Dedicated to providing the latest
HIPAA compliance news

Funding for ONC Office of the Chief Privacy Officer to be Withdrawn in 2018

Share this article on:

The cuts to the budget of the Office of the National Coordinator for Health Information Technology (ONC) mean the agency must make some big changes, one of which will be the withdrawal of funding for the Office of the Chief Privacy Officer. ONC National Coordinator Don Rucker, M.D., has confirmed that the office will be closed out in fiscal year 2018.

Deven McGraw, the Deputy Director for Health Information Privacy, has been serving as Acting Chief Privacy Officer until a permanent replacement for Lucia Savage is found, following her departure in January. It is now looking highly unlikely that a permanent replacement will be sought.

One of the key roles of the Chief Privacy Officer is to ensure that privacy and security standards are addressed and health data is appropriately protected. The Chief Privacy Officer also advises the National Coordinator for Health IT on privacy and security policies covering electronic health information. However, Rucker does not believe it is necessary for the ONC to have an office dedicated to privacy and security as other agencies in the HHS could assist and take on additional tasks.

The HITECH Act required ONC to appoint a Chief Privacy Officer; however, an alternative is for ONC to request personnel from other HHS agencies. Faced with a $22 million cut in its operating budget, ONC will turn to the HHS’ Office for Civil Rights to assist with privacy functions with the ONC only maintaining ‘limited support’ for the position of Chief Privacy Officer.

The Chief Privacy Officer has been instrumental in improving understanding of HIPAA Rules with respect to privacy since the HITECH Act was passed. Many healthcare organizations have impeded the flow of health information due to a misunderstanding of the HIPAA Privacy Rule. The Chief Privacy Officer has helped to explain that HIPAA Rules do not prevent the exchange of health information – They only ensure information is shared securely and the privacy of patients is preserved. These outreach efforts are likely to be impacted by the loss of the Office of the Chief Privacy Officer.

Rucker explained that discussions are now taking place between ONC and OCR to determine how these and other tasks will be performed, but explained that privacy and security are implicit in all aspects of the work performed by ONC and that will not change.

Cutbacks are inevitable with the trimming of the ONC’s budget but Rucker has explained that the HHS will continue to ensure privacy and security issues are dealt with and efforts to improve understanding of the HIPAA Privacy and Security Rules will also continue.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On