The Department of Health and Human Services’ Office for Civil Rights (OCR) has appointed Timothy Noonan Deputy Director for Health Information Privacy.
The position of the Deputy Director for Health Information Privacy is to lead the Health Information Privacy Division of the Office for Civil Rights, oversee OCR’s national health information privacy policy and outreach activities, and administer and police the HIPAA Privacy, Security, and Breach Notification Rules and the confidentiality provisions of the Patient Safety Rule.
Noonan has been acting as Acting Deputy Director for Health Information Privacy since January 29, 2018, since the departure of Iliana Peters. Prior to taking on the position of Acting Deputy Director for Health Information Privacy, Noonan served as OCR’s Southeast Regional Manager, before shifting to the OCR’s headquarters to serve as Acting Associate Deputy Director for Regional Operations and the Acting Director for Centralized Case Management Operations.
In his 22 months as Acting Deputy Director for Health Information Privacy, Noonan has helped secure more than $37 million in HIPAA civil monetary penalties and settlements, including the largest ever HIPAA penalty – The $16 million settlement with Anthem Inc. over its 78.8 million-record data breach in 2015.
Noonan has also helped create the Right of Access Enforcement Initiative, under which guidance was issued to help reinforce individuals’ right of access to their medical records and the first fine for Right of Access failures was agreed with Bayfront Health St Petersburg.
Under the charge of Noonan, guidance has also been released on Health Apps and a request for information was sent out seeking feedback from the public on how the HIPAA Privacy Rule should be altered to promote coordinated, value-based health care.