Healthcare Information Security

Patient Privacy News

ONC Chief Privacy Officer Joy Pritts to leave position

By Patrick Ouellette

- National Coordinator Karen DeSalvo announced that Office of the National Coordinator for Healthcare IT (ONC) Chief Privacy Officer Joy Pritts will be leaving ONC on July 12.

In an internal ONC memo sent to, DeSalvo praised the work Pritts has done as the first Chief Privacy Officer over her four and a half years at ONC, saying that because of her efforts, “privacy and security have become engrained in the ONC culture.” Before stepping down, Pritts wanted to aid and advise Desalvo during her first few months as National Coordinator. A critical aspect of Pritts’ job was to simultaneously improve both patient data privacy and accessibility, including her work toward patients getting direct access to their lab test results.

Joy and her team have made great strides in furthering policy and technology that improves individuals’ ability to choose when and how their health information may be electronically exchanged.  Joy’s team has also provided much needed technical assistance to providers on how to make sure that electronic health information is safe and secure.  Thanks to Joy’s perseverance, for the first time the Secretary’s Strategic Initiatives include a distinct initiative addressing privacy and security.

Pritts also played an integral role in working with other federal agencies on patient privacy policy development, according to Desalvo. The National Coordinator stressed that she is dedicated to patient privacy and working with the team Pritts is leaving behind to ensure that ONC privacy goals are met.

