Authors

Kathryn Marchesini, J.D.

Portrait of Kathryn Marchesini, J.D.

Kathryn Marchesini serves as the chief privacy officer (CPO) at ONC where she advises the national coordinator on matters related to health information privacy, security, and data stewardship, especially as these issues impact IT development and implementation. Ms. Marchesini also serves as a senior advisor for health IT policy in the HHS Office for Civil Rights (OCR). Ms. Marchesini works closely with other HHS divisions and federal agencies to assure a coordinated, nationwide approach to maintaining the privacy and security of electronic health information.

Prior to serving as CPO, Ms. Marchesini served as a senior advisor at ONC where she advised stakeholders about the privacy and security implications surrounding electronic health information, technology, and healthcare. She worked with OCR, National Institutes of Health (NIH), and other federal agencies, to provide strategic direction and substantive expertise at the intersection of privacy and cybersecurity law, technology, and health research. In her seven years at HHS, Ms. Marchesini also served as deputy director for privacy, where she led ONC’s privacy team and helped with federal, state, and international policy guidance and education initiatives addressing emerging health IT privacy, data protection, and security-related issues. In 2014, she served as acting CPO.

Before joining HHS, Ms. Marchesini was a strategy and technology consultant at two international management consulting firms. She led IT modernization and business transformation efforts to help organizations bridge the gap between business requirements, technology, and law. Ms. Marchesini also worked in state government and at a multinational clinical research organization.

Ms. Marchesini earned her J.D. from the University of North Carolina School of Law, where she was executive editor of the North Carolina Journal of Law and Technology (JOLT). She earned a professional certificate in strategic decision and risk management in healthcare from Stanford University and B.S. in international economics and finance with a management information systems minor from Catholic University. Ms. Marchesini also maintains a Project Management Professional (PMP) and Certified Information Systems Security Professional (CISSP) certificate.

Kathryn Marchesini, J.D.'s Latest Blog Posts

HIPAA & Health Information Portability: A Foundation for Interoperability

Kathryn Marchesini, J.D. | August 30, 2018

Twenty-two years ago this month, the U.S. Congress enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The federal Privacy, Security, and Breach Notification Rules implemented under HIPAA, and administered and enforced by the HHS Office for Civil Rights (OCR), continue to serve as the national foundation of protections for individually identifiable health information, and of individuals’ rights with respect to their information, including the right to see and obtain copies of their health information from their healthcare providers and health plans.

Read Full Post.

Shining a Light on Secure Health Big Data and Digital Privacy

Kathryn Marchesini, J.D. | September 24, 2015

Through the proliferation of software applications and mobile technology, the amount of identifiable health information being collected, analyzed, and used is growing exponentially. As the volume, velocity, and variety of such information activities continue to grow, ONC is looking at how to protect that information from potential risks that may arise from unknown and inappropriate use.

Read Full Post.

Meaningful Choice: Patient-Centered Decision Making in Electronic Health Information Exchange

Kathryn Marchesini, J.D. | October 3, 2012

Health Care Providers, Key Agents of Trust for Patients
A key purpose for developing a secure private computer network in the health care industry is establishing the capability for health care providers to access and share patient health information electronically and securely over the Internet to support patient care, often referred to as a health information exchange (HIE).

Read Full Post.