Leadership Changes at HIPAA Privacy Office

Dec. 20, 2011
At a Consumer Health IT Summit on Sept. 12, U.S. Dept. of Health & Human Services Secretary Kathleen Sebelius made two announcements that will impact patient privacy and access to data, including naming a new director of the Office for Civil Rights (OCR), the agency responsible for administering and enforcing HIPAA’s privacy, security and breach notification rules.

At a Consumer Health IT Summit on Sept. 12, U.S. Dept. of Health & Human Services Secretary Kathleen Sebelius made two announcements that will impact patient privacy and access to data, including naming a new director of the Office for Civil Rights (OCR), the agency responsible for administering and enforcing HIPAA’s privacy, security and breach notification rules.

As part of National Health IT Week, Sebelius announced proposed rules that would allow patients to gain access to test results reports directly from labs. Labs covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) would be required to provide such information, upon request, directly to patients or their personal representatives.

The Notice of Proposed Rulemaking proposes to amend the Clinical Laboratory Improvement Amendments of 1988 (CLIA) regulations and HIPAA privacy regulations to strengthen patients’ rights to access their own laboratory test result reports.

The new leader of OCR is Leon Rodriguez, a former prosecutor who previously worked in the Department of Justice Civil Rights Division, where he served as the Deputy Assistant Attorney General and chief of staff.

In a blog posting, Davis Wright Tremaine attorney Adam Greene, a former HHS staff member, said the biggest question for covered entities and business associates is what impact the new leadership may have on enforcement, adding that under Rodriquez’s predecessor, Georgina Verdugo, enforcement increased considerably. “While it is unlikely that we will be seeing HIPAA penalties and settlements on a daily or weekly basis,” Greene writes, “the days of a strictly ‘voluntary compliance’ approach are likely behind us. Covered entities that have been lulled into a belief that HIPAA violations carry no more than a slap on the wrist may be well served to reconsider this position and internally audit the effectiveness of their privacy and security programs.”


 

Sponsored Recommendations

Data: The Bedrock of Digital Engagement

Join us on March 21st to discover how data serves as the cornerstone of digital engagement in healthcare. Learn from Frederick Health's transformative journey and gain practical...

Northeast Georgia Health System: Scaling Digital Transformation in a Competitive Market

Find out how Northeast Georgia Health System (NGHS) enabled digital access to achieve new patient acquisition goals in Georgia's highly competitive healthcare market.

2023 Care Access Benchmark Report for Healthcare Organizations

To manage growing consumer expectations and shrinking staff resources, forward-thinking healthcare organizations have adopted digital strategies, but recent research shows that...

Increase ROI Through AI: Unlocking Scarce Capacity & Staffing

Unlock the potential of AI to optimize capacity and staffing in healthcare. Join us on February 27th to discover how innovative AI-driven solutions can revolutionize operations...