Kathryn Marchesini Is the New Chief Privacy Officer at ONC


Kathryn Marchesini is the new appointed chief privacy officer at the Office of National Coordinator for Health IT (ONC). She replaced Acting Chief Privacy Officer Deven McGraw.  The need for the ONC to appoint a Chief Privacy Officer is stated in the HITECH Act. The work of the CPO includes advising the National Coordinator on privacy, security and data stewardship of electronic health information. The CPO also coordinates with other federal agencies.

When McGraw left the position, it was uncertain if the position will ever be filled because of the budget cuts at ONC. There was an effort to trim down the organization and the budget for the Office of the Chief Privacy Officer is about to be taken away in 2018. However, the decision was to appoint a new CPO, so most likely the position remains.

What qualifications does Katheryn Marchesini possess to be given the role of CPO? She worked for seven years at the Department of Health and Human Services and she has a lot of experience specifically in the field of data privacy and security. At HHS, she helped create new federal policies and the guidance for HIPAA covered entities on privacy and security. She also assisted with other HHS health IT privacy initiatives.

Her work history includes the following positions:

·         Senior health information technology and privacy advisor at the HHS’ Office for Civil Rights

·         Senior advisor on privacy and precision medicine at the ONC

·         Divisioin Director for Privacy at the ONC from 2014 to 2016

·         Acting Chief Privacy Officer at ONC for 4 months in 2014

·         Senior Policy Analyst and Privacy Team Leader at the ONC from October 2012 to June 2014

·         Legal associate in two law firms (prior to working at HHS)

·         Management analyst at Deloitte Consulting

·         Economics assistant at FERC

National Coordinator Donald Rucker announced Marchesini’s appointment. As the CPO, Marchesini advises both staff and stakeholders regarding privacy and security implications as technology, health research and electronic health information continue to grow.