Director of Compliance & Privacy

About Us:

At Provider1st, we simplify the Release of Information (ROI) process for healthcare providers. By offering compliant, efficient, and patient first ROI services, we help healthcare organizations focus on what matters most—caring for patients. We're a fast-growing company committed to exceptional service, innovative technology, and building lasting relationships with our clients.

About Provider1st Video  

Role Overview

Provider1st is seeking a Director of Compliance to lead and scale the company’s compliance, privacy, and risk management programs in a high-growth healthcare services environment. This leader will ensure Provider1st continues to operate with the highest standards for HIPAA compliance, PHI protection, regulatory adherence, and customer trust as the business expands.

The Director of Compliance will serve as the company’s internal subject matter expert for healthcare privacy, Release of Information (ROI) regulations, state-specific medical record requirements, and operational compliance across both U.S.-based and offshore teams.

Key Responsibilities

Compliance Strategy & Program Leadership

• Develop, maintain, and scale a comprehensive compliance program aligned with healthcare regulations, ROI industry standards, and Provider1st’s growth strategy.
• Serve as the internal subject matter expert on HIPAA, HITECH, state-specific medical record laws, information blocking rules, and other regulations affecting medical record disclosure.
• Create and maintain policies, procedures, controls, and governance processes that support a rapidly growing healthcare services business.
• Partner with executive leadership, Operations, Customer Success, Sales, IT, and Legal to embed compliance into business processes and customer delivery.

Privacy & Regulatory Oversight

• Oversee compliance with the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, and related federal and state privacy requirements.
• Ensure appropriate handling of medical record requests, subpoenas, authorizations, patient requests, continuity of care requests, and payer or third-party audit requests.
• Monitor regulatory changes and translate requirements into practical operating guidance for internal teams.
• Provide guidance on state-specific fee schedules, turnaround time requirements, and permissible disclosures.

Risk Management, Audits & Incident Response

• Design and manage internal audit programs across ROI operations, quality assurance, access controls, documentation, and customer workflows.
• Lead preparation for customer audits, security reviews, compliance questionnaires, and due diligence requests.
• Maintain a risk register and work cross-functionally to identify, prioritize, and mitigate compliance and privacy risks.
• Lead incident response processes, including investigation, root cause analysis, corrective action planning, and breach assessment support.

Training & Compliance Culture

• Build and manage company-wide compliance training for U.S. and offshore team members, including HIPAA, PHI handling, information security, and role-specific ROI requirements.
• Establish annual and new-hire compliance certification processes and ensure timely completion across all applicable employees.
• Promote a compliance-first culture that supports speed, accountability, and operational excellence without creating unnecessary friction.

Customer & Partner Support

• Act as the primary compliance contact for customers, prospects, and partners when privacy, security, or ROI regulatory questions arise.
• Support Sales and Customer Success in responding to BAAs, compliance questionnaires, security assessments, and contractual compliance obligations.
• Help strengthen Provider1st’s market positioning as a trusted, secure, and compliant partner for healthcare providers.

Data Security & Operational Controls

• Partner with IT and Operations to ensure secure handling of PHI across systems, workflows, and remote access environments.
• Oversee access control reviews, audit logs, encryption practices, documentation standards, and offshore security protocols.
• Support readiness for security and compliance frameworks such as HITRUST, SOC 2, ISO 27001, or similar programs as applicable.

Required

• 8+ years of experience in healthcare compliance, privacy, regulatory affairs, health information management, or related roles.
• Deep working knowledge of HIPAA, HITECH, healthcare data privacy requirements, and medical record disclosure regulations.
• Experience in Release of Information, Health Information Management, healthcare services, provider operations, or adjacent healthcare technology/services environments.
• Proven ability to build or scale compliance programs, policies, controls, and training in a growing organization.
• Experience managing audits, compliance reviews, risk assessments, corrective action plans, and incident response processes.
• Strong executive communication skills with the ability to translate complex regulatory requirements into practical business guidance.

Preferred

• Experience working with ROI vendors, provider groups, MSOs, health systems, or ambulatory healthcare organizations.
• Familiarity with EMR access workflows and systems such as Epic, Oracle Cerner, eClinicalWorks, Athena, or similar platforms.
• Experience supporting HITRUST, SOC 2, ISO 27001, or similar certification readiness.
• Healthcare compliance certifications such as CHC, CHPC, RHIA, RHIT, CIPP/US, or similar credentials.
• Experience supporting distributed or offshore operations involving PHI handling.

Core Competencies

• High integrity and sound judgment in handling sensitive healthcare information.
• Risk-based decision making and practical problem solving.
• Strong process orientation with the ability to create scalable operating rhythms.
• Excellent written and verbal communication skills.
• Ability to operate in a fast-growing, entrepreneurial environment with evolving priorities.
• Cross-functional leadership and ability to influence without direct authority.

• Health, Dental, Vision Insurance
• Paid time-off (PTO)
• 401(k)