Privacy & Compliance Officer

The Privacy & Compliance Officer supports the design, implementation, and oversight of Bicycle Health's compliance and privacy operations across its national telemedicine practice. Reporting to the Chief Medical Officer and working closely with operational and clinical leadership, this individual serves as the designated Privacy Officer and plays a critical role in ensuring adherence to HIPAA, 42 CFR Part 2, and other applicable laws, regulations, and contractual requirements.

This role focuses on driving day-to-day privacy and compliance operations, conducting internal audits, managing education and training initiatives, coordinating responses to regulatory inquiries, and monitoring risk. It is a highly cross-functional position requiring collaboration with clinical, legal, IT, operations, and executive stakeholders.

Location: Remote

Schedule: Full time (40 hrs)

Target Pay Range: $120,000.00 - $140,000.00 - Compensation to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.

Benefits:

• Discretionary PTO 8.5 days of additional sick time 10 paid holidays
• Paid parental leave
• 100% Employer Paid Medical, Dental, and Vision Insurance
• Employer Paid STD & LTD
• 401k
• $50 monthly Remote Work Stipend

You can expect to:

• Serve as the organization's Privacy Officer, overseeing policies and practices that ensure compliance with HIPAA, 42 CFR Part 2, and relevant state laws.
• Monitor and respond to compliance-related incidents, investigations, and inquiries.
• Develop and update compliance-related policies, procedures, and training materials.
• Conduct and support compliance risk assessments, internal audits, and monitoring efforts to evaluate adherence to regulatory and contractual obligations.
• Track regulatory changes, assess impact, and communicate key updates to internal stakeholders.
• Manage preparation and coordination of responses to third-party audits, subpoenas, and government inquiries.
• Design and deliver training and education for clinical and non-clinical staff on privacy and compliance topics.
• Maintain systems for issue intake, investigation, resolution, and reporting (e.g., incident tracking, hotline follow-up).
• Collaborate closely with operational VPs and department heads to integrate compliance goals into day-to-day operations.
• Maintain and analyze metrics related to compliance performance and risk indicators.
• Support the conflicts of interest disclosure process and credentialing compliance workflows.
• Participate in internal compliance committees and serve as a liaison to external counsel when needed.
• Oversee all aspects of Bicycle Health's physical office operations to ensure compliance with HIPAA, the Controlled Substances Act, and other relevant local, state, and federal laws.

Qualities we're looking for:

• Bachelor's degree required; degree in healthcare administration, law, public health, or related field preferred.
• Certified in Healthcare Compliance (CHC) and/or Certified in Healthcare Privacy Compliance (CHPC) preferred or attainable within 12 months of hire.
• 3–5 years of experience in healthcare compliance, privacy, legal, or risk management roles, ideally in multi-state environments or telehealth organizations.
• Working knowledge of HIPAA, 42 CFR Part 2, and applicable federal and state regulatory frameworks.
• Demonstrated ability to interpret complex regulations and apply them in a fast-paced operational context.
• Effective communicator with strong writing, training, and documentation skills.
• Experience working cross-functionally with operations, clinical leadership, and legal/compliance teams.
• Comfort with remote work platforms (e.g., Zoom, Slack, Google Workspace); familiarity with macOS preferred.
• Ability to travel up to 15% of the time.
• Access to a private, professional remote work environment with high-speed internet and appropriate setup for video conferencing.

This is a full-time (40hrs per week) remote position.

#LIRemote #zr