Kathryn Marchesini

Portrait of Kathryn Marchesini

Kathryn Marchesini serves as the chief privacy officer (CPO) at ONC where she advises the national coordinator on matters related to health information privacy, security, and data stewardship, especially as these issues impact IT development and implementation. Ms. Marchesini also serves as a senior advisor for health IT policy in the HHS Office for Civil Rights (OCR). Ms. Marchesini works closely with other HHS divisions and federal agencies to assure a coordinated, nationwide approach to maintaining the privacy and security of electronic health information.

Prior to serving as CPO, Ms. Marchesini served as a senior advisor at ONC where she advised stakeholders about the privacy and security implications surrounding electronic health information, technology, and healthcare. She worked with OCR, National Institutes of Health (NIH), and other federal agencies, to provide strategic direction and substantive expertise at the intersection of privacy and cybersecurity law, technology, and health research. In her seven years at HHS, Ms. Marchesini also served as deputy director for privacy, where she led ONC’s privacy team and helped with federal, state, and international policy guidance and education initiatives addressing emerging health IT privacy, data protection, and security-related issues. In 2014, she served as acting CPO.

Before joining HHS, Ms. Marchesini was a strategy and technology consultant at two international management consulting firms. She led IT modernization and business transformation efforts to help organizations bridge the gap between business requirements, technology, and law. Ms. Marchesini also worked in state government and at a multinational clinical research organization.

Ms. Marchesini earned her J.D. from the University of North Carolina School of Law, where she was executive editor of the North Carolina Journal of Law and Technology (JOLT). She earned a professional certificate in strategic decision and risk management in healthcare from Stanford University and B.S. in international economics and finance with a management information systems minor from Catholic University. Ms. Marchesini also maintains a Project Management Professional (PMP) and Certified Information Systems Security Professional (CISSP) certificate.

Kathryn Marchesini's Latest Blog Posts

Increasing the Transparency and Trustworthiness of AI in Health Care

Kathryn Marchesini | April 13, 2023

This is part five of a blog series on predictive models, artificial intelligence (AI) & machine learning (ML) in health. We encourage readers to (re)visit the four previous blog posts for important context to what follows.
Through a series of blog posts over the last year, we’ve described our understanding of the current and potential uses of predictive models and machine learning algorithms in health care, and the role that ONC can play in shaping their development and use.

Read Full Post.

Information Blocking Regulations Work in Concert with HIPAA Rules and Other Privacy Laws to Support Health Information Privacy

Kathryn Marchesini | April 12, 2023

We often get asked about how ONC’s information blocking regulations and HHS’ Office for Civil Rights’ (OCR) Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules (HIPAA Rules) interact with one another. To help clarify, ONC just released a few new information blocking frequently asked questions (FAQs) that illustrate how the federal regulations interact. This post also reviews how the information blocking regulations interact with the HIPAA Privacy Rule and other laws that impose specific restrictions on information sharing to protect the privacy of an individual’s health information.

Read Full Post.

Back to the Future: What Predictive Decision Support Can Learn from DeLoreans and The Big Short

Kathryn Marchesini | December 13, 2022

In the third blog in our series on artificial intelligence (AI) and machine learning (ML)-driven predictive models (data analytics tool or software) in health care, we discussed some potential risks (sometimes referred to as model harms) related to these emerging technologies and how these risks could lead to adverse impacts or negative outcomes. Given these potential risks, some have questioned whether they can trust the use of these technologies in health care.

Read Full Post.

Guiding Developers through Foundational Federal Laws Applicable to Mobile Health Technology

Kathryn Marchesini | December 12, 2022

As you design, market, and distribute a mobile health (mHealth) app that your customers will use to collect, share, use, or maintain individuals’ health information, it is likely you have questions about what U.S. federal laws apply. You may also wonder which federal agencies oversee various aspects of mHealth — including how this varies by how individuals, their health plan, or health care providers will use the app.  Depending on who is expected to use an app and how they will get and use the app (e.g.,

Read Full Post.

Two Sides of the AI/ML Coin in Health Care

Kathryn Marchesini | October 19, 2022

As we’ve previously discussed, algorithms—step by step instructions (rules) to perform a task or solve a problem, especially by a computer—have been widely used in health care for decades.  One clear use of these algorithms is through evidence-based, clinical decision support interventions (DSIs). Today, we see a rapid growth in data-based, predictive DSIs, which use models created using machine learning (ML) algorithms or other statistical approaches that analyze large volumes of real-world data (called “training data”) to find patterns and make recommendations.

Read Full Post.