What they are required to show, should there be an audit, is a 'culture of compliance' and should be able to show 'visible demonstrable evidence' of compliance.
So they need to have a risk assessment done, policies and procedures in place, BAA agreements all around, and you'll want to ask pointed questions such as: what have they done up till now, what prompts them to bring a compliance officer on board now and what are they shooting for.
And I hope you are asking for a salary equal to the responsibility they are handing over to you. You'll want a contract that states that you are not a lawyer and nothing you say should be construed as legal advice.
Get the name of their lawyer and work hand in hand on the BAA's, and policies and the sanctions for breach of PHI for their staff, to cover your butt. So the responsibility falls back to the lawyer and the board of the health center not to you.
IMHO
Barbara