Demo

Compliance & Privacy Officer

Central Montana Medical Center
Lewistown, MT Full Time
POSTED ON 7/6/2026
AVAILABLE BEFORE 11/2/2026

Department Compliance Exempt

Immediate Supervisor TBD

Supervisor next CEO Workweek 40
in line

POSITION SUMMARY

The Compliance & Privacy Officer is responsible for the development, implementation, oversight, and continuous
improvement of ’s Corporate Compliance Program and Privacy Program in
accordance with CMS Conditions of Participation, OIG Compliance Program Guidance, and HIPAA regulations.

This position serves as the designated Compliance Officer and HIPAA Privacy Officer and has responsibility and
authority to ensure the organization operates in accordance with all applicable federal, state, and local laws and
regulations.

The Compliance & Privacy Officer maintains independent access to the Board of Trustees, providing regular reports at
least quarterly regarding program effectiveness, risks, investigations, and corrective actions.

The position has the authority to conduct independent investigations, access all necessary records, and recommend
corrective and disciplinary actions in alignment with organizational policy and regulatory requirements.
Continued employment and raises in this position are dependent upon 's
fiscal viability and:

  • Actions and communications that contribute to a team concept and create a positive environment for all
customers
  • Acceptable performance of essential and all job duties
  • Acceptable attendance record
  • Accountability for safety to self, patients, visitors and all customers, and care of equipment and building
  • Adherence to departmental and facility policies and procedures, education requirements, compliance monitoring
and reporting, and CMMC Code of Conduct
  • Accountability for the consequences of own actions
  • Physical and emotional ability to perform essential functions
  • Acceptable background investigation results if required for position

Minimum Education, Experience, Licensure, Certification required:

Qualifications:

  • Bachelor’s degree in healthcare administration, business, nursing, legal studies, health information
management, or a related field preferred
  • Equivalent combination of education and relevant experience in healthcare, compliance, privacy, quality, or
regulatory functions may be considered
  • Working knowledge of healthcare regulations, privacy laws, and compliance principles preferred
  • Certification in healthcare compliance or privacy (e.g., CHC, CHP) preferred or willingness to obtain within a
defined timeframe

Experience:

  • Minimum of two (2) years of experience in healthcare, regulatory, compliance, privacy, quality, health
information management, or related field preferred
  • Experience in policy development, auditing, investigations, education, or regulatory processes preferred
  • Prior leadership, coordination, or project management experience is beneficial but not required

ESSENTIAL FUNCTIONS/DUTIES:
(Must be able to perform with or without accommodation)

1 Supports and demonstrates ’s Vision, Mission and Values Statements.


MANAGEMENT




2 Policy Development and Implementation:

  • Develops, implements, and maintains written compliance and privacy policies, procedures, and
standards of conduct.
  • Ensures policies reflect current regulatory requirements including CMS Conditions of Participation and
HIPAA.
  • Oversees periodic review and revision of the Notice of Privacy Practices and the CMMC Code of
Conduct.

3 Program Oversight and Governance:

  • Oversees and administers the Corporate Compliance Program consistent with OIG’s Seven Elements of
an Effective Compliance Program.
  • Serves as the organization’s designated HIPAA Privacy Officer and oversees compliance with HIPAA
Privacy Rule requirements.
  • Provides regular reports (at least quarterly) to the Board of Trustees regarding compliance and privacy
program effectiveness.
  • Maintains independence and authority to execute duties without undue influence.
  • Coordinates compliance activities across departments including Risk Management, Quality, Health
Information Management, and Information Security.

4 Staff Training and Education:

  • Develops and provides ongoing compliance and privacy education for workforce members, medical staff,
contractors, and volunteers.
  • Ensures training includes HIPAA requirements, reporting obligations, and standards of ethical conduct.

5 Effective Communication and Reporting:

  • Maintains a confidential and accessible reporting mechanism (e.g., compliance hotline or reporting
process).
  • Promotes a culture of non-retaliation and accountability for reporting concerns.
  • Serves as a resource for staff and leadership regarding compliance and privacy questions.

6 Risk Assessment and Mitigation:

  • Identify potential privacy risks and vulnerabilities within the organization.
  • Implement measures to mitigate risks and prevent unauthorized access or breaches.

7 Monitoring, Auditing and Risk Assessments:

  • Conducts ongoing compliance and privacy auditing and monitoring activities.
  • Performs periodic risk assessments, including HIPAA Security and Privacy risk analyses.
  • Conducts Privacy Impact Assessments (PIAs) for new systems and processes.
  • Tracks, trends, and reports compliance and privacy metrics to leadership.

8 Enforcement and Disciplinary Standards:

  • Works with Human Resources and leadership to enforce compliance and privacy standards through
consistent disciplinary action.
  • Recommends corrective actions when violations occur, up to and including disciplinary measures in
accordance with policy.

9 Response, Investigation, and Corrective Action:

  • Leads and documents investigations of alleged compliance or privacy violations.
  • Implements corrective action plans and ensures timely resolution of identified issues.
  • Oversees breach notification and reporting in accordance with HIPAA Breach Notification Rule
requirements.
  • Maintains documentation of all investigations, findings, and resolutions.


