Top Health Privacy Enforcer at HHS Retires
McAndrew started her government career at the Food and Drug Administration, where she helped to craft the Food Stamp Act of 1997. She later practiced law in the District of Columbia for a dozen years before joining HHS in 2000 as a contractor to help develop HIPAA privacy regulations, and became leader of the OCR health privacy unit in 2001.
The unit originally had jurisdiction only for the HIPAA privacy rule and later added oversight and enforcement of the security, breach notification and enforcement rules, which include the emerging HIPAA audit program. Under McAndrew, more than 20 organizations have paid significant fines and entered into comprehensive corrective action programs after failing to comply with core components of HIPAA, and hundreds of other organizations that have experienced a breach of protected health information have worked with the privacy unit to improve their security.
In related news, OCR announced May 7 that New York-Presbyterian Hospital and Columbia University collectively paid $4.8 million to settle charges of violating the HIPAA privacy and security rules. It is the largest HIPAA settlement to date.