No Funding for ONC Office of the Chief Privacy Officer in 2018

ONC National Coordinator Don Rucker, M.D., has confirmed that the office will be closed out in fiscal year 2018 due to the cuts  to the budget of the Office of the National Coordinator for Health Information Technology (ONC)

Deven McGraw, the Deputy Director for Health Information Privacy, had been acting as Acting Chief Privacy Officer until a permanent replacement for Lucia Savage was identified. However, it is now looking likely that a permanent replacement will not be sought.

One of the key duties of the Chief Privacy Officer is to ensure that privacy and security standards are addressed and health data is protected properly. The role of Chief Privacy Officer also advises the National Coordinator for Health IT on privacy and security policies covering electronic health information. However, Mr Rucker does not feel it is necessary for the ONC to have an entire office dedicated to privacy and security as other agencies in the HHS could assist and take on additional tasks to provide this service.

Though the appointment of a Chief Privacy Officer is required by the HITECH Act there is an alternative. The ONC may request personnel to be supplied from other HHS agencies. Faced with a $22 million cut in its operating budget, ONC will turn to the HHS’ Office for Civil Rights for assistance with privacy functions with the ONC only maintaining ‘limited support’ for the role of Chief Privacy Officer.

The Chief Privacy Officer role has been pivotal in highlighting HIPAA Rules in relation to privacy since the HITECH Act was passed.

Rucker explained that discussions are now being conducted between ONC and OCR to determine how these and other tasks will be carried out, but added that privacy and security are implicit in all aspects of the work performed by ONC and that will remain the case.

Financial cutbacks are inevitable with the trimming of the ONC’s budget but Rucker has outlined that the HHS will continue to ensure privacy and security issues are dealt with and efforts to improve understanding of the HIPAA Privacy and Security Rules will also continue as has always been the case.