Kathryn Marchesini, Chief Privacy Officer, ONC, Chapter 2

Perhaps the most critical advantage the health IT industry has is that when it comes to the digitization of patient records, everyone is onboard. But just because it’s a bipartisan issues, it doesn’t mean any of it has come easy, particularly the interoperability piece.

That’s where ONC comes in. As part of the 21st Century Cures Act, ONC is charged with developing a framework to address the issues that are hindering the flow of data, all while ensuring data is secure. As Chief Privacy Officer, Kathryn Marchesini is front and center in that effort. In this interview, she discusses ONC’s key priorities, and how they work to obtain and incorporate feedback from all types of stakeholders. Marchesini also talks about how she has benefited from her experience as a technology consult, and the importance of having dedicated IT security leaders.

Chapter 1

Chapter 2



* “It’s a pivotal time to be in health privacy.”

* Getting “on-the-job training” as acting chief privacy officer in 2014

* Critical role of CISOs

* “Cybersecurity is a shared responsibility.”

* Selling security to the board: “It’s a constant battle”

* Risk assessments

* A culture of security: “Everyone has a role to play.”



LISTEN NOW USING THE PLAYER BELOW OR CLICK HERE TO SUBSCRIBE TO OUR iTUNES PODCAST FEED

Bold Statements

It’s a pivotal time to be in healthcare privacy. We’ve been very actively researching, analyzing, and thinking long and hard about many of these issues and questions for years, and now we’re looking at them through a technology-agnostic lens.

I’m doing what I can to help explain, ‘here’s what we’ve done, and here’s where we’ve been, why we are where we are, and where we’d like to go.’ I’m trying my best to bridge the gap between civil servants and political appointees, and provide some consistency.

It’s only a matter of time when an organization will experience a security or cybersecurity incident. Having someone in place who understands that risk will help organizations become better positioned to take preventative measures.

Make sure you know your audience, and try to articulate the problem, the impact, and the proposed solution through a business lens and overall perspective. In many instances, this means translating technical language and jargon to the practical realities that leaders face with business-oriented metrics.

Gamble:  You’ve been in your current role since January, having previously served as Senior Advisor and Deputy Director for Privacy. What were your thoughts on being named to this role, and how did you approach it?

Marchesini:  I’m very appreciative of the opportunity to continue serving and contributing to work that is deeply important and inspiring to me, and having the chance to work on things that make people’s lives better. I feel like it’s a pivotal time to be in healthcare privacy. We’ve been very actively researching, analyzing, and thinking long and hard about many of these issues and questions for years, and now we’re looking at them particularly through a technology-agnostic lens.

During the early years at ONC, and through the work of our federal advisory committees, the use cases we looked at were either theoretical, or the technology was in the early stages of development or adoption. Now we’re at a tipping point, and we’re trying our best to tackle some of these issues in tandem with the rapid advances in real time.

 

Gamble:  And this is a role that was going to be eliminated, interestingly. But clearly is a need for this position.

Marchesini:  Right. And in a way, I had on-the-job training for the role in 2014 when I served as the actin...