TRENDING:

HHS Names New ONC Privacy Chief

United Healthcare's Lucia Savage to Join Agency Marianne Kolbasuk McGee (HealthInfoSec) • October 14, 2014    
HHS Names New ONC Privacy Chief
Lucia Savage

The Department of Health and Human Services has appointed Lucia Savage, an attorney at insurer United Healthcare, as the new chief privacy officer of the Office of the National Coordinator for Health IT.

See Also: Mastering Data Dilemmas: Navigating Privacy, Localization and Sovereignty

ONC is best known for its work on guidelines for the HITECH Act's electronic health records incentive program, but its projects are changing as HITECH funding winds down.

The chief privacy officer position, created in 2010, provides advice to HHS and ONC on developing privacy and security programs to carry out mandates in the HITECH Act. Looking ahead, the post will also help set privacy and security programs as ONC moves into post-HITECH initiatives.

Savage, who will join ONC on Oct. 20, is currently senior associate general counsel at United Healthcare, where she supervises a team that represents the insurer in its work in large data transactions related to health information exchanges, healthcare transparency projects, and other data-driven healthcare innovation projects, according to an announcement from ONC's leader, Karen DeSalvo, M.D. Savage was appointed by HHS secretary Sylvia Mathews Burwell.

"[Savage] brings to our team a set of rich experiences at the intersection of health information, privacy, and modernizing the health care delivery system," DeSalvo wrote in her announcement to ONC staff, which ONC shared with Information Security Media Group. "She has stellar qualifications and a passion for health IT. ... I am confident that she will bring her wealth of experience to advance critical privacy and security policies in health IT development and implementation."

Savage is succeeding Joy Pritts, who left the post in July after serving in the top ONC privacy job for four years.

Pritts tells ISMG: "I do not know [Savage], but her background in privacy issues in a complex environment will be a definite asset to ONC as health information exchange continues to expand."

While at UnitedHealthcare, Savage served on the governance board of the Centers for Medicare & Medicaid Services' Multi-Payer Claims database project from 2011 to 2013, and collaborated with health information exchanges and state agencies in their planning with payers, according to DeSalvo.

Earlier, Savage was general counsel at the not-for-profit Pacific Business Group on Health, where she oversaw the legal affairs and state policy initiatives the employer healthcare purchasing coalition and its small group health insurance exchange, PacAdvantage. Previously, she served as Stanford University's benefits compliance officer.

Looking Forward

Savage joins ONC at a time when the agency has been revamping its organizational structure and advisory committees and putting in place a new 10-year road map that includes an emphasis on building an interoperable, nationwide health IT infrastructure to pave the way for the secure exchange of patient information. That road map includes privacy and security among five core building blocks (see A Look At ONC's 10-Year Plan).

The moves by ONC are aimed at repositioning the agency as HITECH Act funding for EHR incentives, as well as other projects, including start-up statewide health information exchanges and regional extension centers offering EHR support, is winding down. However, ONC has its own budget for other projects.

Kathryn Marchesini has been serving as acting chief privacy officer at ONC since Pritts' departure. Prior to that, Marchesini, an attorney, served as lead analyst and adviser to the Office of Chief Privacy Officer on privacy and security activities. "She has been and will continue to be a valued and invaluable member of our team," DeSalvo says.

Selection Praised

Two privacy and security experts familiar with the workings of HHS were supportive of the selection of Savage for the chief privacy officer post.

"Lucia is very smart, savvy and brings a significant amount of privacy and security expertise to this job," says privacy attorney Deven McGraw, who chairs the privacy and security workgroup of ONC's HIT Policy Committee. "She understands the challenges facing healthcare entities in maintaining the privacy, confidentiality and security of patient data, because she has been on the front lines of that issue. But I also know from years of interacting with her that she appreciates how critical privacy is for consumer and patients, and how important it is that digital health ecosystems have their trust."

Attorney David Holtzman, vice president of compliance at security consulting firm CynergisTek, says: "Savage is highly regarded in the health law community for her depth of knowledge and experience in many levels of the healthcare payer and provider community spanning from her work as a compliance officer at Stanford to her current leadership role with United Healthcare's Office of General Counsel." Holtzman, formerly a senior adviser in HHS' Office for Civil Rights, says he's confident Savage will "ensure the development of sound policies affecting patient privacy are a part of the discussion in the continued development of health information technologies."

Previous
Russians Suspected in Ukraine Hack
Next
New Flaw: POODLE Puts Browsers at Risk

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.