ONC's Top Privacy Priorities for 2016Chief Privacy Officer Lucia Savage Pinpoints Key Issues
Now that it has issued its 10-year roadmap for secure, interoperable health information exchange, the Office of the National Coordinator for Health IT has a number of key privacy-related projects planned for 2016, says Lucia Savage, ONC's chief privacy officer.
In its roadmap, ONC notes that interoperable electronic health record systems and secure national health information exchange are necessary for achieving its vision of a "learning health system." It defines that term as a system in which health information "flows seamlessly and is available to the right people, at the right place, at the right time to better inform decision making to improve individual health, community health and population health."
Savage and her team plan to address a number of interoperability hurdles next year, she says in this in-depth interview with Information Security Media Group.
"We have a lot of work planned ... reminding people of what HIPAA actually provides," she says, not only in terms of privacy and security protections, but also patients' rights to access their information. ONC also plans to clarify misunderstandings about HIPAA's privacy regulations that are often used as excuses by healthcare providers for not sharing patient information with other organizations.
Breaking down barriers to information sharing is a top ONC priority for the year ahead, Savage says. "How do we move away from people keeping information to themselves when they're capable of, but are choosing not to, share it?" she asks.
ONC is working with the Centers for Medicare and Medicaid Services - a sister unit within the Department of Health and Human Services - to collect and analyze public complaints about health information blocking incidents, she says. Back in April, ONC issued a report to Congress on the blocking issue (see Overcoming Health Info Exchange Blocking).
Next year, ONC also plans to kick off a privacy project with the National Governors Association to address barriers to health information exchange, including differences in state privacy laws.
Another privacy-related priority for next year, she says, involves the issue of enabling patients to opt in or opt out of having some or all data exchanged. For example, ONC will work on creating an architecture for documenting patient choice about the use of their data for research, she says.
In the interview (see audio link below photo), Savage also discusses:
- Short-term and longer-term privacy and security goals highlighted in ONC's recently released 10-year interoperability roadmap;
- How ONC's interoperability roadmap supports the Obama administration's Precision Medicine Initiative, which is focused on developing treatments, diagnostics and prevention strategies tailored to a patient's characteristics;
- Progress ONC would like to see in the broader implementation of encryption and more robust authentication methods and technologies.
Savage was appointed ONC chief privacy officer in October 2014 by HHS Secretary Sylvia Mathews Burwell. Before joining ONC, she was senior associate general counsel at United Healthcare, where she supervised a team that represents the insurer in its work in large data transactions related to health information exchanges, healthcare transparency projects and other data-driven health care innovation projects. Previously, Savage was general counsel at the Pacific Business Group on Health and compliance manager at Stanford University.