, to meet Medicaid, CHIP and other state and federal benefit programs on compliance and privacy; and Survey units and update records periodically to ensure documents are available for Federal investigators review upon requests.
  • Ensure annual and ongoing Personally Identifiable Information Inventory is completed and maintained to minimize access to, use and disclosure of consumer personally identifiable information (PII) to only that amount which is required for employees to complete their job functions, within and across the Exchange. The PII inventory includes inputs, processing and outputs of PII.
  • Ensure MHBE maintains a robust consent process to ensure appropriate use and disclosure of consumer PII as well as an accounting of disclosure process.
  • Coordinate with IT design, development, and security personnel to ensure privacy requirements are built into the design of the IT platforms.
  • Liaison with vendor Privacy officials or designees to ensure they maintain privacy program and practices at a minimum of what MHBE is required to maintain.
  • Lead and coordinate implementation of internal Privacy related corrective action plans, ensuring proactive reviews of pending regulations are integrated into the plans; and
  • Conduct related ongoing privacy standards compliance monitoring activities for external vendors and ensure performance of ongoing monitoring of vendor corrective action plans

Fraud, Waste and Abuse Oversight and Implementation – 15%

  • Develop, implement, and manage a system for reporting and investigating suspected incidents of fraud, waste, and abuse.
  • Investigate, or cause an investigation of individual and systemic problems, implementation of corrective actions and develop policy addressing the non-employment or retention of sanctioned individuals.
  • Develop and manage enforcement procedures with appropriate Exchange officials regarding disciplinary action against employees who have violated internal compliance policies, applicable statutes, regulations, or federal health care program requirements.

Minimum Qualifications

Education: A bachelor’s degree from an accredited college or university in any discipline

Experience: A minimum of eight (8) years of related experience including:

  • Experience developing and managing compliance programs including federal and state required compliance.
  • Experience providing consultation to executive management and formulating strategy, driving change, and influencing decisions.
  • Experience leading cross functional teams to develop and deliver enterprise-wide programs, initiatives, or projects.

Preferred Qualifications

  • Experience with health care, insurance, regulatory interpretation, and/or government operations.
  • Advanced degree in law, business or public administration, public health, or related field.
  • Professional certification in corporate compliance or privacy (such as HCCA, SCCE, CHC, CHPC, CHRC, or other related certification).

To apply for this job please visit