Healthcare Information Security

Patient Privacy News

ONC Chief Privacy Officer Joy Pritts to leave position

By Patrick Ouellette

- National Coordinator Karen DeSalvo announced that Office of the National Coordinator for Healthcare IT (ONC) Chief Privacy Officer Joy Pritts will be leaving ONC on July 12.

In an internal ONC memo sent to, DeSalvo praised the work Pritts has done as the first Chief Privacy Officer over her four and a half years at ONC, saying that because of her efforts, “privacy and security have become engrained in the ONC culture.” Before stepping down, Pritts wanted to aid and advise Desalvo during her first few months as National Coordinator. A critical aspect of Pritts’ job was to simultaneously improve both patient data privacy and accessibility, including her work toward patients getting direct access to their lab test results.

Joy and her team have made great strides in furthering policy and technology that improves individuals’ ability to choose when and how their health information may be electronically exchanged.  Joy’s team has also provided much needed technical assistance to providers on how to make sure that electronic health information is safe and secure.  Thanks to Joy’s perseverance, for the first time the Secretary’s Strategic Initiatives include a distinct initiative addressing privacy and security.

Pritts also played an integral role in working with other federal agencies on patient privacy policy development, according to Desalvo. The National Coordinator stressed that she is dedicated to patient privacy and working with the team Pritts is leaving behind to ensure that ONC privacy goals are met.

