ONC names Joy Pritts as its first Chief Privacy Officer

HHS announced on Wednesday that Joy Pritts has been named the Chief Privacy Officer for the Office of the National Coordinator for Health Information Technology. Pritts, a lawyer and Georgetown University professor specializing in health law and policy, has done research focused on privacy of health information, including issues related to patient access and consent and healthcare organizational responsibilities for protecting data contained in medical records. Her appointment to a position required to be filled by this week under a provision contained in the HITECH Act (P.L. 111-5 §3001(e)) comes at an opportune time, given the need for ONC to provide more explicit guidance on how healthcare organizations and other entities addressed in the HITECH Act can adopt appropriate practices to be able to follow fair information practices and legal obligations for personal health information. Recent discussions among members of the Health IT Policy Committee workgroups considering the new meaningful use rules, measures, and criteria have highlighted the absence of any specific criteria for privacy. This leaves healthcare organizations in essentially the same place they were before — required to comply with HIPAA Privacy Rule requirements and other relevant privacy laws, but without any new or specific obligations to ensure that patient preferences on disclosure and consent for use are captured, maintained, and honored.