Compliance and Privacy Director

About us

LifeMD is a leading digital healthcare company committed to expanding access to virtual care, pharmacy services, and diagnostics by making them more affordable and convenient for all. Focused on both treatment and prevention, our unique care model is designed to optimize the patient experience and improve outcomes across more than 200 health concerns.

To support our expanding patient base, LifeMD leverages a vertically-integrated, proprietary digital care platform, a 50-state affiliated medical group, a 22,500-square-foot affiliated pharmacy, and a U.S.-based patient care center. Our company — with offices in New York City; Greenville, SC; and Huntington Beach, CA — is powered by a dynamic team of passionate professionals. From clinicians and technologists to creatives and analysts, we're united by a shared mission to revolutionize healthcare. Employees enjoy a collaborative and inclusive work environment, hybrid work culture, and numerous opportunities for growth. Want your work to matter? Join us in building a future of accessible, innovative, and compassionate care.

About the role

The Compliance and Privacy Director is a key member of the LifeMD Compliance team, responsible for developing, implementing, and administering compliance program requirements. Core areas of focus include HIPAA privacy, incident response, workforce training, policy and procedure management, and the seven elements of an effective compliance program. This role requires a hands-on professional with significant experience at a mid-size to large healthcare organization. Digital health experience is preferred. The position reports directly to the Chief Compliance Officer.

The Director will lead efforts to enhance and sustain an effective compliance program, requiring expertise in HIPAA, OIG compliance program requirements, data governance, and compliance with federal Fraud and Abuse regulations, including the Stark Law and Anti-Kickback Statute. This role works closely with Information Security, Technology, Legal, Operations and other business stakeholders. The successful candidate will combine traditional healthcare experience with the ability to navigate a growth-stage digital health environment, demonstrating the ability to adapt compliance controls to evolving regulatory issues and shifting business operations.

Essential Job Functions

• Develop and implement compliance initiatives with a focus on HIPAA and data governance, partnering with Security, Technology, Legal, Operations, and other teams to manage project priorities, deadlines, and deliverables.
• Identify gaps in compliance policy implementation across business units and regions, and collaborate with stakeholders to remediate.
• Monitor federal and state regulatory developments relevant to LifeMD's business.
• Draft, revise, and administer policies, procedures, and guidelines to ensure operational compliance with applicable laws and regulations.
• Manage the company's HIPAA breach assessment and notification processes, including responses to affected individuals and external agency investigations, corrective action plans, and remediation.
• Oversee internal compliance reviews and audits, including Business Associate Agreement (BAA) controls, medical record access audits, and similar activities.
• Manage payer contract compliance requirements related to data controls, third-party vendor audits, and offshore access to protected health information.
• Collaborate with Procurement, IT, and Security on the review and negotiation of BAAs, data protection addenda, and related documents.
• Lead and participate in risk assessments, gap analyses, corrective action plans, and other compliance audits.
• Manage compliance investigations and complaint resolution in collaboration with internal leaders and outside counsel, as appropriate.
• Prepare compliance tracking reports—covering data incidents, customer complaints, and business practices—to identify process improvement opportunities.
• Develop and oversee employee compliance training, with an emphasis on HIPAA, fraud and abuse, and topical issues of particular relevance to the business.
• Maintain current knowledge of applicable regulations and serve as a subject matter expert to the organization on related compliance requirements. .
• Assist with ensuring clinical processes and revenue collection align with federal Fraud and Abuse laws, including the False Claims Act, Anti-Kickback Statute, Stark Law, and comparable state laws.
• Manage the company's compliance newsletter to keep employees informed on key compliance developments.
• Collaborate with the Chief Compliance Officer on the development and enhancement of the company's AI Governance program.

Requirements:
• Minimum eight years of healthcare compliance experience, with demonstrated expertise in HIPAA compliance and OIG compliance program guidance.
• Proven ability to proactively identify and manage risk, and to develop internal controls through cross-functional collaboration.
• Sound risk-based judgment, enabling compliance efforts and resources to be focused where they matter most.
• Strong working knowledge of federal and state healthcare laws, regulations, and compliance standards, including HIPAA and OIG compliance program requirements.
• Experience managing compliance with federal healthcare Fraud and Abuse laws, including the False Claims Act, Anti-Kickback Statute, and Stark Law.
• Experience coordinating compliance efforts across multiple departments.
• Experience developing and revising key compliance program documents including compliance manuals, policies and procedures, work plan materials, training materials, committee agenda materials, and compliance alerts.
• Bachelor's degree.
• Strong project management skills with the ability to meet deadlines, prioritize work, and manage multiple concurrent initiatives.
• Excellent written and verbal communication skills, with the ability to engage effectively with both technical and non-technical audiences.
• In-depth understanding of privacy principles, policies, and technologies, including familiarity with privacy control frameworks.

Preferred Qualifications

• Experience in a managed care setting and/or with Medicare compliance requirements.
• Advanced degree, or healthcare compliance certification such as CHC, CPCO, CHPC; IAPP certification such as CIPP or CIPM a plus.
• Digital health or telemedicine company experience.

Benefits:
• Health Care Plan (Medical, Dental & Vision)

• Retirement Plan (Roth 401k)
• Life Insurance (Basic, Voluntary & AD&D)
• Flexible PTO Policy
• Paid Holidays
• Short Term Disability
• Training & Development