As the new chief privacy officer at the Office of the National Coordinator for Health IT, Kathryn Marchesini will confront an entirely new set of health IT privacy challenges, a growing number of industry players that fall outside HIPAA's purview and legislative mandates under the 21st Century Cures Act.
And she’ll have to do it with a potentially nonexistent privacy budget.
Three months after ONC’s former chief privacy officer Deven McGraw left the Department of Health and Human Services, the agency is handing the position to Marchesini, a seasoned privacy veteran with experience at several agencies within HHS, to navigate those privacy and security concerns.
Last year, National Coordinator Donald Rucker, M.D., said the agency would lean on the Office for Civil Rights to provide support on privacy and security matters. Months earlier, the agency—facing a $22 million budget cut in 2018—outlined plans to close the Office of the Chief Privacy Officer, but maintain limited support for the executive position. At that time, Deven McGraw, the deputy director for health information privacy at the Office for Civil Rights, was filling the role.
But McGraw left for the private sector in October, and after reviewing its partnership with OCR, ONC “felt it would be important to fill the position,” an ONC official said following Marchesini’s appointment.
As FierceHealthcare reported earlier this week, ONC finds itself at a crossroads regarding privacy and security. Several former officials highlighted new challenges for the agency as it shifts its focus to interoperability, usability and issues such as data blocking.
A great choice following in a short but incredibly impressive line. https://t.co/01k71D2uxK— Kirk J. Nahra (work) (@KirkJNahrawork) January 10, 2018
Marchesini, who occupied various positions at OCR and ONC over the past seven years, says the agency has “a laser-focused set of priorities” tied to 21st Century Cures and the industry shift following widespread EHR adoption. From a privacy perspective, she plans to tackle issues like uncertainty around identifiable health information, data accessibility, information blocking and providing guidance for industry players that fall outside the scope of HIPAA.
“We can zone in on some of the areas we’ve been looking long and hard at and address questions that didn’t previously exist or weren’t mainstream a few years ago,” she said in a press call.
Marchesini says ONC will continue to work closely with OCR, an approach McGraw has pushed for.
“When I held both positions, that synergy was really there,” McGraw told FierceHealthcare. “If that’s the model that you want to emulate, [Marchesini] is the right person to step into the role of providing that close coordination.”