Editor's Note: This story previously reported that Office for Civil Rights Director Leon Rodriguez will leave his post. President Barack Obama intends to nominate Rodriguez for director of the United States Citizenship and Immigration Services (USCIS) at the Department of Homeland Security, a process that is "highly variable" according to an OCR spokesperson. We regret the error.
The potential departure of U.S. Department of Health & Human Services Office for Civil Rights Director Leon Rodriguez (pictured) could leave OCR without its central leader just as the permanent HIPAA auditing program gets under way this year, HealthITSecurity reports.
Rodriguez, who has served as OCR director since 2011, could leave to become director of U.S. Citizenship and Immigration Services (USCIS); President Barack Obama recently announced his intention to nominate Rodriguez for the position. Previously, he was chief of staff and deputy assistant attorney general for civil rights at the Department of Justice.
Former OCR senior privacy and security advisor David Holtzman, who would have been a prime candidate to replace Rodriguez, according to the article, also left in November.
Susan McAndrew, OCR's deputy director for health information privacy and security, who has worked on the HIPAA Privacy Rule for HHS since May 2000, could be a top candidate to assume the OCR directorship, should Rodriguez be nominated and then confirmed by the Senate. McAndrew was widely quoted after a report from the U.S. Department of Health & Human Services Office of Inspector General dinged OCR on HIPAA enforcement, saying it had not conducted the required audits of covered entities to determine how they handle patient information and had failed to maintain documentation to support key decisions.
She updated the Health IT Policy Committee at its December meeting on new security auditing enforcement plans, according to a second HealthITSecurity story.
Rodriguez, speaking at the HIMSS Privacy and Security Forum in September, said the permanent audit program will be narrower in scope than the 2012 auditing pilot program.
Lack of thorough risk analysis was found to be a major weakness among healthcare organizations in the pilot program. Under OCR's permanent program, audits will place a special focus on vulnerabilities that can change from year to year, Rodriguez said.
Meanwhile, the Bipartisan Policy Center has concluded that HIPAA is "misunderstood, misapplied and over-applied" to the point of being burdensome to the sharing of patient information for improved care, based on input from a policy forum held last June.