Linda Koontz, CIPP/US/G , is the editor of HIMSS Book’s Information Privacy in the Evolving Healthcare Environment (print/eBook), which explores how the rapidly changing U.S. healthcare landscape will affect patient privacy.
Koontz is a senior principal for privacy and strategy at MITRE, where she advises senior-level staff at federal agencies on strategic approaches to building privacy into their organizations, processes, and systems. Drawing from her more than 30 years’ experience in information systems management and technology, she currently advises the Chief Privacy Officer in the Office of the National Coordinator (ONC) for Health Information Technology on privacy issues associated with nationwide implementation of health information exchange, and manages the activities of the Health Information Technology Policy Committee’s Privacy and Security Tiger Team. She has also provided privacy advice and support to the Department of Homeland Security, and was appointed by the Secretary to the Department’s Data Protection and Integrity Advisory Committee (DPIAC).
Before joining MITRE, Koontz served as the director, information management, for the U.S. Government Accountability Office. In that role, she directed a broad portfolio of Congressionally requested studies, producing numerous reports on privacy, information access and dissemination, information collection, and records management. Koontz also testified numerous times before Congressional committees as an expert witness on these issues.
HIMSS: How did you become involved with HIMSS?
Koontz: I became involved with HIMSS in 2010 when, at MITRE, I began supporting the Office of the Chief Privacy Officer at ONC and the Privacy and Security Tiger Team, a federal advisory group. It was then that I attended my first HIMSS conference and spoke on one of the pre-conference panels. In 2011, a colleague reached out to discuss the possibility of editing a book on privacy for HIMSS, and I eventually was given the opportunity to develop a book on health information privacy.
HIMSS: What has been the most rewarding aspect of your involvement with HIMSS?
Koontz: The most rewarding has been the opportunity to work with the talented HIMSS staff—including Lisa Gallagher, vice president, technology solutions, HIMSS and Matt Schlossberg, manager, publications, HIMSS Media, to write and edit a book on health information privacy. It was also great experience to work with and get to know a diverse group of expert authors across the country that represent many disciplines and points of view. Producing this book was a long-held ambition, and I am grateful to have had the opportunity.
HIMSS: Please describe some of the milestone events in your career.
Koontz: Before joining MITRE in 2008, I was a long-time federal employee at the Government Accountability Office (GAO), the "watchdog" agency that reports to the Congress. As an executive there, I had the opportunity many times to speak "truth to power" in testifying on the results of audits to various Congressional committees on information policy issues and health IT at Veterans Affairs and Health and Human Services. I am very proud of the work that I did there including the contributions I made to legislation, such as the e-Government Act and a study issued in 2008 on how to update and revitalize the Privacy Act of 1974. In coming to MITRE, a federally funded research and development center, I continued the theme of public service by helping federal agencies to address privacy challenges. This is where I have been able to immerse myself in health information privacy, particularly in MITRE's support to the Privacy and Security Tiger Team. Having a part in working toward building public trust by enhancing privacy and security policies has been very exciting.
HIMSS: Could you provide a few highlights from your book Information Privacy in the Evolving Healthcare Environment?
Koontz: The book is a broad look at many of the pressing privacy issues facing the healthcare community today. The first third of the book is a tutorial on the meaning of privacy in the healthcare environment and its relationship to security and ethics. The rest of the book discusses issues such as health information exchange; consent; transparency; secondary uses of health information; and the future of privacy. Of particular note is the chapter on secondary use that includes a look at genomic data and explores the tensions between individual privacy and the benefits that could derive from the use of this information. This chapter largely foreshadowed some of the controversy on re-identification of individuals in genetic data bases, which was being hotly debated just as the book was published. I would recommend the book to anyone who wants to better understand privacy and related issues from different perspectives.
HIMSS: What are some of the greatest challenges healthcare professionals and organizations face on patient privacy and security in today’s healthcare environment?
Koontz: While security and privacy are two different disciplines, it is clear that without good information security, we cannot protect individuals' privacy. A foundational element of security is conducting a security risk assessment to identify risks and mitigating controls. We are finding many entities, particularly smaller ones, lack the expertise and resources to do the assessments needed to protect sensitive medical information. Developing ways to underscore the importance of these assessments, and tools to effectively conduct them is an ongoing challenge. Another challenge on the policy side is determining how to balance a patient's right to know what information healthcare entities have about them and how this information is used, versus what is realistic for entities to provide without undue burden and cost. The Tiger Team recently held a hearing on, and continues to debate, this complex issue.
HIMSS: What are the most notable changes you’ve seen in the field of health IT over the course of your career?
Koontz: It has changed tremendously! We've gone from the point of recognizing the need to share medical information to eliminate medical errors to deploying sophisticated, new technology, systems, and processes to transform the healthcare system. As a privacy professional, I am particularly interested in finding new ways to leverage technology to make information more accessible and transparent to patients.
HIMSS: What advice would you give professionals just entering the healthcare or IT field?
Koontz: I can speak most directly to health information privacy. My advice would be: Go for it! The healthcare privacy field is one of the most exciting areas in which to work right now. The need and opportunity to make a difference are great. Healthcare is a domain where we haven't figured everything out yet, at least from a policy or technology perspective, which make it a challenging but rewarding space to work in. I would encourage interested professionals to get broad exposure to all aspects of the health domain and learn as much as they can about the complex interplay among the law, policy, and technology.