OCR HIPAA Enforcer to Leave OCR for Pastures New

Share this article on:

Leon Rodriguez, Director of the Office for Civil Rights and the man charged with enforcing the Health Insurance Portability and Accountability Act, has been nominated by President Obama for the position of Director of United States Citizenship and Immigration Services at the Department of Homeland Security.

The position has been vacated by Alejandro N. Mayorkas who will be taking up a new role as Deputy Secretary at the Department of Health and Human Services. Rodriguez does not yet have the job – his appointment will have to be authorized by the senate – but he is looking increasingly likely to leave the OCR, where he has served as Director since September 2011. Rodriguez also held the position of chief of staff and deputy assistant attorney general for civil rights at the Department of Justice prior to taking up the role of enforcer at the OCR.

Should Rodriguez depart it will leave a void at the OCR which will be difficult to fill. Rodriguez has been instrumental in developing the audit protocols and policing HIPAA and internally there are few suitable candidates for the position. The person who was most likely to take over was David Holzman; however he left the OCR in the fall last year. This leaves Susan McAndrew as the main internal candidate for the position. McAndrew has been serving as deputy director for health information privacy and security at the OCR since May 2000, and has played an important role in the introduction of the HIPAA Privacy Rule. She has also been vocal about the lack of HIPAA enforcement by the OCR in the past and may be seen as an ideal replacement, although the new director may be appointed from another government position.

Last month Rodriguez announced that a permanent audit program will be introduced by the OCR which will have a narrower focus than the pilot audits conducted in 2012 and confirmed that the OCR will be more aggressive and will issue more financial penalties to organizations that fail to comply with data privacy and security rules.

In September 23, the day that the HIPAA Omnibus Rule became enforceable, Rodriguez announced that the next round of audits will “really look at the level of compliance at both covered entities and business associates.” The additional funding that the OCR hopes to generate from financial penalties will be used to finance further audit programs and police HIPAA more rigorously.

Should Rodriguez depart the OCR, it will be at a critical time with the next round of compliance audits being just on the horizon. His successor will need to act quickly if the audit program is to continue as planned.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On