Meet Melanie Fontes Rainer, Director, Office for Civil Rights, U.S. Department of Health and Human Services: “Working to make sure everyone has the best quality, affordable healthcare is my life’s mission”

Melanie Fontes Rainer

Melanie Fontes Rainer

Melanie Fontes Rainer (ocrmail@hhs.gov, linkedin.com/in/melaniefontesrainer/) is the Director at the U.S. Department of Health and Human Services Office for Civil Rights, Washington, DC.
Walter Johnson

Walter Johnson

Walter Johnson (walter.johnson@inova.org, linkedin.com/in/walter16/) is President of SCCE & HCCA, and Assistant Privacy Officer at Inova Health System, Washington, DC.
15 minute read

by Melanie Fontes Rainer and Walter Johnson

WJ: We all know that you are currently the Director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), but you also served as chief health care advisor at the California Department of Justice, you spent several years at the Center for Medicare & Medicaid Services, and also served as a senior aide in the Senate, where you were involved in the passage of several healthcare laws. What drives your passion for healthcare?

MFR: I grew up in a single-mother household. My mom worked for the U.S. Postal Service and was part of the union. I am incredibly lucky that I was raised by her, and that her government job meant that our family had healthcare. While the Affordable Care Act has made tremendous progress in getting Americans access to healthcare, for too many working families across the country, healthcare is still either difficult to obtain or completely out of reach. Every day, when I get up, this reality makes me want to do everything I can to help as many people as possible. Healthcare is a human right and an economic empowerment agent for communities. If people have healthcare, they can work; if people have healthcare, they can live. This is such a critical right, and working to make sure everyone has the best quality, affordable accessible healthcare is my life’s mission.

WJ: I also want to note that you were, at the start of your career, a math teacher for 7th- and 8th-grade students. As a parent and compliance officer, I must ask: What’s harder, teaching math to kids that age or shaping the nation’s healthcare policy?

MFR: Teaching. One thousand percent. Teachers have the hardest job on the planet. Teaching a middle schooler algebra or geometry is just one aspect of the job. As a teacher, you are not only educating, but also serving as a social worker, parent, friend, and so much more every day. And for most teachers, the work doesn’t end when they get home; there is preparation, planning, and sometimes engagement with students and families in your free time. Society would fail without teachers. Teachers have the most important job and are too often not compensated appropriately—or respected.

My job is incredibly important and helps people, and I love it, but it is not as important as the work of a teacher—nor is any other job I have ever had.

WJ: Let’s move on to some key issues you and your compliance teams manage. HIPAA has been the law since 1996 and is far from something new in healthcare. Yet, organizations often still struggle with it. What are the problems your office is finding these days?

MFR: We continue to see misinformation about HIPAA, whether it’s about what is being covered, who is covered, and what it protects. And with the advent of smartphones, the pandemic’s telehealth explosion, and the increased use of technology in care, we are seeing an uptick in misinformation about HIPAA. For example, phone apps say that they are “HIPAA certified,” but these apps are not regulated by HIPAA. Other concerns are the increased use of web tracking technologies to track consumer/patient behavior, a lack of forethought in entering into a business associate agreement, and not ensuring that protected data is not improperly used or disclosed in violation of HIPAA. Healthcare continues to evolve, and we are taking steps to ensure that our enforcement and guidance are keeping up.

Cyber threats and the need to bolster our security of health information systems is a key priority for OCR—one that has grown in importance since 1996 and with the evolution of our healthcare system. The substantial increase in large data breaches of unsecured protected health information (PHI) reflects the rise of hacking and IT incidents. This trend is continuing, and this year, to date, hacking accounts for 69% of the large breaches OCR has received. Over the past five years, large breaches caused by hacking have increased by 239%. For ransomware, these numbers are up 278%.

In our investigations, the most common compliance issues and violations we see are regulated entities failing to conduct a risk analysis, perform risk management, and implement access controls to prevent the wrong people from gaining access to electronic (ePHI), as well as failing to implement audit controls to examine activity in the information system and other basic requirements of the HIPAA Security Rule.

This document is only available to members. Please log in or become a member.
Become a Member Login
 

What to read next...

Artificial intelligence: Compliance considerations for provider organizations


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings