TRENDING:

New ONC Privacy Chief's Rallying Cry

Lucia Savage Calls for Clarifying EHR, HIE Privacy Explanations Marianne Kolbasuk McGee (HealthInfoSec) • November 10, 2014     10 Minutes   
New ONC Privacy Chief's Rallying Cry
Lucia Savage

The secure national exchange of patients' health information for use in treatment will make progress once "we simplify what we say when we're explaining privacy to people," says Lucia Savage, new chief privacy officer at the Office of the National Coordinator for Health IT.

Although the HITECH Act financial incentive program over the last five years has propelled tens of thousands of healthcare organizations into "the brave new world of electronic health records," it's still difficult for many providers and patients to understand the basics of how privacy will be protected as more information is electronically accessed and exchanged, Savage says in an interview with Information Security Media Group.

Patients and providers often don't understand "what's happening, and not happening with their data," says Savage, who joined ONC last month and was previously an attorney at insurer United Healthcare.

"The [privacy] rules of HIPAA ... are really agnostic in how information is being transacted. They are the same for paper, faxes, and secure e-mail - the rules themselves, they care about who and what, and not about how," she says.

Savage knows from the frontlines about some of the misunderstandings when it comes to healthcare data exchange. In her work at United Healthcare, she served on the governance board of the Centers for Medicare & Medicaid Services' Multi-Payer Claims database project from 2011 to 2013 and collaborated with health information exchanges and state agencies in their planning with payers.

Overcoming Complexity

One of the biggest obstacles in achieving secure health information exchange that honors patients' privacy preferences, Savage says, is "the complicated rules environment."

"I'm not suggesting that rules be weakened at all," she says. But HIPAA, as well as various state laws, need to be much more clearly explained, she stresses. "You'll be hearing a lot more about that as we get into our interoperability roadmap," she says.

As funding for HITECH programs winds down, ONC's 10-year vision is shifting to a focus on building secure nationwide health information exchange based on the interoperability of electronic health records.

Savage recently succeeded Joy Pritts, who left the privacy post at ONC, a unit of the Department of Health and Human Services, in July after serving in the role for four years.

In this interview, Savage also discusses:

  • The importance of encryption in safeguarding data;
  • What's on her near-term agenda;
  • The mood at ONC, which has seen the recent departure of several senior officials, plus its leader, Karen DeSalvo, M.D., taking on additional duties, including Ebola response work, in her new position as HHS acting assistant secretary of health (see ONC's DeSalvo Stays On: Questions Arise).

Savage was appointed ONC chief privacy officer in October by HHS Secretary Sylvia Mathews Burwell. Before joining ONC, Savage was senior associate general counsel at United Healthcare, where she supervised a team that represents the insurer in its work in large data transactions related to health information exchanges, healthcare transparency projects, and other data-driven healthcare innovation projects. Previously, Savage was general counsel at the Pacific Business Group on Health and compliance manager at Stanford University.

Previous
FireEye CEO: The Evolution of Security
Next
David DeWalt: The Business of Security



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.