The U.S. Health and Human Services’ (HHS) Office for Civil Rights (OCR) recently affirmed its new Director, Melanie Fontes Rainer. Fontes Rainer previously served as Acting Director and officially became Director in August 2022. Fontes Rainer succeeds Lisa J. Pino, who resigned in July 2022.
One of several OCR tasks is to regulate and enforce HIPAA, the Health Insurance Portability and Accountability Act of 1996. The OCR director is responsible for ensuring its proper implementation and for supporting the administration’s agenda. Under HIPAA and its addendums, covered entities must keep protected health information (PHI) secure.
SEE ALSO: HIPAA compliant email
HHS’ Office for Civil Rights and HIPAA
Besides enforcing federal civil rights and conscience and religious freedom laws, OCR is most known for its enforcement of HIPAA. HIPAA protects the rights and privacy of patients and combats fraud and abuse related to PHI.
Any healthcare organization dealing with PHI must utilize the administrative, physical and technical security measures required by HIPAA. OCR enforcement largely concentrates on the following HIPAA rules:
- Privacy Rule (2003) – provides guidelines on PHI use and disclosure
- Security Rule (2005) – sets necessary safeguards to protect electronic PHI (ePHI)
- Enforcement Rule (2006) – sets the standards of enforcing HIPAA and penalizing noncompliant healthcare providers
- HITECH Act (2009) – promotes the adoption and meaningful use of technology in healthcare
- Breach Notification Rule (2009) – requires healthcare providers to report data breaches
- Final Omnibus Rule (2013) – incorporates HITECH further by improving privacy protections
Recent updates to the rules give more rights to individuals and further explore technological advances within healthcare. Any covered entity that commits a HIPAA violation may be subject to fines and a HIPAA corrective action plan.
About Melanie Fontes Rainer
Fontes Rainer received her BSBA and JD from the University of Arizona and holds an MSEd from Brooklyn College, CUNY. Starting in 2015, she served in the U.S. Senate as a senior aide. She was also the Women’s Policy Director at the Senate Health, Education, Labor and Pensions Committee. Within these roles, she aided the passing of several transformative healthcare laws, such as:
Fontes Rainer also led the Senate’s work on the Affordable Care Act, reproductive rights and gender equity. After this, Fontes Rainer served as the Special Assistant to the Attorney General and Chief Health Advisor at the California Department of Justice, where she worked to protect the Affordable Care Act. She also facilitated the creation of a new office in California that concentrated on healthcare rights and access.
Fontes Rainer at OCR
Before becoming OCR Acting Director and then Director, Fontes Rainer served as a Counselor to HHS Secretary Xavier Becerra. Within this role, her aim was to improve:
- Civil rights
- Patient privacy
- Reproductive health
- The Affordable Care Act
- Competition in healthcare
- Consumer protection
- Private insurance markets
Furthermore, she helped implement many laws at HHS, such as the No Surprises Act. And as Acting Director, Fontes Rainer led OCR’s enforcement of the Privacy, Security and Breach Notifications Rules. She ensured accountability under the Patient Safety and Quality Improvement Act and the Patient Safety Rule.
According to Secretary Becerra, Fontes Rainer “devoted her entire professional career to public service and has worked tirelessly to ensure that health care is accessible, affordable, and available to all, no matter where you live or who you are. [Her] commitment and expertise are vital to implementing the health and human services priorities of the Biden-Harris Administration as we work to ensure families across the country know that we have their back.”
Fontes Rainer’s extensive background should prepare her for the challenges she will face in her role as OCR Director.
A new focus of OCR
Typically, the background of the OCR director influences the agency’s agenda. Given Fontes Rainer’s emphasis on federal civil rights, privacy laws and individual rights, we can ascertain the direction of OCR and HHS.
In a conversation with Nextgov, Fontes Rainer especially focused on the importance of ensuring the security of reproductive health data. This comes as concerns grow over the potential for law enforcement to use such data to prosecute individuals.
And as privacy threats grow, she explained that OCR wants to expand programs with stakeholders and other federal regulatory agencies. On this front, Fontes Rainer may want to provide further updates to guidance documents. She may also want to examine new policy options that provide better security to individuals.
“My job—our job—at HHS, is to protect [PHI] and how can we make sure that HIPAA today and HIPAA tomorrow continue to be the full force of protecting that privacy no matter what is happening in a legal landscape or what is happening in the courts,” she said. Accordingly, her path forward should lead to the continual protection of healthcare and health information privacy.
Meanwhile, keep patients safe with strong email security
One thing that won’t change when it comes to HIPAA is the need for solid HIPAA compliant email. Patients want to communicate through email, which is why it is important to do so safely and securely. Paubox Email Suite takes healthcare-related email seriously by providing seamless HIPAA compliant protections.
HIPAA requires reasonable safeguards for PHI, like encryption, and Paubox automatically encrypts all emails. Even better, Paubox Email Suite works from any existing email platform, such as Google Workspace or Microsoft 365. And our Plus and Premium plans incorporate proactive inbound tools like Zero Trust Email and ExecProtect.
Healthcare providers can have peace of mind as Paubox Email Suite will block numerous cyberattacks, such as ransomware, phishing, domain name spoofing and much more. Safe emails are delivered directly to inboxes without requiring extra passwords, logins or portals. Everything suspicious is quarantined.
Our solution is HITRUST-CSF certified, demonstrating that Paubox has met key regulatory requirements to appropriately manage risk. Paubox Email Suite ensures HIPAA compliance as required by OCR, letting healthcare organizations do what they do best: patient care.