Leadership Changes at HIPAA Privacy Office

Dec. 20, 2011
At a Consumer Health IT Summit on Sept. 12, U.S. Dept. of Health & Human Services Secretary Kathleen Sebelius made two announcements that will impact patient privacy and access to data, including naming a new director of the Office for Civil Rights (OCR), the agency responsible for administering and enforcing HIPAA’s privacy, security and breach notification rules.

At a Consumer Health IT Summit on Sept. 12, U.S. Dept. of Health & Human Services Secretary Kathleen Sebelius made two announcements that will impact patient privacy and access to data, including naming a new director of the Office for Civil Rights (OCR), the agency responsible for administering and enforcing HIPAA’s privacy, security and breach notification rules.

As part of National Health IT Week, Sebelius announced proposed rules that would allow patients to gain access to test results reports directly from labs. Labs covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) would be required to provide such information, upon request, directly to patients or their personal representatives.

The Notice of Proposed Rulemaking proposes to amend the Clinical Laboratory Improvement Amendments of 1988 (CLIA) regulations and HIPAA privacy regulations to strengthen patients’ rights to access their own laboratory test result reports.

The new leader of OCR is Leon Rodriguez, a former prosecutor who previously worked in the Department of Justice Civil Rights Division, where he served as the Deputy Assistant Attorney General and chief of staff.

In a blog posting, Davis Wright Tremaine attorney Adam Greene, a former HHS staff member, said the biggest question for covered entities and business associates is what impact the new leadership may have on enforcement, adding that under Rodriquez’s predecessor, Georgina Verdugo, enforcement increased considerably. “While it is unlikely that we will be seeing HIPAA penalties and settlements on a daily or weekly basis,” Greene writes, “the days of a strictly ‘voluntary compliance’ approach are likely behind us. Covered entities that have been lulled into a belief that HIPAA violations carry no more than a slap on the wrist may be well served to reconsider this position and internally audit the effectiveness of their privacy and security programs.”


 

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?