Kathryn Marchesini

Kathryn Marchesini serves as the chief privacy officer (CPO) at ONC where she advises the national coordinator on matters related to health information privacy, security, and data stewardship, especially as these issues impact IT development and implementation. Ms. Marchesini also serves as a senior advisor for health IT policy in the HHS Office for Civil Rights (OCR). Ms. Marchesini works closely with other HHS divisions and federal agencies to assure a coordinated, nationwide approach to maintaining the privacy and security of electronic health information.

Prior to serving as CPO, Ms. Marchesini served as a senior advisor at ONC where she advised stakeholders about the privacy and security implications surrounding electronic health information, technology, and healthcare. She worked with OCR, National Institutes of Health (NIH), and other federal agencies, to provide strategic direction and substantive expertise at the intersection of privacy and cybersecurity law, technology, and health research. In her seven years at HHS, Ms. Marchesini also served as deputy director for privacy, where she led ONC’s privacy team and helped with federal, state, and international policy guidance and education initiatives addressing emerging health IT privacy, data protection, and security-related issues. In 2014, she served as acting CPO.

Before joining HHS, Ms. Marchesini was a strategy and technology consultant at two international management consulting firms. She led IT modernization and business transformation efforts to help organizations bridge the gap between business requirements, technology, and law. Ms. Marchesini also worked in state government and at a multinational clinical research organization.

Ms. Marchesini earned her J.D. from the University of North Carolina School of Law, where she was executive editor of the North Carolina Journal of Law and Technology (JOLT). She earned a professional certificate in strategic decision and risk management in healthcare from Stanford University and B.S. in international economics and finance with a management information systems minor from Catholic University. Ms. Marchesini also maintains a Project Management Professional (PMP) and Certified Information Systems Security Professional (CISSP) certificate.

Kathryn Marchesini's Latest Blog Posts

Blog Series: Artificial Intelligence & Machine Learning, Health Data, Health Innovation, Health IT Certification, Privacy and Security

Minimizing Risks and Maximizing Rewards from Machine Learning

Kathryn Marchesini | September 7, 2022

When talking about artificial intelligence (AI) today, people are usually referring to predictive models—often driven by machine learning (ML) techniques—that “learn” from historic data and make predictions, recommendations, or classifications (outputs) which inform or drive decision making. The power of ML is in its enormous flexibility. You can build a model to predict or recommend just about anything, and we have seen it transform many sectors.

Read Full Post.

AI & ML, Blog Series: Artificial Intelligence & Machine Learning, Electronic Health & Medical Records, Health Data

Getting the Best out of Algorithms in Health Care

Kathryn Marchesini | June 15, 2022

The same basic technology that can predict what movie you might want to watch, what song you might want to listen to, or what item you might want to buy online, can also predict the onset of diseases, forecast costs of care, and recommend treatment options for your doctors, nurses, and pharmacists.

Read Full Post.

Information Blocking

Say Hi to EHI

Kathryn Marchesini | December 20, 2021

ONC’s information blocking regulations apply to interferences with the access, exchange, or use of electronic health information (EHI) (45 CFR Part 171) and define certain exceptions to the definition of information blocking. Thus, it’s important that those subject to the information blocking regulations – health care providers, developers of certified health IT, and health information networks/exchanges (cumulatively, “actors”) – understand what health information the regulations cover.

Read Full Post.

Privacy and Security

4 Ways Using the HHS Security Risk Assessment Tool Can Help Your Organization

Kathryn Marchesini | October 30, 2019

As ONC works to advance the development and use of health IT, we know that you play an important and equal role in maintaining the public’s confidence and trust. The privacy and security of health information is always at the forefront of our work and your organization’s business practices. In the spirit of National Cyber Security Awareness Month (NCSAM), we want to highlight the HHS Security Risk Assessment (SRA) Tool, which you can use to assess your organization’s security risks.

Read Full Post.

Privacy and Security

HIPAA & Health Information Portability: A Foundation for Interoperability

Kathryn Marchesini | August 30, 2018

Twenty-two years ago this month, the U.S. Congress enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The federal Privacy, Security, and Breach Notification Rules implemented under HIPAA, and administered and enforced by the HHS Office for Civil Rights (OCR), continue to serve as the national foundation of protections for individually identifiable health information, and of individuals’ rights with respect to their information, including the right to see and obtain copies of their health information from their healthcare providers and health plans.

Read Full Post.