Skip to Content

Perspectives from the Field: Interview with Lucia Savage, Esq., October 14, 2015

Perspectives from the Field Interview Series
Interview with Lucia Savage, JD
Chief Privacy Officer, Office of the National Coordinator for Health Information Technology, United States Department of Health and Human Services
October 14, 2015
Interviewer: Jane Hyatt Thorpe
1)  Would you please tell us a little bit about ONC and your work as Chief Privacy Officer?
2)  What do you see as the main thrust of ONC's current role in advancing greater use and exchange of health information? 
3)  As we continue to move towards a "transformed" health system supported by Health IT, what do you see as the most prominent remaining barriers or challenges to broader exchange of health information across providers and settings of care, as well as other stakeholders? 
4)  Please describe your view of the federal vision for interoperability and the immediate steps ONC is taking to move towards that goal.  
5)  Looking forward, what strategies do you think will be the most effective towards achieving interoperability and ubiquitous exchange of health information across the care continuum?  
Question 1
JHT: Welcome to the Health Information and the Law Perspectives from the Field Interview Series. Today we’re speaking with Lucia Savage, JD, who is the Chief Privacy Officer for the Office of the National Coordinator for Health Information Technology (ONC) at the U.S. Department of Health and Human Services (HHS). Welcome, Lucia. Thank you so much for joining us today.
LS: I’m happy to be here!
JHT: Great! I’d like to start with having you tell us a little bit about the Office of the National Coordinator and your role as the Chief Privacy Officer.
LS: Sure. This office was created in 2004 by an executive order by then President George H. W. Bush and in 2009, Congress created it in statute as part of the American Recovery and Reinvestment Act in the subpart called HITECH. They charged ONC with a few obligations. One is to make federal regulations regarding what the technology that is certified electronic health records technology is required to do to receive a certification. Another piece of that statute was to create this office, the Chief Privacy Officer’s office. This office is particularly charged with being a subject matter expert for the National Coordinator for Health IT, and the Secretary, and really all of the Executive Branch about what should be the privacy and security standards pursuant to which we grow the use of health information technology (health IT) in the health sector overall. Not just the traditional delivery setting of hospitals and physicians’ offices, but really across the burgeoning world of health IT in general. 
Question 2
JHT: That’s wonderful and such a critical role. I know, since its inception, the Office of the National Coordinator has worked to encourage greater health information exchange, to improve health care delivery, and that has included policy-making, dissemination of grants and other forms of funding, developing implementation of certification standards that you mentioned, convening stakeholders and really thinking about these critical issues related to privacy and security. So, as you’re thinking about the role of the Office of the Chief Privacy Officer and ONC more broadly, what do you view as the main thrust of ONC's current role in advancing greater use and exchange of health information? 
LS: Well, ONC has made really great strides since HITECH in actually getting physicians’ offices to adopt electronic health record technology. Now, what we have to do is build on that foundation. From a privacy and security standpoint, what we have to do is bring the same power that exists right now for the physicians themselves with their electronic health records to the process of privacy compliance. I call that computable privacy. We need to get to a point where people understand how the data will move electronically. In the normal course of healthcare, when they are asked to or given the opportunity to express choices about where their data will move, those choices are captured electronically so that the process of capturing those choices doesn’t slow down and interfere with interoperability itself. So it’s a lot of looking around the corner. What does the technology allow us to do in the future? Let’s go there. 
Question 3
JHT: That’s great and that actually leads to the next question. I think, as you have indicated, there is a great benefit of the use of health information technology and health information exchange in particular both to improve the quality of care delivery and reduce costs, but the technology and the infrastructure continues to evolve. As we know, there have been a number of financial incentives and certification efforts particularly through the Office of the National Coordinator and the Centers for Medicare & Medicaid Services (CMS) in particular, but we are still seeing some lag in the full use and adoption of health IT, particularly across settings of care.  As we continue to move towards this concept of “computable privacy,” what do you see as the most prominent barriers or challenges to being able to take that look around the corner and really take this to a more universal avenue of exchanging health information? 
LS: One of the really great, elegant things about the HIPAA Privacy Rule is that now it is sort of media agnostic. There was a funny tweet a few weeks ago from my colleague Steve Posnack (@HealthIT_Policy) about carrier pigeons. It’s actually true that you could theoretically write down somebody’s protected health information, put it in a little leg band and send it off by carrier pigeon because the HIPAA privacy rule is media neutral. It was written that way in the very beginning 15 years ago and we need to take advantage of that today. So, that’s a really big thrust of the work we are doing in collaboration with the Office for Civil Rights. We detailed a lot more of that in our final Interoperability Roadmap which was released last week on the 6th of October and is available at We have a really good foundation right now to interoperably move the data electronically for patient care and care management and even to bring family members into the care process, but we’re not taking advantage of the rules we have. That’s one piece of it. The second piece of it is that on top of HIPAA, as GW knows, we have a lot of additional rules. The stew that is our privacy rules environment is very confusing to non-lawyers. It’s pretty confusing the lawyers themselves but it’s worse for the providers and the office managers on the ground. We have a very long road ahead of us to both help harmonize that and to bring the power of computing to help people do what they need to do for privacy compliance.
JHT: I’d like to drill down a little further on that issue that we refer to as the “complex web” of rules and regulations that govern health information, and I know that we have all talked about the important role of harmonization of those rules. Could you talk more about direct steps from your office to work towards greater harmonization of the rules and being able to translate this very complicated information to the folks on the ground who need to know “May I share?” “May I not share?” and how is this information flowing?
