Compliance Officer – Iowa State Association of Counties (ISAC) The Iowa State Association of Counties is seeking to add a full-time compliance person. This person functions as an independent and objective employee responsible for creating and maintaining compliance programs as well as addressing questions, issues, and concerns within the organization and its members. Requirements: Minimum of five years’ experience in a senior healthcare compliance position or as an attorney practicing in healthcare law Bachelor’s degree in a healthcare compliance related field (Masters degree preferred) or Juris Doctorate degree and licensed to practice in Iowa Demonstrated technical competencies in Microsoft Office suite of products Prioritization, problem-solving, and creativity/innovative skills, including analysis of metrics to form hypotheses, confirm root causes and verify solutions Project management proficiency Spreadsheet modeling skills: budgeting, forecasting and sensitivity analysis Ability to prepare and interpret statistics as they pertain to compliance requirements Experience with auditing or complying with audits specifically concerned with healthcare related software is a plus Proven knowledge of software development process and high level coding methodologies is a plus Presentation skills, both oral and written Negotiation skills Specific compliance competencies in HIPAA and HITECH Salary range starting at $75,000 plus a competitive benefit package. JOB DESCRIPTION IOWA STATE ASSOCIATION OF COUNTIES COMPLIANCE OFFICER Overview: The Compliance Officer is the leader of HIPAA and HITECH for the Iowa State Association of Counties, functioning as an independent and objective employee that reviews and evaluates compliance issues/concerns within the organization. This position ensure that the Board of Directors, Executive Director, other management, employees and identified systems are in compliance with the applicable laws, rules and regulations of applicable federal and state regulatory agencies, that organizational policies and procedures are being followed. This position serves as an educational resource for members and users. The Compliance program should follow the seven elements of an effective compliance program as more fully described by the Office of Inspector General (OIG) of the United States. Responsibilities: Receive and direct compliance issues to appropriate resources for investigation and resolution. Implement the organization’s HIPAA Policies and Procedures and suggests edits as necessary to the same in order to keep up-to-date with current law and practices. Act as the final internal resource with which parties may communicate after other formal channels and resources have been exhausted. Act as staff to the Compliance and Regulations Committee by monitoring and reporting results of the compliance/regulatory efforts of the committee, provide guidance for the Executive Director and senior management team on matters relating to compliance and provide updates regarding changes to relevant regulations and compliance measures. In conjunction with the Compliance and Regulations Committee and ICTS Advisory Board advise the ICTS Board of Directors in implementation of all necessary actions to ensure achievement of the objectives of an effective compliance program. Responsible for providing the management team with data and information that will guide the strategic direction of the organization as a result of the current and proposed regulatory environment. Responsible and accountable for the design, development, implementation, operation, maintenance, monitoring, and approving the entity’s system controls as it relates to security availability, processing integrity and confidentiality, that are assigned to individuals within the entity, with authority to ensure policies and other system requirements are effectively promulgated and placed in operation. Collaborate with the Information Technology Manager and other project staff to review all external marketing materials, third party interfaces, etc. to mitigate any potential regulatory or compliance issues. Develop and periodically review and update Standards of Conduct to ensure continuing currency and relevance in providing guidance to management and employees. Collaborate with other departments as required by the position to direct compliance issues to appropriate existing channels for investigation and resolution. Consult with the General Counsel as needed, to resolve difficult legal compliance issues. Respond to member and user questions regarding compliance, provide education and training to members and users on compliance and assist with the ISAC HIPAA Program. Respond to alleged violations of rules, regulations, policies, procedures, and code of conduct by evaluating or recommending the initiation of investigative procedures. Develop and oversee a system for uniform handling of such violations. Act as an independent review and evaluation body to ensure that compliance issues/concerns within the organization are being appropriately evaluated, investigated, and resolved. Monitor, and as necessary, coordinate compliance activities of other departments to remain abreast of the status of all compliance activities and to identify trends. Identify potential areas of compliance vulnerability and risk; develop/implement correction plans for resolution of problematic issues, and provide general guidance on how to avoid or deal with similar situations in the future. Provide reports on a regular basis, and as directed or requested, to keep the Executive Director and senior management informed of the operation and progress of compliance. Ensure proper reporting of violations or potential violations to duly authorized enforcement agencies as appropriate and/or required. Implement and manage a “whistle blower” reporting mechanism. Institute and maintain an effective compliance communication program for the organization. Work with Human Resources and others as appropriate to develop an effective compliance training program, including appropriate introductory training for new employees as well as ongoing training for all employees and managers. Monitor and document code changes and system releases to ensure appropriate coding controls are being followed. Report violations to the Information Technology Manager. Responsible for managing third-party audits, implementing, tracking, and monitoring identified controls for ISAC and ICTS. Qualifications: Minimum of five years’ experience in a senior healthcare compliance position or as an attorney practicing in healthcare law Bachelor’s degree in a healthcare compliance related field (Masters degree preferred) or Juris Doctorate degree and licensed to practice in Iowa Demonstrated technical competencies in Microsoft Office suite of products Proven knowledge of software development process and high level coding methodologies Prioritization, problem-solving, and creativity/innovative skills, including analysis of metrics to form hypotheses, confirm root causes and verify solutions Project management proficiency Spreadsheet modeling skills: budgeting, forecasting and sensitivity analysis Ability to prepare and interpret statistics as they pertain to compliance requirements Presentation skills, both oral and written Negotiation skills Specific compliance competencies in HIPAA and HITECH Salary: Salary range starting at $75,000 plus competitive benefit package