Governance & Risk Management , Government , HIPAA/HITECH

Trump Picks Robert F. Kennedy Jr. to Head HHS

Vaccine Skeptic's Views on Health Privacy Not Well-Known
Trump Picks Robert F. Kennedy Jr. to Head HHS
President-elect Donald Trump picked Robert F. Kennedy Jr. to head up the U.S. Department of Health and Human Services (Image: Make America Healthy Again)

President-elect Donald Trump said Thursday he will nominate prominent vaccine skeptic Robert F. Kennedy Jr. as secretary to head up the U.S. Department of Health and Human Services.

See Also: Enterprise Browser Supporting Healthcare, Cyber Resilience

Kennedy's anti-vaccine, anti-fluoridated water, anti-processed food views have grabbed attention since they often depart from the scientific consensus. His stances on health information privacy, security and healthcare sector cyber matters are less known.

That means at the moment, Kennedy's potential plans for HHS' Office for Civil Rights and its HIPAA regulatory and enforcement work, or the Food and Drug Administration's medical device cybersecurity initiatives and related health sector cyber issues are a mystery.

Also a putative independent presidential candidate during the 2024 election, Kennedy endorsed Trump in August in exchange for a role in his future administration. Trump pledged to let Kennedy "go wild on health" during an Oct. 27 rally at Madison Square Garden in New York City.

"I do not know RFK Jr’s views on information privacy and security," said regulatory attorney Adam Greene of the law firm Davis Wright Tremaine.

"That being said, based on views of past Trump appointees and campaign issues, I expect that cybersecurity efforts such as updates to the HIPAA Security Rule will continue, albeit with significant delay as a new OCR director gets appointed and settled in," he said. The White House in October began a review of long-awaited updates to the 20-year-old HIPAA Security Rule containing modifications aimed at strengthening the cybersecurity of electronic protected health information (see: White House Reviewing Updates to HIPAA Security Rule).

The direction that Kennedy might take with some HIPAA issues will be influenced by the Trump administration's overall view on abortion and similar issues, Greene predicted.

"I expect that the new administration will indicate that it will not enforce, and ultimately will reverse, the 2024 HIPAA amendments on reproductive healthcare," Greene said, referring to an update of the HIPAA Privacy Rule that was enacted in June (see: Trump's Return: Impact on Health Sector Cyber, HIPAA Regs).

HHS' 291-page final HIPAA Privacy Rule to Support Reproductive Health Care Privacy prohibits the use or disclosure of protected health information when it is sought to investigate or impose liability on individuals, healthcare providers, or others who seek, obtain, provide or facilitate reproductive healthcare that is lawful under the circumstances in which such healthcare is provided.

The Biden administration modified the privacy rule in response to the 2022 Supreme Court Dobbs v. Jackson ruling that overturned a national right to obtain an abortion.

"The choice of the OCR director will likely set the tone for the agency's priorities on cybersecurity," said regulatory attorney Sara Goldstein, partner at law firm BakerHostetler. A traditional candidate likely wouldn't be very different from the Biden administration "since cybersecurity in healthcare is generally a bipartisan issue," she said.

One potential issue that could impact OCR's ability to fulfill its priorities is staffing, since a Kennedy Jr. confirmation as secretary could trigger an exodus of seasoned staffers. "If OCR staffing is reduced, whether by budget cuts or attrition, it is possible that more resources will be moved toward OCR’s privacy-related initiatives, which could potentially impact the agency’s focus on cybersecurity," Goldstein said.

Based on Kennedy's public statements, he envisions radically reforming the FDA, Goldstein said. "It is not clear whether he will be successful in his endeavors, but whatever actions he takes will likely impact the regulation of medical devices and cybersecurity issues."


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.