Vice President & Chief Compliance Officer

Summary:

The Vice President and Chief Compliance Officer (VP & CCO) serves as UTMB’s senior executive responsible for enterprise-wide compliance, privacy, conflicts of interest, governance, and regulatory risk management. Reporting with independence to executive leadership and compliance governance bodies, the VP & CCO designs, implements, and oversees a comprehensive compliance and ethics program aligned with UT System standards, federal and state requirements, and leading academic medical center best practices.

The VP & CCO acts as a strategic partner to executive leadership, enabling UTMB’s clinical, academic, and research missions while ensuring adherence to healthcare laws, regulations, accreditation requirements, and ethical standards. This role champions a culture of integrity, accountability, transparency, and patient safety across a highly complex, integrated academic health system.

Scope: Institution-wide

Responsibilities:

Compliance Program Leadership & Governance 

• Provide executive leadership for UTMB’s enterprise compliance, privacy, conflicts of interest, and fraud, waste, and abuse programs.
• Serve as the designated senior compliance officer with authority, independence, and responsibility for program effectiveness, consistent with UT System Regents’ Rules and OIG guidance.
• Establish, maintain, and oversee system wide compliance policies, procedures, standards of conduct, and policy governance structures.
• Chair compliance governance committees and function as an independent, objective authority for evaluating and escalating compliance matters.

Regulatory Compliance & Privacy Oversight

• Ensure compliance with applicable federal and state healthcare laws and regulations, including HIPAA, HITECH, Stark Law, Anti Kickback Statute, False Claims Act, and Conditions of Participation.
• Ensure compliance with privacy laws, including but not limited to HIPAA and FERPA, and is accountable for privacy governance, policy framework, workforce training, and PHI incident and breach response.
• Oversee investigations, corrective actions, and remediation activities in response to identified compliance issues and regulatory findings.

Education, Training & Culture of Compliance 

• Design and oversee an enterprise compliance and privacy education strategy, including role based training for workforce members exposed to higher risk activities.
• Ensure ongoing training reflects regulatory changes, industry trends, and internal incident and audit findings.
• Monitor training completion, effectiveness, and continuous improvement of educational methodologies.

Communication & Reporting 

• Oversee confidential and anonymous compliance reporting mechanisms, including the compliance hotline, ensuring non retaliation and appropriate response.
• Promote open communication and transparency across clinical, academic, research, and administrative operations.
• Provide structured, timely reporting on compliance risks, trends, and program effectiveness to executive leadership and governance bodies.

Monitoring, Auditing & Risk Assessment

• Lead enterprise compliance risk assessments and ongoing regulatory change monitoring.
• Oversee risk based compliance monitoring, auditing, and assurance activities.
• Maintain enterprise risk reporting, track remediation activities, and provide actionable insights to leadership.
• Conduct third party and vendor compliance, privacy, and security risk assessments.

Enforcement, Accountability & Corrective Action 

• Partner with Human Resources, Legal, and leadership to ensure consistent enforcement of compliance standards and disciplinary guidelines.
• Ensure timely investigation, documentation, and resolution of compliance incidents, including hotline matters and conflicts of interest disclosures.
• Use lessons learned from audits, investigations, and incidents to enhance program effectiveness and prevent recurrence.

Operational Integration & Strategic Support

• Collaborate with Legal, IT, Human Resources, Health Information Management, and operational leaders to embed compliance requirements into workflows and business processes.
• Partner with clinical, research, and operational stakeholders to ensure compliant EMR configuration, access controls, and data governance.
• Provide compliance due diligence support for mergers, acquisitions, affiliations, divestitures, and strategic initiatives.
• Maintain confidentiality and adhere to UTMB’s Code of Conduct and the Health Care Compliance Association Code of Ethics.
• Adheres to internal controls and reporting structure.
• Performs related duties as required.

Knowledge, Skills & Abilities: 

• Must possess strong knowledge of federal and state laws that affect third party reimbursement.
• Must possess strong oral and written communication skills along with the ability to communicate with all levels of the organization.
• Ability to work cooperatively with multi-disciplinary groups and line managers.
• Effective problem-solving skills.
• Ability to manage multiple projects.
• Ability to plan, organize, set and accomplish goals. 
• Ability to analyze/evaluate data and make appropriate recommendations.

Minimum Qualifications:

• Bachelor’s degree required in healthcare administration, business administration, public administration, law, nursing, or a related field plus ten (10) years of progressive experience in healthcare compliance, regulatory affairs, privacy, risk management, audit, or a related discipline, within a complex healthcare or academic medical center environment to include five (5) years of executive or senior leadership experience directing enterprise level compliance, ethics, privacy, or risk management functions.
• Demonstrated experience designing, implementing, and overseeing an effective enterprise compliance and ethics program, consistent with federal and state healthcare laws and recognized industry frameworks.
• Thorough working knowledge of applicable healthcare laws and regulations, including HIPAA/HITECH, Stark Law, Anti Kickback Statute, False Claims Act, and Conditions of Participation.
• Demonstrated ability to act with independence and objectivity, advise executive leadership and governing bodies, and manage sensitive regulatory and investigative matters.

Preferred Qualifications:

• Advanced degree preferred, including Juris Doctor (JD), Master of Healthcare Administration (MHA), Master of Business Administration (MBA), Master of Public Health (MPH), or related graduate degree.
• Experience in a public academic medical center, health sciences university, or large multi entity healthcare system.
• Prior experience interacting with or reporting to board level or system level compliance committees.
• Familiarity with UT System policies, public institution governance, or comparable regulatory environments.
• Certified in Healthcare Compliance (CHC) or Certified Compliance & Ethics Professional (CCEP).
• Additional certifications (e.g., CHPC, CIPP/US, CIA, CPA) may be considered based on professional background.
• All certifications must be maintained in good standing through applicable continuing professional education.
   

Equal Employment Opportunity

UTMB Health strives to provide equal opportunity employment without regard to race, color, religion, age, national origin, sex, gender, sexual orientation, gender identity/expression, genetic information, disability, veteran status, or any other basis protected by institutional policy or by federal, state or local laws unless such distinction is required by law. As a Federal Contractor, UTMB Health takes affirmative action to hire and advance protected veterans and individuals with disabilities.