HHS Announces Closing Out of Office of the Chief Privacy Officer

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) will be closing out the Office of the Chief Privacy Officer in FY 2018 due to cuts to its budget.

The budget cuts are intended to make the ONC more accountable and a much leaner organization. The ONC will have to operate with $22 million less funding in FY 2018, and the Office of the Chief Privacy Officer is one of the early casualties.

The HITECH Act in 2009 required the HHS to appoint a Chief Privacy Officer, whose main role is to advise the National Coordinator on privacy and security polices, in addition to coordinating with other federal agencies, regions and states. The CPR has also played a significant role in outreach efforts to improve understanding of HIPAA Rules. The position is currently held by Deven McGraw, who took over as Acting CPO after Lucia Savage moved on in January this year.

The Chief Privacy Officer has an important role, although the closing of the office will naturally have an impact on the privacy and security tasks that can be performed by the ONC. Some of the CPO’s responsibilities could be taken on by other HHS departments such as the Office for Civil Rights, although since OCR is similarly facing budget cuts and already has an extensive workload, it is unclear at this stage how many additional tasks can be taken on.

ONC National Coordinator Don Rucker, M.D., confirmed that the office will be closed and said the CPO will only receive ‘limited support’. Consequently, much of the work conducted by the CPO and her staff will need to be scaled back. Rucker said discussions are now taking place between ONC and OCR to determine which duties can be taken on by the HIPAA enforcer.

The closing out of the Office of the Chief Privacy Officer does not mean the ONC – or HHS – will be making privacy and security less of a priority. Rucker has confirmed that privacy and security issues will still be dealt with and privacy and security will remain at the heart of everything the HHS and ONC does.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news