Kathryn Marchesini

Portrait of Kathryn Marchesini

Kathryn Marchesini serves as the chief privacy officer (CPO) at ONC where she advises the national coordinator on matters related to health information privacy, security, and data stewardship, especially as these issues impact IT development and implementation. Ms. Marchesini also serves as a senior advisor for health IT policy in the HHS Office for Civil Rights (OCR). Ms. Marchesini works closely with other HHS divisions and federal agencies to assure a coordinated, nationwide approach to maintaining the privacy and security of electronic health information.

Prior to serving as CPO, Ms. Marchesini served as a senior advisor at ONC where she advised stakeholders about the privacy and security implications surrounding electronic health information, technology, and healthcare. She worked with OCR, National Institutes of Health (NIH), and other federal agencies, to provide strategic direction and substantive expertise at the intersection of privacy and cybersecurity law, technology, and health research. In her seven years at HHS, Ms. Marchesini also served as deputy director for privacy, where she led ONC’s privacy team and helped with federal, state, and international policy guidance and education initiatives addressing emerging health IT privacy, data protection, and security-related issues. In 2014, she served as acting CPO.

Before joining HHS, Ms. Marchesini was a strategy and technology consultant at two international management consulting firms. She led IT modernization and business transformation efforts to help organizations bridge the gap between business requirements, technology, and law. Ms. Marchesini also worked in state government and at a multinational clinical research organization.

Ms. Marchesini earned her J.D. from the University of North Carolina School of Law, where she was executive editor of the North Carolina Journal of Law and Technology (JOLT). She earned a professional certificate in strategic decision and risk management in healthcare from Stanford University and B.S. in international economics and finance with a management information systems minor from Catholic University. Ms. Marchesini also maintains a Project Management Professional (PMP) and Certified Information Systems Security Professional (CISSP) certificate.

Kathryn Marchesini's Latest Blog Posts

Say Hi to EHI

Kathryn Marchesini | December 20, 2021

ONC’s information blocking regulations apply to interferences with the access, exchange, or use of electronic health information (EHI) (45 CFR Part 171) and define certain exceptions to the definition of information blocking. Thus, it’s important that those subject to the information blocking regulations – health care providers, developers of certified health IT, and health information networks/exchanges (cumulatively, “actors”) – understand what health information the regulations cover.

Read Full Post.

4 Ways Using the HHS Security Risk Assessment Tool Can Help Your Organization

Kathryn Marchesini | October 30, 2019

As ONC works to advance the development and use of health IT, we know that you play an important and equal role in maintaining the public’s confidence and trust. The privacy and security of health information is always at the forefront of our work and your organization’s business practices. In the spirit of National Cyber Security Awareness Month (NCSAM), we want to highlight the HHS Security Risk Assessment (SRA) Tool, which you can use to assess your organization’s security risks.

Read Full Post.

HIPAA & Health Information Portability: A Foundation for Interoperability

Kathryn Marchesini | August 30, 2018

Twenty-two years ago this month, the U.S. Congress enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The federal Privacy, Security, and Breach Notification Rules implemented under HIPAA, and administered and enforced by the HHS Office for Civil Rights (OCR), continue to serve as the national foundation of protections for individually identifiable health information, and of individuals’ rights with respect to their information, including the right to see and obtain copies of their health information from their healthcare providers and health plans.

Read Full Post.

Shining a Light on Secure Health Big Data and Digital Privacy

Kathryn Marchesini | September 24, 2015

Through the proliferation of software applications and mobile technology, the amount of identifiable health information being collected, analyzed, and used is growing exponentially. As the volume, velocity, and variety of such information activities continue to grow, ONC is looking at how to protect that information from potential risks that may arise from unknown and inappropriate use.

Read Full Post.