LS: Sure! One of the most complicated health care situations we have in America is people who have comorbid physical and mental health conditions. I’m going to put substance abuse to the side because there’s a specialized rule for that. Take my mother. She’s 87 years old, COPD and she’s bipolar. (I have permission to talk about her all the time, so I do.) We need to get to a place where all of the physicians treating that patient have access to the same information and they’re working in concert to make sure that the patient remains healthy. Whether it is through kidney function tests, or how much asthma medication, or whether allergies to that medication that are triggering psychiatric results, all of that stuff needs to be accounted for. The way that we do that is by giving the physicians access to all of the information. The problem is that we have this really complicated rules environment that sometimes results in the data not being available to the entire care team. We need to accomplish two things. We need to create less confusion about those rules and at the same time we need to recognize that a lot of those specialized rules are intended to protect people from health status discrimination. We have a very complicated policy challenge which is preserving important protections against discrimination and removing confusion so that data can move and people’s health can improve. The one step that we’re doing, and we’re a small federal agency as far as federal agencies go, but we will be starting down a path this fall working with the National Governor’s Association (NGA) and a select group of states where we will be facilitating, helping those states understand their Medicaid population is, the various tradeoffs about health status discrimination, complicated rules, how computers could or could not help them alleviate the complexity of the rules or facilitate compliance so that physicians feel more comfortable sharing the data and the health benefits and economic benefits of that better health for the patient.
JHT: That’s wonderful and we will look forward to hearing the results of that work that you are doing. This is a critical issue particularly at the state level where they are trying to develop and implement new models of care that frankly, their success depends upon the ability to share information across different types of providers and beyond the care continuum as well in some circumstances.
LS: That’s exactly right and this year I’m privileged to have an Army war college fellow working in my office and it has been really eye opening to me to be exposed to the statistics about how this impacts military readiness. Some people really serve the country, literally are putting their lives on the line, and are we giving them the care they need to be well out in the regular world?
JHT: I know, probably the scale of the lessons learned from some of those experiences.
LS: Yes.
Question 4
JHT: I’d like to go back. You mentioned the updated Interoperability Report released on September 6th, I think the iterations of this report and the feedback from the community has been a wonderful step towards really opening up this dialog and helping folks understand what is truly meant by interoperability. I thought that now would be a nice time to share your view of the federal vision of interoperability and again the steps that the Office of the National Coordinator are taking to move towards that vision.
LS: Sure. First of all, I need to correct you the date was actually October 6th, a few days ago. So, we released a number of things last week. Before the 6th, we released the Federal Health IT Strategic Plan which we are required by federal law to produce and do produce periodically in updated form. That is a plan for how the federal government can support the achievement of interoperability. One of the things it calls out is that the federal government could more effectively use its purchasing power. In the same way that the US Department of Veterans Affairs (VA) and Department of Defense (DOD) did with their recent acquisition of a new records system, we could have that same kind of assertive procurement occur in other domains. For example, what are the insurance companies who service federal personnel supplying? How they are supporting interoperability? That would be just one example. On the tail of that, last Tuesday we released our Interoperability Roadmap. This is a vision for how to get from where we are today to a learning health system in 10 years for all healthcare stakeholders. Federal government has a piece of that pie, private healthcare providers, or what I would call retail providers, have a piece of that pie, insurers, businesses, and individuals/consumers. We talk about different things that we think each of those organizations could do and things that ONC commits to doing. So, from ONC’s perspective and from my chair thinking about privacy, what we can do is work with the NGA to bring our expertise about privacy and health IT to the states. We can give the a more specific view of the pros and cons of the environment they find themselves in, and then of course the states are free to choose what they do with that information. There are other calls to action in there as well. For example, we want consumers and providers to engage more in a dialog about their own health. We want consumers to have better access to the information that they have a right to by law. So, all of that is in the Roadmap. It is a little too detailed for me to get into a lot of examples for you here today, but there will be a series of blog posts coming out about it. People should watch to get the highlights about it from the blog posts.
Question 5
JHT: So finally, looking forward, based on your experience at ONC and of course your exceptional prior experience, what strategies do you think will be the most effective towards truly achieving interoperability and exchange of health information across the care continuum? 
LS: I’m a strong believer in consumer demand. I think that we collectively as a society need to figure out a way to make the advances in health IT meaningful beyond the people who are ill. So, right now, a person who is ill or someone like myself who is helping to care for an ill person, this is a really key thing. What are my mother’s lab results this month? How is she doing? Did she take her medications? Our caregivers across the country are exhausted and frustrated because it is hard for them to access this information and do their job as caregivers. So, that’s a thing we need to solve for our population that’s ill. More importantly, I always think about the airbag example. Airbags were a car experiment. Chrysler put one in a car as a vanity item, and it was so wildly popular that pretty soon everyone put in airbags. At first, they were buy-ups but now they just come. You wouldn’t buy a car without an airbag. At some point down the road we will have a population where most people will prefer physician who has the power of computing to help them avoid errors and ensure that tests are taken and things are read properly and the data they have in front of them is the data they need for care. It may not be tomorrow but it will come in the future because we have that in the rest of our consumer world.
JHT: Wonderful. I think that’s really helpful and I think that in particular as we think about more and more opportunities for consumers to access their information, to use their information and to share their information with caregivers as well, this will continue to resonate. Again Lucia, we really appreciate your time today and we look forward to continuing this dialogue with you. Thank you.
LS: Thank you for having me and I look forward to working together in the future.
JHT: Wonderful, thanks. 

Further Resources: