The duties of the role, according to the statue, are to advise the ONC “on privacy, security and data stewardship of electronic health information and to coordinate with other federal agencies (and similar privacy officers in such agencies), with state and regional efforts, and with foreign countries with regard to the privacy, security and data stewardship of electronic individually identifiable health information.”
The ARRA mandated that the HHS secretary appointment the chief privacy officer within one year. President Obama signed the law on Feb. 18, 2009. Pritts wasn't appointed until Feb. 17, 2010.
Since that day, “She was really a hero inside HHS and ONC,” where the culture, “has really been against privacy rights since 2002,” said Dr. Deborah Peel, an Austin psychiatrist and founder of the Patient Privacy Rights Foundation, and a frequent and outspoken critic of federal privacy policies. That year was when HHS revised the key federal health information privacy rule under the Health Insurance Portability and Accountability Act, eliminating a patient's right of consent over the sharing of their health information for treatment, payment and other healthcare operations.
“She's been really a champion for patients' privacy rights, including patients being able to get copies of their records, being able to segment sensitive data (and), in every way that she could, she's tried to advance the patients' interests,” Peel said.
Before being tapped to serve at ONC, Pritts, who has a law degree from Case Western Reserve University School of Law, made her reputation as a privacy advocate serving as director of the Center on Medical Record Rights and Privacy at Georgetown University, and prior to that as senior counsel at Georgetown's Health Privacy Project.
In 2007, Pritts co-authored a report funded by the Substance Abuse and Mental Health Services Administration at HHS, pointing out that the U.S. lagged far behind Canada, the Netherlands and the U.K., not only in privacy protection laws, but also in the use of data tagging and segmentation technology to safeguard sensitive patient information.
At the time, technology to mask patient data for privacy was in widespread use in three Canadian provinces Pritts studied, and had been in use in one of them, British Columbia, for a decade, she noted.
In contrast, just this week the Health Information Technology Policy Committee pondered recommendations from McGraw's privacy committee on whether it could incorporate by 2017 a limited version of data segmentation technology for privacy as part of the federal meaningful-use requirements in the EHR incentive payment program.
"We in the U.S. like to think that we are the foundation of democracy, and you look at other countries and they give their patients a lot more choice, from a policy angle," Pritts said during a 2007 interview.
Follow Joseph Conn on Twitter: @MHJConn