The Office for Civil Rights, the HHS
division responsible for enforcing HIPAA, is slated to get a new director after the official departure of Leon Rodriguez.
Health and Human Services Secretary Sylvia Mathews Burwell reportedly sent out an internal email to staff on the appointment of Jocelyn Samuels as OCR director, replacing Leon Rodriguez
, according to a Gov Info Security report. Rodriguez was officially confirmed by the Senate to serve as director of the U.S. Citizenship and Immigration Services at the Department of Homeland Security June 24. President Barack Obama
had announced Rodriguez's nomination back in December.
Jocelyn Samuels will come to OCR from the Department of Justice, where she held the role of acting assistant attorney general in the civil rights division and was responsible for enforcing federal law pertaining to discrimination based on race, sex, national origin and disability.
Prior to her appointment at DOJ, Samuels served in the role of vice president for education and employment at the National Women's Law Center. Before that, she worked as labor counsel to Sen. Edward Kennedy and as senior policy attorney at the Equal Employment Opportunity Commission. She received her law degree from Columbia University.
An OCR spokesperson declined to comment on when Samuels is slated to assume the post.
Samuels will be overseeing HIPAA compliance and the official audit program slated to kick off this year.
"We're hopeful that our audits will begin, hopefully the end of this year, early next year," Iliana Peters, OCR senior advisor for HIPAA compliance and enforcement said this June at the HIMSS
and Healthcare IT News
Privacy and Security Forum. OCR expects to begin with covered entities and follow with business associates likely next year, she said.
These audits will include both desk audits, which officials anticipate will number between 150 and 200, and 50 on-site audits. "That number is a bit in flux," she added, a number that depends on the financial resources given to the division.
To date, OCR has levied $26 million in HIPAA settlements against entities found to have violated HIPAA privacy, security and breach notification rules.
Just this June, the six-hospital Parkview Health System in Fort Wayne, Ind., agreed to settle to the tune of $800,000 over an incident that involved dumping medical records unattended in a physician's driveway.