The U.S. Department of Health and Human Services has named attorney Paula Stannard as the new director of its OCR. The Office for Civil Rights is the primary enforcement agency for the Health Insurance Portability and Accountability Act, also known as HIPAA. Stannard was a former legal adviser and counsel at HHS previously under the first Trump administration and also during the Bush administration. Some of her former colleagues say she is well-suited for this new post, bringing deep knowledge from past government experience. Most recently, Stannard served as the chief legal counsel at the Montana Department of Public Health and Human Services for the state.
In her new important leadership role, Stannard will take charge of an HHS agency that has experienced a skyrocketing workload in recent years. This significant increase is directly due to the sharp rise in major health data breaches, including those involving hacking and ransomware incidents. There has also been a major rise in various HIPAA complaints, particularly involving alleged violations of the HIPAA right of access provision. The agency is also quite active in important rulemaking work, including a proposed major revamp of the 20-year-old HIPAA security rule. This proposed rulemaking from the prior administration has since faced heavy criticism from many different healthcare sector organizations and various lobbying groups.
Industry experts have publicly said it is far too soon to predict where HHS OCR will take that proposed security rule now. This is especially true under the current Trump administration’s known deregulatory push and with the agency’s brand new leadership team. Retired regulatory attorney David Holtzman said he is concerned about the perpetually under-resourced OCR now taking on a range of extra duties. This is part of the recent HHS reorganization and significant departmental downsizing, which has reduced the overall number of available federal employees. Over all the recent years, HHS OCR has unfortunately faced flat budgets even as its massive load of HIPAA breach investigations has soared.
OCR is now also taking on some additional new responsibilities in the administration and enforcement of confidentiality of substance use disorder information. These specific 42 CFR Part 2 regulations were previously under the Substance Abuse and Mental Health Services Administration, also known as SAMHSA. That particular agency, SAMHSA, was reportedly gutted under the recent HHS downsizing and extensive departmental government restructuring efforts by the current administration. One expert questioned how OCR intends to carry out their new authority while absorbing such extreme cuts to personnel and various resources. It is widely expected that HIPAA investigations will now take significantly longer to conclude in the coming years.
Reference:
