Kathryn Marchesini, Chief Privacy Officer, ONC, Chapter 1

Perhaps the most critical advantage the health IT industry has is that when it comes to the digitization of patient records, everyone is onboard. But just because it’s a bipartisan issues, it doesn’t mean any of it has come easy, particularly the interoperability piece.

That’s where ONC comes in. As part of the 21st Century Cures Act, ONC is charged with developing a framework to address the issues that are hindering the flow of data, all while ensuring data is secure. As Chief Privacy Officer, Kathryn Marchesini is front and center in that effort. In this interview, she discusses ONC’s key priorities, and how they work to obtain and incorporate feedback from all types of stakeholders. Marchesini also talks about how she has benefited from her experience as a technology consult, and the importance of having dedicated IT security leaders.

Chapter 1



* ONC’s goal “inspire confidence and trust in health IT”

* Being the “voice of privacy & security”

* Soliciting feedback through multiple platforms

* “Everyone has a different perspective and a different experience.”

* Trusted Exchange Framework to “focus on areas where the industry couldn’t agree.”

* Wading through 200-plus comments

* Defining exceptions for data blocking



LISTEN NOW USING THE PLAYER BELOW OR CLICK HERE TO SUBSCRIBE TO OUR iTUNES PODCAST FEED

Bold Statements

It’s about making sure there’s support for accessing, sharing, and using electronic health information from a multitude of sources, for a variety of purposes, while ensuring a coordinated approach to privacy and security.

ONC is very public-facing; to the extent that a particular group is interested in meeting with them, ONC is always willing to hear from various stakeholders, including healthcare providers.

At a very high level, the Trusted Exchange Framework was developed to help address interoperability in the 75 percent of states where information does not freely flow where and when it’s needed most by the patients and their providers.

What Congress has asked ONC to do is define the exceptions for what information blocking is, when it’s okay for information not to be shared for a particular purpose, or if there’s an existing law that requires an organization to meet some conditions before information is shared.

Gamble:  Hi Kathryn, thanks so much for taking some time to speak with healthsystemCIO.com.

Marchesini:  Happy to, Kate. Thanks again for having me.

Gamble:  Sure. To start off, can you give a high-level overview of your role as chief privacy officer?

Marchesini:  Much of what I focus on deals with looking at privacy and security issues at the intersection of accessing, using, maintaining, and sharing electronic health information, particularly those issues that are germane to health IT and emerging technology as it’s being developed and implemented. It’s also making sure electronic health information is securely available through the healthcare infrastructure to improve the health and care of all Americans in their communities, as well as in support of the HHS Department’s mission to enhance and protect the health and well-being of all Americans.

I’m also working to encourage ONC to continue inspiring confidence and trust in health IT and electronic health information exchange as the healthcare infrastructure evolves. In a way, I serve as a constant voice of privacy and security in helping make sure that as ONC is making policy and technical decisions impacting the privacy and security of health information — particularly as they relate to supporting the relevant statutory activities outlined in the 21st Century Cures Act to help modernize and personalize healthcare — that we continue improving individuals’ access to their electronic health information.