SVP Chief Compliance and Privacy Officer

Corewell Health is seeking a strategic, experienced and solution-oriented leader to serve as Senior Vice President, Chief Compliance and Privacy Officer. This role leads and assumes management responsibility for the structure, development, implementation and operation of Corewell Health's system-wide Compliance Programs, including privacy, accreditation and research integrity, as well as the enterprise risk management program. This role is responsible for building and maintaining strong relationships with stakeholders to lead an effective compliance program within the organization by fostering trust, enhancing communication, and promoting a culture of compliance. The SVP, Chief Compliance & Privacy Officer serves as a trusted advisor to management and board governance, offering guidance and practical solutions to complex regulatory compliance challenges. As Corewell Health's Chief Privacy Officer, substantial expertise and experience in data privacy and security is strongly preferred.

This role is responsible for identifying and assessing areas of compliance for the System and its subsidiaries, advising as to elimination or reduction of compliance risks and developing and maintaining a framework and set of expectations for consistent and efficient compliance programs of the System and its subsidiaries. The SVP, Chief Compliance & Privacy Officer collaborates closely with key stakeholders, including but not limited to clinical and operational management as well as legal, internal audit, risk management, finance and Human Resources functions. The SVP, Chief Compliance & Privacy Officer will also lead and coordinate with other key stakeholders the System's enterprise risk management program, which now includes an increased emphasis on risks arising from the deployment and implementation of artificial intelligence tools and applications.

The SVP, Chief Compliance & Privacy Officer reports administratively to the System Chief Legal Officer. To provide for independence and objectivity, the Compliance Officer also meets directly and routinely with the Chief Executive Officer (CEO) and reports functionally to the Compliance & Risk Committee of the System Board of Directors (CRC) for compliance-related functions and issues. The SVP, Chief Compliance & Privacy Officer has direct access to the President & CEO and the CRC (primarily via its chair and during regular executive sessions with the CRC) for compliance-related matters, which access may be exercised within the sole discretion of the SVP, Chief Compliance Officer. The SVP, Chief Compliance & Privacy Officer communicates with executive management and the Board of Directors (primarily via the CRC) to effectively incorporate regulatory compliance within the culture, operations and programs of the System and its subsidiaries.

Key Role Functions and Responsibilities

• Provides direction and oversight to the Corewell Health Compliance Program and team members to ensure the effectiveness of appropriate standards of conduct, policies, procedures, monitoring and corrective action plans in order to minimize risk of loss and/or prevent violations of legal / regulatory / ethical standards, rules or regulations. Consistent with the elements of an effective compliance program, establishes and / or oversees auditing and monitoring procedures for the purpose of monitoring and detecting misconduct or non-compliance. Recommends solutions and ensures implementation of solutions to eliminate or minimize reoccurrence of misconduct or non-compliance.

• Leads and delegates substantial subsidiary and subject matter specific compliance and privacy responsibilities to subsidiary/regional Compliance & Privacy Officers within the three delivery system regions of Corewell Health and Priority Health.

• Confirms that policies, programs, and plans are consistent with and support Corewell Health's core values and its mission and in compliance with applicable laws and regulatory compliance requirements, and that organizational policies are being followed. Establishes system-wide policies and standards for integration into subsidiary compliance programs.

• Partners with Corewell Health executive leadership and the Compliance & Risk Committee of the System Board of Directors (CRC) and each of its subsidiaries to ensure the organization develops and maintains a strong and dynamic culture of compliance. Reports no less than annually to the CRC on the implementation and effectiveness of the organization's compliance program.

• Oversees the development and deployment of effective, consistent and efficient role-based compliance training and education for all Corewell Health team members.

• Regularly reviews the Compliance Program of the System and its subsidiaries for effectiveness and recommends appropriate revisions and modifications, including advising leadership and the CRC of areas of potential compliance risk, including but not limited to any matter involving criminal or potential criminal conduct.

• Provides strategic leadership and operational direction to the system clinical compliance team to ensure effective compliance with Medicare Conditions of Participation as evaluated by deeming agencies.. Ensures the clinical compliance team is a resource and advisor to clinical teams supporting accreditation for specialty clinical areas.

• Serves as the Chief Privacy Officer for the System and its subsidiaries.

• Provides strategic leadership, direction and oversight to Corewell Health enterprise risk management programs to ensure the best interests of the organization are guarded while pursuing the mission, vision and strategic priorities. Develops processes that lead to a holistic view of the organization's most critical risks to achieving its strategic objectives, prompting management to pinpoint unknown but knowable risks.

• Supports executive management in engaging in dialogue about the top enterprise-level risks and determining direction about those risks most critical to the organization. Leads annual risk identification and risk assessment processes. Assists the organization in maturing its enterprise risk awareness framework.

• Interfaces with in-house and external legal counsel as appropriate to interact with external regulatory agencies. Collaborates with in-house and external legal counsel in conducting, authorizing and/or overseeing investigations of matters that merit investigation under the Compliance Program. From time to time, performs investigations at the direction of legal counsel and works with legal counsel in the course of such investigation to provide guidance, recommendations and other assistance as requested by legal counsel. In such cases, the work with legal counsel shall be confidential and protected from disclosure by the attorney client privilege and work product protection.

• Provides direction and oversight to the conflicts of interest reporting and resolution process for management and governing boards; collaborates with research and tax functions regarding conflicts of interest issues. Provides leadership and facilitation of resources for compliance program management for system subsidiaries. Develops, implements, and maintains annual operating budget, ensuring that operations are managed within established guidelines.

• Provides direction and support to team members to ensure effectiveness and efficiency. Selects, trains, develops, and evaluates team members and initiates personnel actions in accordance with human resources policies and organization philosophy.

Candidate Qualifications

• 10 years of relevant experience leadership experience required

• Specific knowledge of health care corporate compliance and regulatory issues, including but not limited to Stark, fraud and abuse and privacy issues, typically gained through skills/knowledge/abilities required

• Substantial expertise and experience in data privacy and security is strongly preferred.

• High degree of personal integrity and credibility

• Strong analytical and negotiating skills

Candidate Credentials

• Required Bachelor's Degree relevant area (business, economics, finance, healthcare administration, etc.)

• Preferred doctorate law degree or other relevant masters/graduate degree

• Healthcare Compliance, Certified (CHC) - HCCA Health Care Compliance Association preferred