HHS’ Office for Civil Rights appoints new director

OCR logo

The U.S. Health and Human Services’ (HHS) Office for Civil Rights (OCR) has appointed a new director, Lisa J. Pino. Originally from New York City, Pino worked as a legal aid attorney before joining the government.

One of several OCR tasks is to regulate and enforce HIPAA, the Health Insurance Portability and Accountability Act of 1996. The OCR director is responsible for its enforcement and supporting the administration’s agenda.

Under HIPAA and its addendums, covered entities must commit to keeping protected health information (PHI) secure.

SEE ALSO: HIPAA compliant email

HHS’ Office for Civil Rights and HIPAA

Besides enforcing federal civil rights and conscience and religious freedom laws, OCR is most known for its enforcement of HIPAA. HIPAA protects the rights and privacy of patients and combats fraud and abuse related to PHI.

RELATED: Understanding and implementing HIPAA rules

OCR enforcement largely concentrations on the following HIPAA rules:

Any covered entity that commits a HIPAA violation may be subject to fines and a HIPAA corrective action plan.

Pino takes over for Roger Severino (appointed under the Trump administration) and Robinsue Frohboese (acting director between administrations).

About Lisa J. Pino

Pino comes to OCR from the New York State Department of Health where she led New York’s COVID-19 response. Previously, she was a senior executive service official at the U.S. Department of Homeland Security (DHS) under the Obama administration.

While with DHS she led the mitigation of the largest hack in federal history at the U.S. Office of Personnel Management in 2015, establishing new cybersecurity regulatory protections and renegotiating vendor procurements.

Before DHS, Pino was deputy administrator of the U.S. Department of Agriculture’s (USDA) Supplemental Nutrition Assistance Program (SNAP) and served as the USDA deputy assistant security for civil rights.

“Lisa is an exceptional public servant, and I am delighted to welcome her to the role of the Director of [OCR],” stated Xavier Becerra, HHS secretary, in the September announcement. “Her breadth of experience and management expertise . . . will help ensure that we protect the rights of every person across the country as we work to build a healthier America.”

A new Office for Civil Rights focus

Typically, the background of OCR’s director influences the agency’s agenda. Given that Pino is familiar with data security, a good assumption is that OCR will concentrate on data breach prevention.

Sara Goldstein at BakerHostetler recently gave further insight into possible focal points:

Other possible key changes include more accessible documentation/guidance, an emphasis on breach management and risk assessment, and stronger compliance and enforcement actions.

Finally, one issue to address is the future of the January 2021 Notice of Proposed Rulemaking that modifies the Privacy Rule and the HITECH Act by addressing standards that may impede healthcare coordination and communication.

No changes to the need for strong email security

One thing that won’t change when it comes to HIPAA is the need for solid HIPAA compliant email.

Paubox Email Suite guarantees robust email security and HIPAA compliance by automatically encrypting all emails. Moreover, our Plus and Premium plans come with proactive inbound tools like Zero Trust Email and ExecProtect, which block different types of cyberattacks.

Emails are delivered directly to inboxes without requiring extra passwords, logins, or portals. And even better, Paubox Email Suite works from an existing email platform such as Google Workspace or Microsoft 365.

Our solution is HITRUST CSF certified, demonstrating that Paubox has met key regulatory requirements to appropriately manage risk and ensure HIPAA compliance as regulated by OCR.

Try Paubox Email Suite for FREE today.

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader