Compliance Officer Role Description
Role Summary
The Compliance Officer (CO) is the senior manager appointed by the Executive Director to develop, implement, and oversee the ABAS compliance program. The CO promotes lawful and ethical operations across ABAS, a small Applied Behavior Analysis provider (20 to 50 employees) funded primarily by MassHealth and other public healthcare programs, and maintains a compliance program aligned with OIG guidance.
The CO holds senior management standing, chairs the Compliance Committee, and serves as the central point of contact for compliance questions, reports, and investigations across the organization.
POL-001 sets no fixed time commitment for the role. At ABAS's current scale the compliance function does not require a full-time position, and the current compliance lead holds it alongside another role, as HIPAA Security Officer.
This role description is a companion to POL-001 (Compliance Officer Charter). It summarizes the role for appointment, performance, and recruiting purposes. Where this description and POL-001 differ, POL-001 controls.
Reporting Line and Independence
The CO reports directly to the Executive Director and also provides regular reports to the Compliance Committee. This dual reporting line gives the CO both operational access and independent oversight. The CO submits written compliance reports to the Compliance Committee and the Executive Director at least quarterly, covering compliance activities, open investigations, training status, and risk areas.
The CO carries out compliance responsibilities without interference from other business functions. No employee or manager may direct the CO to ignore, conceal, or delay action on a compliance matter. If a compliance concern involves the Executive Director, the CO reports directly to the Compliance Committee.
The CO may not be terminated, and may not have their responsibilities materially reduced, without the knowledge and input of the Compliance Committee.
Duties and Responsibilities
The Compliance Officer's duties are established in POL-001, Section 5.3, and include:
- Develop, implement, and manage the ABAS compliance program, including all related policies and procedures.
- Stay current with changes to federal, state, and local laws and regulations that affect ABAS operations, and update policies accordingly.
- Oversee compliance training for all employees, including onboarding training, annual refreshers, and role-specific modules.
- Maintain confidential channels for employees to report compliance concerns or potential violations without fear of retaliation.
- Coordinate internal audits and monitoring activities as outlined in the annual compliance work plan.
- Lead or oversee investigations into reported compliance concerns, and coordinate corrective actions for confirmed violations.
- Provide regular updates on compliance risks, program effectiveness, and open items to the Compliance Committee and Executive Director.
- Monitor disciplinary actions across the organization to verify they are applied fairly and consistently.
- Serve as Chair of the Compliance Committee.
In addition, the CO:
- Develops or updates the annual compliance work plan within 30 days of appointment, and annually thereafter.
- Reviews and updates the Compliance Officer Charter annually, or sooner if regulatory changes require it.
Qualifications
Required:
- Standing as a senior manager within ABAS, or the capacity to operate at that level, as determined by the Executive Director at appointment.
- Working knowledge of the regulatory environment in which ABAS operates, or the demonstrated ability to build it through training: OIG compliance program guidance, the Massachusetts False Claims Act (M.G.L. c. 12, §§ 5A-5O), MassHealth provider requirements (130 CMR 450.000), and the HIPAA Privacy and Security Rules.
- Ability to handle confidential reports impartially, lead or oversee investigations, and document findings and corrective actions.
- Completion of initial compliance training within 60 days of appointment.
- Commitment to at least 8 hours of continuing education annually in healthcare compliance topics. ABAS budgets for registration fees, travel, and materials associated with this training.
Preferred:
- Prior experience in healthcare compliance or in the operations of a small healthcare provider.
- Familiarity with ABA service delivery and MassHealth billing.
- Healthcare compliance certification, or active pursuit of certification, through an organization such as the Health Care Compliance Association (HCCA). ABAS supports certification as professional development; it is not a condition of appointment.
Authority
The CO has the authority to access all areas of the organization, personnel, and records necessary to carry out compliance duties. No business function may restrict that access.
Within this authority, the CO:
- Chairs the Compliance Committee.
- Maintains the annual compliance work plan and coordinates the audit and monitoring activities scheduled in it.
- Leads or oversees investigations into reported compliance concerns and coordinates corrective actions for confirmed violations.
- Escalates directly to the Compliance Committee when a concern involves the Executive Director.
The Executive Director ensures the CO has adequate resources and budget to exercise this authority.
Time Allocation
The compliance function at ABAS is scaled to a 20 to 50 employee provider. POL-001 does not assign a fixed weekly time commitment. At the organization's current size, the function does not require a full-time position and is held today alongside another role, by the HIPAA Security Officer.
The workload follows a predictable cycle plus event-driven work:
- Recurring: quarterly written reports to the Compliance Committee and Executive Director; the annual compliance work plan (developed or updated within 30 days of appointment, then annually); annual review of the charter and compliance policies; oversight of onboarding and annual refresher training; chairing Compliance Committee meetings.
- Event-driven: intake, investigation, and resolution of reported concerns (ABAS plans for fewer than 25 compliance tickets per year), coordination of corrective actions, and policy updates in response to regulatory change.
If the compliance workload grows beyond what a dual-role arrangement supports, the CO raises the resourcing question with the Executive Director and the Compliance Committee. Where the workload warrants, ABAS may establish the Compliance Officer as a dedicated, hired position.