HHS Names New ONC Privacy ChiefUnited Healthcare's Lucia Savage to Join Agency
The Department of Health and Human Services has appointed Lucia Savage, an attorney at insurer United Healthcare, as the new chief privacy officer of the Office of the National Coordinator for Health IT.
ONC is best known for its work on guidelines for the HITECH Act's electronic health records incentive program, but its projects are changing as HITECH funding winds down.
The chief privacy officer position, created in 2010, provides advice to HHS and ONC on developing privacy and security programs to carry out mandates in the HITECH Act. Looking ahead, the post will also help set privacy and security programs as ONC moves into post-HITECH initiatives.
Savage, who will join ONC on Oct. 20, is currently senior associate general counsel at United Healthcare, where she supervises a team that represents the insurer in its work in large data transactions related to health information exchanges, healthcare transparency projects, and other data-driven healthcare innovation projects, according to an announcement from ONC's leader, Karen DeSalvo, M.D. Savage was appointed by HHS secretary Sylvia Mathews Burwell.
"[Savage] brings to our team a set of rich experiences at the intersection of health information, privacy, and modernizing the health care delivery system," DeSalvo wrote in her announcement to ONC staff, which ONC shared with Information Security Media Group. "She has stellar qualifications and a passion for health IT. ... I am confident that she will bring her wealth of experience to advance critical privacy and security policies in health IT development and implementation."
Savage is succeeding Joy Pritts, who left the post in July after serving in the top ONC privacy job for four years.
Pritts tells ISMG: "I do not know [Savage], but her background in privacy issues in a complex environment will be a definite asset to ONC as health information exchange continues to expand."
While at UnitedHealthcare, Savage served on the governance board of the Centers for Medicare & Medicaid Services' Multi-Payer Claims database project from 2011 to 2013, and collaborated with health information exchanges and state agencies in their planning with payers, according to DeSalvo.
Earlier, Savage was general counsel at the not-for-profit Pacific Business Group on Health, where she oversaw the legal affairs and state policy initiatives the employer healthcare purchasing coalition and its small group health insurance exchange, PacAdvantage. Previously, she served as Stanford University's benefits compliance officer.
Savage joins ONC at a time when the agency has been revamping its organizational structure and advisory committees and putting in place a new 10-year road map that includes an emphasis on building an interoperable, nationwide health IT infrastructure to pave the way for the secure exchange of patient information. That road map includes privacy and security among five core building blocks (see A Look At ONC's 10-Year Plan).
The moves by ONC are aimed at repositioning the agency as HITECH Act funding for EHR incentives, as well as other projects, including start-up statewide health information exchanges and regional extension centers offering EHR support, is winding down. However, ONC has its own budget for other projects.
Kathryn Marchesini has been serving as acting chief privacy officer at ONC since Pritts' departure. Prior to that, Marchesini, an attorney, served as lead analyst and adviser to the Office of Chief Privacy Officer on privacy and security activities. "She has been and will continue to be a valued and invaluable member of our team," DeSalvo says.
Two privacy and security experts familiar with the workings of HHS were supportive of the selection of Savage for the chief privacy officer post.
"Lucia is very smart, savvy and brings a significant amount of privacy and security expertise to this job," says privacy attorney Deven McGraw, who chairs the privacy and security workgroup of ONC's HIT Policy Committee. "She understands the challenges facing healthcare entities in maintaining the privacy, confidentiality and security of patient data, because she has been on the front lines of that issue. But I also know from years of interacting with her that she appreciates how critical privacy is for consumer and patients, and how important it is that digital health ecosystems have their trust."
Attorney David Holtzman, vice president of compliance at security consulting firm CynergisTek, says: "Savage is highly regarded in the health law community for her depth of knowledge and experience in many levels of the healthcare payer and provider community spanning from her work as a compliance officer at Stanford to her current leadership role with United Healthcare's Office of General Counsel." Holtzman, formerly a senior adviser in HHS' Office for Civil Rights, says he's confident Savage will "ensure the development of sound policies affecting patient privacy are a part of the discussion in the continued development of health information technologies."