Timothy Noonan Named Deputy Director for Health Information Privacy at Office for Civil Rights

The Department of Health and Human Services’ Office for Civil Rights (OCR) has named Timothy Noonan Deputy Director for Health Information Privacy.

The role of the Deputy Director for Health Information Privacy is to lead the Health Information Privacy Division of the Office for Civil Rights, oversee OCR’s national health information privacy policy and outreach activities, and administer and enforce the HIPAA Privacy, Security, and Breach Notification Rules and the confidentiality provisions of the Patient Safety Rule.

Noonan has been serving as Acting Deputy Director for Health Information Privacy since January 29, 2018, following the departure of Iliana Peters. Prior to taking on the position of Acting Deputy Director for Health Information Privacy, Noonan served as OCR’s Southeast Regional Manager, before moving to OCR’s headquarters to serve as Acting Associate Deputy Director for Regional Operations and the Acting Director for Centralized Case Management Operations.

In his 22 months as Acting Deputy Director for Health Information Privacy, Noonan has helped secure more than $37 million in HIPAA civil monetary penalties and settlements, including the largest ever HIPAA penalty – The $16 million settlement with Anthem Inc. over its 78.8 million-record data breach in 2015.

Noonan has also helped create the Right of Access Enforcement Initiative, under which guidance was issued to help reinforce individuals’ right of access to their medical records and the first financial penalty for Right of Access failures was agreed with Bayfront Health St Petersburg.

Under Noonan, guidance has also been issued on Health Apps and a request for information was issued seeking feedback from the public on how the HIPAA Privacy Rule should be modified to promote coordinated, value-based health care.


Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.