HHS Secretary Kathleen Sebelius appointed Georgina Verdugo, a former prosecutor and Clinton administration official to lead the department's civil rights office, which recently took over enforcement of the security rule of the Health Insurance Portability and Accountability Act of 1996.
Verdugo joined HHS from private law practice in Los Angeles. During the Clinton administration she was a deputy assistant attorney general in the Justice Department's legislative affairs office. After leaving that post, she was chief of staff for U.S. Rep. Lucille Roybal-Allard (D-Calif.), and then executive director of Americans for a Fair Chance, a consortium of groups advocating affirmative action. From 2002 to 2003 she was an assistant U.S. attorney in San Diego, and from 2004 to 2008 she was associate counsel for the Los Angeles Unified School District.
Verdugo comes to the civil rights office as it takes an expanded role in protecting personal health information. The office has overseen the privacy provisions of HIPAA since 2003, but the law's security rule, which applies specifically to electronic health information, has been in the hands of the CMS since it was implemented in 2005.
In August, Sebelius consolidated enforcement authority in the civil rights office with a reach newly extended to business associates of healthcare organizations as a result of the American Recovery and Reinvestment Act of 2009.
HHS' inspector general's office, in a report issued in October 2008, criticized the CMS for relying on complaints to fulfill its obligation to enforce the rule and failing to conduct proactive compliance reviews delegated under the law. The CMS may have effectively encouraged voluntary compliance, according to the report, but could not address “significant vulnerabilities” identified in the inspector general's audits of hospitals.
Meanwhile Congress asked for heightened attention to the protection of personal health information as it put billions of dollars into speeding the adoption of electronic health records. The health information technology provisions of the stimulus law call for ramped up protection of health information by increasing penalties for violations and applying the privacy and security rules to business associates of the healthcare organizations targeted by the law.
What do you think? Write us with your comments at hitsdaily@modernhealthcare.com. Please include your name, title and hometown.
