OCR appoints Timothy Noonan as acting deputy director after losing its second health privacy lead in 4 months

For the second time in less than four months, the Department of Health and Human Services has named a new top official to oversee health privacy and HIPAA enforcement.

Timothy Noonan, a regional manager for the HHS Office for Civil Rights in Atlanta, will replace Iliana Peters as the acting deputy director for health privacy at the Office for Civil Rights (OCR), a spokesperson confirmed to FierceHealthcare. The new appointment comes after Peters, who was named OCR's acting deputy director following the departure of Deven McGraw in October, joined the healthcare team at the law firm Polsinelli in Washington.  

RELATED: As ONC searches for a chief privacy officer, new priorities put the agency at a crossroads

Peters, who worked at OCR for 12 years, including five as a senior advisor, told FierceHealthcare she left for the private sector to spend more time helping healthcare organizations navigate HIPAA regulations and walking organizations through OCR's enforcement and settlement process

In an announcement this week, Polsinelli’s Health Care Department Chair Matt Murer underscored Peters’ experience shaping OCR’s enforcement agenda. He pointed specifically to Peters’ involvement in a recent $3.5 million settlement that OCR negotiated with Fresenius Medical Care.

RELATED: Fresenius Medical Care pays $3.5M settlement for five separate data breaches in 2012

"I spent five years building the enforcement program and working with regional offices, and during that time I came to the realization that a lot of the things we were enforcing as the regulator are things I could do a good job helping people from the private sector," she said.

Beyond HIPAA enforcement, OCR has a close working relationship with the Office of the National Coordinator for Health IT (ONC). Last year, ONC outlined plans to eliminate the Office of the Chief Privacy Officer, but maintain limited funding for the leadership position, which is required under HITECH. At that time, National Coordinator Don Rucker said he planned to lean on OCR for privacy support.

Kathryn Marchesini
Kathryn Marchesini (HealthIT.gov)

RELATED: ONC plans to lean on OCR for privacy support, which could shift the dynamics of the agency

In January, ONC appointed Kathryn Marchesini to fill the chief privacy officer role. In a press call following her appointment, Marchesini said she would continue to foster a close working relationship with OCR, an approach that McGraw has advocated for since her departure from the federal agency where she also served a short stint as ONC’s chief privacy officer.

Peters expects the two agencies will continue working together to address ongoing privacy concerns and publish guidance on emerging privacy issues regarding new technology, texting and social media. She also expects OCR to continue prioritizing enforcement following two multimillion settlements announced over the last two months. 

"I don’t think there's any reason why that would change," she said. 


In a statement to FierceHealthcare OCR spokesperson Lou Burton said Noonan has been serving as the acting deputy director for health information privacy since January 29, after four years as OCR's Southeast Regional Manager. 

"Tim brings a wealth of knowledge and experience to this position having developed the Southeast Region's Health Information Privacy outreach and enforcement program, and collaborating with OCR's [health information privacy] team in his multiple positions over the years."