HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

OCR HIPAA Enforcer to Leave OCR for Pastures New

Leon Rodriguez, Director of the Office for Civil Rights and the man charged with enforcing the Health Insurance Portability and Accountability Act, has been nominated by President Obama for the position of Director of United States Citizenship and Immigration Services at the Department of Homeland Security.

The position has been vacated by Alejandro N. Mayorkas who will be taking up a new role as Deputy Secretary at the Department of Health and Human Services. Rodriguez does not yet have the job – his appointment will have to be authorized by the senate – but he is looking increasingly likely to leave the OCR, where he has served as Director since September 2011. Rodriguez also held the position of chief of staff and deputy assistant attorney general for civil rights at the Department of Justice prior to taking up the role of enforcer at the OCR.

Should Rodriguez depart it will leave a void at the OCR which will be difficult to fill. Rodriguez has been instrumental in developing the audit protocols and policing HIPAA and internally there are few suitable candidates for the position. The person who was most likely to take over was David Holzman; however he left the OCR in the fall last year. This leaves Susan McAndrew as the main internal candidate for the position. McAndrew has been serving as deputy director for health information privacy and security at the OCR since May 2000, and has played an important role in the introduction of the HIPAA Privacy Rule. She has also been vocal about the lack of HIPAA enforcement by the OCR in the past and may be seen as an ideal replacement, although the new director may be appointed from another government position.

Last month Rodriguez announced that a permanent audit program will be introduced by the OCR which will have a narrower focus than the pilot audits conducted in 2012 and confirmed that the OCR will be more aggressive and will issue more financial penalties to organizations that fail to comply with data privacy and security rules.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

In September 23, the day that the HIPAA Omnibus Rule became enforceable, Rodriguez announced that the next round of audits will “really look at the level of compliance at both covered entities and business associates.” The additional funding that the OCR hopes to generate from financial penalties will be used to finance further audit programs and police HIPAA more rigorously.

Should Rodriguez depart the OCR, it will be at a critical time with the next round of compliance audits being just on the horizon. His successor will need to act quickly if the audit program is to continue as planned.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.