Pritts to step down as ONC privacy chief

Joy Pritts, the nation's first chief privacy officer at HHS, will step down in July, the Office of the National Coordinator for Health Information Technology has announced.

“Joy was appointed our first chief privacy officer 4½ years ago and came to ONC with a wealth of knowledge of and deep relationships in the health information technology and privacy communities,” ONC chief Dr. Karen DeSalvo said Thursday to her staff.

“Thanks to her efforts, privacy and security have become engrained in the ONC culture and are increasingly being recognized as crucial elements of health IT by our stakeholders,” DeSalvo said. “We have been fortunate to have Joy on our team.”

Her last day in office will by July 12. No successor has been named. Pritts leads a staff of six.

“Joy did a fabulous job as the first chief privacy officer of ONC, so of course I'm sad to see her go,” said fellow privacy lawyer Deven McGraw, a partner in the Washington firm of Manatt, Phelps & Phillip. McGraw serves on the federally chartered Health Information Technology Policy Committee, created by the American Recovery and Reinvestment Act of 2009 as an ONC advisory panel, chairs its privacy and security workgroup, and has collaborated with Pritts in those roles.

“She really defined that office and made sure that privacy was part of what ONC did, and not just what they talked about,” McGraw said. “The policy committee's 2010 recommendations on consent—when is it needed in health information exchange and what should it look like—ended up almost verbatim being incorporated into guidance to ONC-funded state HIEs. I am certain it took a huge amount of work on Joy's part to make that happen.”

“Our recommendations calling for data segmentation pilots to inform further policy were put into practice because Joy did the hard work of making sure they happened,” McGraw said. The federally funded pilots, which tested data masking and labeling technology for privacy, became a priority initiative of the ONC-sponsored collaborative Standards and Interoperability Framework, McGraw said.

Pritts made sure “that the success of those pilots got filtered back to the policy committee so we could move the technology further down the path to being able to honor patient's granular choices. These are just a few of her accomplishments. She's left big shoes to fill,” McGraw said.

The chief privacy officer position was created under the HITECH provisions of the ARRA, the economic stimulus law that also launched the federal government's electronic health-record incentive payment program.

The duties of the role, according to the statue, are to advise the ONC “on privacy, security and data stewardship of electronic health information and to coordinate with other federal agencies (and similar privacy officers in such agencies), with state and regional efforts, and with foreign countries with regard to the privacy, security and data stewardship of electronic individually identifiable health information.”

The ARRA mandated that the HHS secretary appointment the chief privacy officer within one year. President Obama signed the law on Feb. 18, 2009. Pritts wasn't appointed until Feb. 17, 2010.

Since that day, “She was really a hero inside HHS and ONC,” where the culture, “has really been against privacy rights since 2002,” said Dr. Deborah Peel, an Austin psychiatrist and founder of the Patient Privacy Rights Foundation, and a frequent and outspoken critic of federal privacy policies. That year was when HHS revised the key federal health information privacy rule under the Health Insurance Portability and Accountability Act, eliminating a patient's right of consent over the sharing of their health information for treatment, payment and other healthcare operations.

“She's been really a champion for patients' privacy rights, including patients being able to get copies of their records, being able to segment sensitive data (and), in every way that she could, she's tried to advance the patients' interests,” Peel said.

Before being tapped to serve at ONC, Pritts, who has a law degree from Case Western Reserve University School of Law, made her reputation as a privacy advocate serving as director of the Center on Medical Record Rights and Privacy at Georgetown University, and prior to that as senior counsel at Georgetown's Health Privacy Project.

In 2007, Pritts co-authored a report funded by the Substance Abuse and Mental Health Services Administration at HHS, pointing out that the U.S. lagged far behind Canada, the Netherlands and the U.K., not only in privacy protection laws, but also in the use of data tagging and segmentation technology to safeguard sensitive patient information.

At the time, technology to mask patient data for privacy was in widespread use in three Canadian provinces Pritts studied, and had been in use in one of them, British Columbia, for a decade, she noted.

In contrast, just this week the Health Information Technology Policy Committee pondered recommendations from McGraw's privacy committee on whether it could incorporate by 2017 a limited version of data segmentation technology for privacy as part of the federal meaningful-use requirements in the EHR incentive payment program.

"We in the U.S. like to think that we are the foundation of democracy, and you look at other countries and they give their patients a lot more choice, from a policy angle," Pritts said during a 2007 interview.

Follow Joseph Conn on Twitter: @MHJConn