  • Creating your Enterprise Healthcare Mobility Network
  • Patient VDT portal authentication: Privacy considerations
  • Healthcare subcontractor breaches 570 patients’ data
  • CMS proposes 1-hour HIX data breach reporting period
  • Ensuring HIPAA Compliance Before a Potential HIPAA Audit
  • 57% of Orgs Spend Money on Endpoint, Mobile Security Technologies
  • HITRUST, Trend Micro Set to Improve Cyber Threat Management
  • Pending Cybersecurity Bills Unlikely to Pass in Congress
  • A look back at CDT HIPAA Omnibus Rule commentary
  • ONC Urges Mobile Application Security, Regulatory Adherence
  • PHI Security of 20K Possibly Affected from RI Laptop Theft
  • OIG releases biannual report, includes security recommendations
  • Is Patient Data Security At Risk with New Platform?
  • Los Angeles County DHS adds 170,200 patients to breach list
  • DirectTrust meets ONC HIE security accreditation goals
  • CHIME Notes Cybersecurity Challenge in MACRA Final Rule
  • Reviewing File Transfer Protocol Healthcare Cybersecurity Risks
  • AHA Calls for Revisions in Healthcare Data Privacy Rule
  • Potential Healthcare Data Breach for 485K USPS Workers
  • Kentucky auditor makes case for data breach notification law
  • CMS provides Meaningful Use privacy and security tips
  • HHS overhauls Security Rule with HIPAA omnibus provisions
  • Tucson patients’ data exposed; HHS breach tool updated
  • Barry University notifies patients of May data breach
  • NHHIO expands legislation for use and disclosure of protected health information
  • EHRA: National patient identity matching strategy needed
  • Stiffer encryption means better protection for PHI or EHR
  • Walgreens fined $1.44 million for pharmacist data breach
  • Implementing the NIST CSF for Improved Healthcare Data Security
  • HHS Secretary mandates new CMS chief risk officer position
  • Rehabilitation Facility Reports Patient Data Files Unattended
  • CHSI data breach result of Heartbleed bug, says TrustedSec
  • Factoring Security Into Health Data Disclosure Management
  • A Legal Breakdown of HIPAA, NAIC Cybersecurity Guidelines
  • Charles Stellar Named WEDI Interim President, CEO
  • How the Patient Safety Rule Ties into HIPAA Regulations
  • UPMC Reports Second Health Data Breach in Two Months
  • Secure Texting Ban Reinstated, Commission Calls for Guidance
  • ONC Proposes 2015 Health IT Certification Criteria Rules
  • NIST provides new security and privacy control catalogs
  • Is Healthcare Cloud Data Security Strong Enough?
  • Patient Privacy Concerns Eased with Senate Bill Progress
  • Why Health Data Security Requires Detection and Prevention
  • HHS proposes new data breach reporting rules for FFEs
  • Health Data Security Risks Hinder Stage 3 MU, Says AHA
  • What do healthcare providers use for HIPAA safeguards?
  • Building a HIPAA-compliant security program: Best practices
  • FSMB offers physician social media privacy guidelines
  • Privacy and security considerations for the new NV DIRECT
  • AMA Wants Better Health Data Privacy Before Stage 3 MU
  • OCR Levies Close to $80M in HIPAA Privacy Rule Fines
  • OSEHRA, VA reveal open source EHR security patching benefits
  • Possible PHI Security Breach in FL Respiratory Facility
  • Patients Allege Genetics Company Violated HIPAA Regulations
  • Health IT Discussed in Omnibus Spending Bill
  • HHS investigating HIPAA violation at Pa. 911 dispatch center
  • Healthcare Ransomware Leads Other Industries by Large Margin
  • OIG Stresses Information Security, Data Integrity for 2017
  • Patient privacy expert: Healthcare going back to the basics
  • Missing Encrypted Devices Leads to 7K Notification Letters
  • Beebe Healthcare suffers breach through contracted employee
  • Laptop stolen from N.M. Oncology and Hematology Consultants
  • Conn. Seeks Health Data Encryption Policy
  • Healthcare BYOD security: Don’t block it, control it
  • How a Mich. Hospital Stays Proactive in Health Data Security
  • New Business Associate Group Talks Healthcare Data Security
  • How staff training can enable HIE despite tough privacy laws
  • OCR outlines recent privacy education, outreach efforts
  • HIMSS: Medical Device Security, Data Breaches Top Concerns
  • Why Healthcare is a ‘Sitting Duck’ in Data Protection Measures
  • Health Data Security Vital for ‘Most Wired’ Cibola Hospital
  • UC Davis Health creates EHR, user access provisioning tool
  • Using Threat Intelligence to Improve Healthcare Cybersecurity
  • US-CERT Warns of Petya Ransomware, Microsoft Vulnerabilities
  • Focusing on Healthcare IoT Security with Expanding Market
  • Healthcare Cloud Adoption Slow Due to HIPAA, Survey Finds
  • VA Senator Violates HIPAA in Sharing Patient Information
  • Is Health Data Security Improved or Hindered with CISOs?
  • Secure HIE Highlighted in DirectTrust, FHA Federal Bundle
  • Top 5 Things to Remember About OCR HIPAA Audits
  • Human error tops Ponemon patient data security study threats
  • Stolen laptop from closed practice cited in NY data breach
  • Why Healthcare Providers Should Consider Data Encryption
  • Gaps Found in Healthcare Cybersecurity Threat Detection
  • DataMotion security survey: Healthcare compliance improving
  • AHIMA Continues Push for Balance in Patient Data Access, Security
  • Weak Healthcare Cybersecurity Employee Training Affects IT Security
  • Are You Prepared for Wearables and Mobile Health Security?
  • Healthcare Pros Worry about Data Security at Other Organizations
  • HIPAA audit preparation and compliance: BA effects on CEs
  • Eastside Medical Center loses paper patient records
  • Weighing the privacy risks of mobile health and fitness apps
  • Reintroduced Meaningful Use Bill Quickly Gains Support
  • Prioritizing Healthcare Data Security in Aggregation, Sharing
  • ISAO SO Releases Cybersecurity Information Sharing Guidance
  • Possible Health Data Breaches From Fraud, Online Exposure
  • AHIMA Director discusses HIPAA omnibus privacy practices
  • ONC Report: Trust Strengthens for EHR Privacy and Security
  • ONC releases implementation guidelines for Direct exchange
  • How Does Health Data Security Tie in to Patient Access?
  • I am committed to stressing the responsibility shared by all with regard to privacy and security in health information technology.  Fortunately, Joy has built a strong team that will continue the important work she started, and will help carry on the legacy of work to ensure that health IT is used to improve the health of all Americans in a private and secure manner.

    Desalvo added that she will work with Pritts in finding a new Chief Privacy Officer for both the short and long term.


    SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

    HIPAA Compliance
    Data Breaches

    Our privacy policy

    no, thanks