  • Are Medical Practices Prepared for OCR HIPAA Audits?
  • CAHIE to Head NATE’s Secure Direct Messaging and HIE Program
  • LSU-S aims to revise EHR security policies
  • Making security decisions as a small practice, ACO member
  • Chief security officer Q&A: 2013 health security initiatives
  • Updates Sought on Personal Health Record Model Privacy Notice
  • Nemours Chief Privacy Officer focuses on training, awareness
  • HIMSS Responds To NIST Cybersecurity Framework RFI
  • Healthcare Data Breach in CA Caused by Impersonation Scam
  • Questions linger around sensitive health data security
  • What Does the Latest Meaningful Use Extension Mean?
  • OCR HIPAA Settlement Costs New York Hospital $2.2M
  • Working through a HIPAA omnibus compliance checklist
  • Healthcare cloud security: Staying current with BAAs, SLAs
  • Health Data Breaches Accounted for 37% of all 2014 Incidents
  • Delaware HIN undergoes successful risk assessment
  • Why Latest OCR HIPAA Audits are About Compliance, Action
  • Patient identity matching: Addressing privacy questions
  • Patient Privacy Violated Following Employee Theft in Oregon
  • HIPAA audit preparation and compliance: BA effects on CEs
  • How Will New Research Bill Affect HIPAA Regulations?
  • 12 privacy and security trends that affect healthcare
  • No HIPAA Violation for Employees Retaining PHI, Says Court
  • FDA seeks comment on cybersecurity in medical devices
  • PHI Potentially Exposed by Calif. Group with X-Ray Dump
  • Why Prompt Health Data Breach Notification is Essential
  • Foreign countries hack VA system and expose vulnerabilities
  • EHR Association provides Stage 2 Meaningful Use security tips
  • Health Data Security Considerations in Precision Medicine
  • Telemedicine privacy, security considerations for providers
  • Remaining Vigilant Against Increasing Healthcare Ransomware Threats
  • Why Hospital Boards Must Understand Healthcare Cybersecurity
  • NYC Health Center Notifies 1,500 Patients of PHI Data Breach
  • Learning from the Banner Health Cybersecurity Attack
  • Medical center looks at hybrid cloud options, security needs
  • HIPAA Privacy Rule: Notice of Privacy Practices requirements
  • HIPAA Omnibus Rule webcast: New regulation considerations
  • Schneck Medical Center exposes patient information
  • Potential Health Data Breach, 40,000 Patient Records Stolen
  • Cyber Attack, Stolen Patient Records Equal Security Breaches
  • Privacy and security considerations for the new NV DIRECT
  • HIPAA Regulations Not Applicable in TN Supreme Court Case
  • Medical Device Integration, IoT Pose Cybersecurity Risks
  • Improving Patient Privacy, Workflow with HIPAA Compliant Forms
  • Recent Executive Order to Strengthen Federal Cybersecurity
  • DDoS attack considerations for healthcare organizations
  • Farzad Mostashari at HIMSS13: HIE security is paramount
  • Community Health sends patients data breach notifications
  • UMass informs 1,600 patients of data breach
  • Potential Health Data Breach for Montana Urology Clinic
  • CISO focuses on compliance, collaboration for SANS summit
  • What Are Top Healthcare Cloud Security Concerns?
  • Balancing risk management and patient data security technology
  • Improving Health Data Security with Payment Security Controls
  • PHI Data Breach Leads to $387K OCR HIPAA Settlement
  • ONC Privacy and Security Tiger Team presents key issues
  • Five HIPAA Omnibus Compliance Myths
  • Securing healthcare endpoints with thin, virtual technologies
  • Top five qualities of a healthcare secure messaging platform
  • Reconciling clinical needs with user authentication methods
  • St. Joseph Health Agrees to $2.14M OCR HIPAA Settlement
  • EHR Contingency Plans Part of OIG 2016 Health IT Focus
  • What the HIPAA Omnibus Rule meant for healthcare in 2013
  • Triple-S receives $6.8M fine for HIPAA violation
  • NIST signs on vendors to develop cybersecurity framework
  • Potential Patient Privacy Violations in Mass. Emails
  • EHR Privacy, Security Part of New Bi-Partisan Group’s Goals
  • Taking charge of HIE and EHR security in legal agreements
  • Comments Sought on Healthcare Cybersecurity Draft Guide
  • Will Healthcare Data Encryption be Impacted by NIST Guide?
  • Applying Healthcare Security Lessons to New Malware Threats
  • AHIMA: Healthcare Data Privacy, Security Top HIM Topic for 2018
  • OCR dismisses Walgreens ‘Well Experience’ HIPAA complaint
  • Apple HealthKit privacy questions for providers, developers
  • Health Data Breaches From Theft, Improper Disposal
  • Why Healthcare Cybersecurity Should be Top Priority for Execs
  • Patients sue Dorn VA medical center for health data breach
  • Senate Leaders Call for Anthem Data Breach Notification
  • Redspin 2012 health data breach report breakdown
  • HHS Reviews HIPAA Rules Following Hurricane Harvey
  • Mobile App Security Top Concern for Health IT Decision Makers
  • OCR provides new security auditing enforcement plans
  • Apple HealthKit collaboration talks: HIPAA implications
  • Healthcare Data Breaches Most Common in 2015 Incidents
  • Protecting Against Unauthorized Healthcare Data Access
  • Healthcare data vulnerability concerns: Mobile and cloud
  • Allina Health Privacy Incident Possibly Exposes Patient Info
  • Vendor Healthcare Data Breach Exposes Info on 87K Patients
  • A look at HIPAA technical safeguard requirements
  • Mich. Health Dept. reveals 2,595-patient data breach
  • OIG Finds Medicaid Risk Management Process Lacking in S.C.
  • Farzad Mostashari implores healthcare security innovation
  • ICS Collection Service alerts UCPG patients of data breach
  • ONC Privacy and Security panelists discuss security methods
  • Report reveals long-term VA patient data security failures
  • Verifying the specifics of a HIPAA-compliant product
  • OIG Finds Information Security Issues with VA Audit Logs
  • Patient Privacy Violation Questioned with Medical Records Dump
  • Personal Data of 200,000 Compromised by Former Employee
  • Fla. lawsuit alleges large-scale health data breach
  • I am committed to stressing the responsibility shared by all with regard to privacy and security in health information technology.  Fortunately, Joy has built a strong team that will continue the important work she started, and will help carry on the legacy of work to ensure that health IT is used to improve the health of all Americans in a private and secure manner.

    Desalvo added that she will work with Pritts in finding a new Chief Privacy Officer for both the short and long term.


    SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

    HIPAA Compliance
    Data Breaches

    Our privacy policy

    no, thanks