MANAGEMENT




10 HIPAA Privacy Program Responsibilities:

  • Ensures patient rights under HIPAA are upheld, including access, amendment, and accounting of
disclosures.
  • Oversees processes related to authorization, consent, and release of information.
  • Ensures Business Associate Agreements (BAAs) are implemented and maintained.
  • Monitors vendor and third-party compliance with privacy requirements.

11 Operational and Leadership Responsibilities:

  • Serves as a compliance and privacy resource to Administration, Department Leaders, and Medical Staff.
  • Participates in committees including Compliance Committee, Quality Committee, and others as
assigned.
  • Assists in development of facility-wide policies and regulatory strategies.
  • Supports integration of compliance with patient safety, quality improvement, and risk management
efforts.
  • Completes employee evaluations and supports development of staff if applicable.

15. Completes other duties as assigned

Knowledge, Skills, Abilities:

Knowledge of:
CMS Conditions of Participation
OIG Compliance Program Guidance (Seven Elements)
HIPAA Privacy, Security, and Breach Notification Rules
Healthcare regulatory environment and accreditation standards
Local, State and Federal regulations/requirements
Knowledge and experience in information privacy and security laws, access, release of information, and release
control technologies
Operations of the health care industry
Leadership and Education principles
Skills:
Human relations and oral/written communications skills
Excellent communication and training skills.
Analytical and problem-solving abilities.
Attention to detail and organizational skills.
Ability to work collaboratively with cross-functional teams.
Computer skills
Collection and analysis of data
Preparing and presenting information in a meaningful manner
Developing constructive relationships
Ability to:
Develop and implement policies and procedures
Research information
Coordinate and conduct education
Understand, interpret and educate
Analyze complex privacy issues and develop effective solutions
Communicate effectively with diverse stakeholders, both orally and in writing
Work independently and as part of a team, demonstrating strong interpersonal skills
Adapt to changing regulations and organizational needs
Prioritize and manage multiple tasks in a fast-paced environment
Utilize office equipment and technology as it advances
Collect, abstract, tabulate, aggregate, analyze and display data and statistics

OCCUPATIONAL EXPOSURE for this position:

Category I Direct contact with blood or other bodily fluid to which universal
precautions apply


MANAGEMENT




Category II Activity performed without blood/bodily fluids exposure, but exposure

may occur in emergency

Category III Task/activity does not ordinarily entail predictable exposure to
blood/bodily fluids

OTHER EXPOSURE for this position:

Radiation

Noise

Other (Specify) Poor ventilation system, artificial lighting.

PHYSICAL DEMANDS:
(Essential functions strength rating for position - see Job Analysis)

Sedentary Exert up to 10# occasionally or negligible force frequently

Light Exert up to 20# occasionally, < 10# frequently or negligible force
constantly

Medium Exert up to 50# occasionally, up to 25# or up to 10# constantly

Heavy Exert up to 100# occasionally, up to 50# frequently or up to 20#
constantly

Very Heavy Exert > 100# occasionally, > 50# frequently or
> 20# constantly

Salary.com Estimation for Compliance & Privacy Officer in Lewistown, MT
$67,247 to $82,105
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Compliance & Privacy Officer?

Sign up to receive alerts about other jobs on the Compliance & Privacy Officer career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$73,707 - $95,263
Income Estimation: 
$91,142 - $116,690
Income Estimation: 
$80,876 - $132,043
Income Estimation: 
$77,899 - $100,402
Income Estimation: 
$91,142 - $116,690
Income Estimation: 
$80,876 - $132,043
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Central Montana Medical Center

  • Central Montana Medical Center Lewistown, MT
  • Department PHYSICAL THERAPY Exempt Immediate REHAB DEPARTMENT MANAGER Supervisor Supervisor next CCO Workweek in line POSITION SUMMARY Plans and implements... more
  • 11 Days Ago

  • Central Montana Medical Center Lewistown, MT
  • Department Utilization Review Exempt Immediate Supervisor Utilization Review Coordinator Non-exempt Supervisor next Chief Nursing Officer Workweek Up to 40... more
  • 11 Days Ago

  • Central Montana Medical Center Lewistown, MT
  • Department SURGICAL SERVICES Exempt Immediate Supervisor OR COORDINATOR Non-exempt Supervisor next CCO Workweek Up to 40 hrs w/call in line POSITION SUMMAR... more
  • 11 Days Ago

  • Central Montana Medical Center Lewistown, MT
  • Department Physician Office Exempt Immediate Lead Clinic Nurse Non-exempt Supervisor Supervisor next CCO Workweek 32 - 40 in line POSITION SUMMARY Greet, a... more
  • 12 Days Ago


Not the job you're looking for? Here are some other Compliance & Privacy Officer jobs in the Lewistown, MT area that may be a better fit.

  • Stockman Bank of Montana Kalispell, MT
  • Position General Responsibilities: Incumbent is responsible for administering and monitoring the firm's compliance program as an SEC Registered Investment ... more
  • 9 Days Ago

  • CCMI - a Division of Simplify Compliance Great Falls, MT
  • https://ccmiretailservices.com - CLICK on JOB opportunities to complete your registration Merchandising & Audits available. See all information pertaining ... more
  • 24 Days Ago

AI Assistant is available now!

Feel free to start your new journey!