Top Health Privacy Enforcer at HHS Retires
Susan McAndrew, leader of the HHS Office for Civil Rights unit that enforces the HIPAA privacy, security, breach notification and enforcement rules, has retired.
Susan McAndrew, leader of the HHS Office for Civil Rights unit that enforces the HIPAA privacy, security, breach notification and enforcement rules, has retired. Christina Heide, senior advisor for health information privacy policy at OCR and a veteran of the unit since 1999, is serving as acting deputy director for health information privacy.
McAndrew started her government career at the Food and Drug Administration, where she helped to craft the Food Stamp Act of 1997. She later practiced law in the District of Columbia for a dozen years before joining HHS in 2000 as a contractor to help develop HIPAA privacy regulations, and became leader of the OCR health privacy unit in 2001.
The unit originally had jurisdiction only for the HIPAA privacy rule and later added oversight and enforcement of the security, breach notification and enforcement rules, which include the emerging HIPAA audit program. Under McAndrew, more than 20 organizations have paid significant fines and entered into comprehensive corrective action programs after failing to comply with core components of HIPAA, and hundreds of other organizations that have experienced a breach of protected health information have worked with the privacy unit to improve their security.
In related news, OCR announced May 7 that New York-Presbyterian Hospital and Columbia University collectively paid $4.8 million to settle charges of violating the HIPAA privacy and security rules. It is the largest HIPAA settlement to date.
McAndrew started her government career at the Food and Drug Administration, where she helped to craft the Food Stamp Act of 1997. She later practiced law in the District of Columbia for a dozen years before joining HHS in 2000 as a contractor to help develop HIPAA privacy regulations, and became leader of the OCR health privacy unit in 2001.
The unit originally had jurisdiction only for the HIPAA privacy rule and later added oversight and enforcement of the security, breach notification and enforcement rules, which include the emerging HIPAA audit program. Under McAndrew, more than 20 organizations have paid significant fines and entered into comprehensive corrective action programs after failing to comply with core components of HIPAA, and hundreds of other organizations that have experienced a breach of protected health information have worked with the privacy unit to improve their security.
In related news, OCR announced May 7 that New York-Presbyterian Hospital and Columbia University collectively paid $4.8 million to settle charges of violating the HIPAA privacy and security rules. It is the largest HIPAA settlement to date.
More for you
Loading data for hdm_tax_topic #reducing-cost...