Compliance and Privacy Manager

About Boulder

Boulder Care is an award-winning digital clinic for addiction medicine, recognized for both innovation and high quality of patient care. Founded in 2017 by CEO Stephanie Strong, our mission is to improve the lives of people with substance use disorders through compassionate, evidence-based care.

We provide Boulder patients with a fully virtual, multidisciplinary care team—including medical providers and peer recovery specialists—who deliver personalized treatment, including medication-assisted treatment (MAT) and ongoing support. Our approach is grounded in clinical excellence, patient-centered care, and a commitment to reducing barriers to recovery. Boulder partners with leading health plans, employers, and community organizations to ensure that our services are accessible and covered for the people who need them most.

Named by Fortune as one of the Best Workplaces in Healthcare, Boulder fosters a culture of kindness, respect, and meaningful work that delivers outstanding patient outcomes and moves the addiction medicine industry forward.

About this role

As the Manager of Compliance & Privacy, you'll lead and scale our health care compliance and privacy programs across a rapidly growing, telehealth-based addiction treatment model. You will be responsible for ensuring Boulder Care operates at the highest standards of compliance with health care regulations and privacy laws in every jurisdiction in which we deliver services, including oversight of privacy and compliance operations, state behavioral health certification and accreditation program compliance, internal audits, incident responses, managing education and training initiatives, and monitoring and mitigating risk. In this role, you will partner closely with legal, clinical, IT, product, operations, and executive leadership to embed compliance and privacy into our services, policies, and culture. 

Health Care Compliance, Accreditation and Behavioral Health Certification, and Privacy Program Management - 90%

• Develop, maintain, and enhance compliance policies, procedures, and controls for telehealth-based addiction treatment services in multiple states in accordance with best practices and applicable state and federal laws and regulations; lead periodic reviews and updates as laws/regulations evolve
• Serve as the designated Privacy Officer and oversee compliance with HIPAA, 42 CFR Part 2, and applicable state privacy laws and regulations
• Manage national accreditation and state behavioral health certification program compliance, including policy development and new market applications 
• Conduct privacy & compliance risk assessments, internal audits, and gap analyses; implement corrective plans and monitor remediations as necessary
• Manage incident response: oversee investigations of privacy or compliance breaches, coordinate response, notification, and remediation
• Lead training & awareness programs for clinical, operational, technical, and other staff on privacy, security, and regulatory compliance topics
• Monitor regulatory landscape: track changes and developments in relevant laws and regulations, assess their impact on Boulder Care’s operations, and advise leadership accordingly
• Support compliance with contractual obligations (e.g. with payors, vendors, partners) related to privacy, consent, data use and sharing
• Serve as liaison to external regulators or auditors, manage audit or investigation responses, ensure documentation readiness
• Maintain metrics, dashboards, and reporting to leadership on compliance/privacy performance, risk indicators, and program health
• Lead or participate in internal compliance committees; coordinate with Chief Legal Officer, clinical operations, and information security teams

Ethical Leadership, Compliance and Organizational Communication - 10%

• Demonstrate knowledge of ethical standards, professional codes, and applicable laws affecting the department and company
• Uphold and model organizational policies and professional codes of ethics; document and escalate reports of unethical behavior as required by Boulder policies, licensing bodies, or legal standards
• Promote ethical, patient-centered decision-making by engaging in constructive discussions on the impact of work decisions on patients, staff, and stakeholders
• Collaborate with colleagues across clinical, operations, product, IT, and executive leadership to develop and progress organizational policies and procedures
• Communicate policies, procedures, and organizational culture effectively to new employees and colleagues
• Foster a culture of professionalism, transparency, and accountability to ensure consistent compliance across the team

What you bring:

• Minimum of 4 years of health care compliance, privacy, and risk management experience, with a strong preference for experience in telehealth, behavioral health and/or addiction medicine settings
• Deep knowledge and proven experience with HIPAA, state privacy laws, and healthcare regulatory compliance in multi-state environments
• Experience leading incident response, internal audits, policy development, and regulatory-driven investigations
• Strong leadership skills; ability to manage cross-functional teams, influence without direct authority, and drive culture change
• Excellent communication skills—written, verbal; able to deliver training, to work with executive leadership and with staff at all levels
• Strong analytical skills; comfort with interpreting complex regulatory requirements and translating them into practical operational policies
• High integrity, ethical mindset, attention to detail, ability to maintain composure under pressure

Nice to have but not required: 

• Experience managing 42 CFR Part 2 compliance programs
• Professional certifications (e.g. Certified in Healthcare Compliance (CHC), Certified Healthcare Privacy Compliance (CHPC), or equivalent), or attainable within one year of hire
• Prior experience scaling compliance/privacy programs in a startup environment

Work environment

• This is a fully remote role but we are currently only hiring candidates located in the following states: AZ, CA, CO, FL, GA, ID, IL, KY, MA, NC, NJ, NY, OH, OR, PA, SC, TN, TX, UT, WA, or WV. Applicants must reside and work in one of those states to be considered
• Boulder Care employees are free to use our river-front HQ located in Portland, OR whenever they would like

Expected hours of work

This is a full-time remote position expected to work 40 hours between Monday-Friday 

Compensation

The starting pay range for this position is $110,000 - $135,000 per year; base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. The total compensation package for this position may also include other elements, including a full range of medical, financial, and/or other benefits (including 401(k) eligibility and various paid time off benefits, such as vacation, sick time, and parental leave).

Hiring timeline

• Phone Interview (30min)
• Hiring Manager Interview (60min)
• Panel Interview (60min)
  • NOTE: As part of our hiring process, all final candidates will be required to undergo background checks and provide professional references. By applying, you acknowledge and consent to these checks, which may include employment history, criminal records, education/licensing verification, and professional references. We are committed to transparency and confidentiality throughout this process and will inform you in advance should any further information be required.

Some of Boulder’s amazing benefits for regular, full-time employees

• Contribution to meaningful, life-saving work!
• Comprehensive medical, dental, vision, and short-term disability benefits designed to take care of our employees and their families 
• Mental Health Services via Regence, Doctors on Demand, and EAP for continuous care
• 4 weeks of vacation accrued per calendar year with a tenured increase to 5 weeks at 2 years of employment
• Sick leave accrued at 1 hr for every 30 hrs paid
• 9 Paid Holidays per year
• 12 weeks of 100% paid parental leave for the birth or adoption of a child (after 6 months of employment)
• 401(k) retirement savings
• Remote friendly with hardware provided to complete your work duties

Our values

• The people we care for always come first
• Our opportunity is also our duty, in service to others
• Share facts to change minds, instill empathy to change hearts
• Move the industry forward: follow the data
• Strong individuals, stronger together