Deven McGraw | Center for Democracy & Technology

Deven McGraw

Director of the Health Privacy Project at CDT

Deven McGraw is the Director of the Health Privacy Project at CDT. The Project is focused on developing and promoting workable privacy and security protections for electronic personal health information.

Ms. McGraw is active in efforts to advance the adoption and implementation of health information technology and electronic health information exchange to improve health care. She was one of three persons appointed by Kathleen Sebelius, the Secretary of the U.S. Department of Health & Human Services (HHS), to serve on the Health Information Technology (HIT) Policy Committee, a federal advisory committee established in the American Recovery and Reinvestment Act of 2009. She also served on two key workgroups of the American Health Information Community (AHIC), the federal advisory body established by HHS in the Bush Administration to develop recommendations on how to facilitate use of health information technology to improve health. Specifically, she co-chaired the ... More »

Ms. McGraw has a strong background in health care policy. Prior to joining CDT, Ms. McGraw was the Chief Operating Officer of the National Partnership for Women & Families, providing strategic direction and oversight for all of the organization's core program areas, including the promotion of initiatives to improve health care quality. Ms. McGraw also was an associate in the public policy group at Patton Boggs, LLP and in the health care group at Ropes & Gray. She also served as Deputy Legal Counsel to the Governor of Massachusetts and taught in the Federal Legislation Clinic at the Georgetown University Law Center.

Ms. McGraw graduated magna cum laude from the University of Maryland. She earned her J.D., magna cum laude, and her L.L.M. from Georgetown University Law Center and was Executive Editor of the Georgetown Law Journal. She also has a Master of Public Health from Johns Hopkins School of Hygiene and Public Health.

« Less

Blog Post - HHS Releases Rules for Electronic Health Records

7/14/2010 Health Privacy

The health IT and privacy communities have their heads buried in text! Three branches of the U.S. Dept. of Health and Human Services (HHS) have released more than a thousand pages of rules on health IT in less than a week.

HHS released two rules on Tuesday. The Office of the National Coordinator for Health IT (ONC) released the final rule setting the criteria for certification of electronic health records (EHRs). At the same time, the Centers for Medicare and Medicaid Services (CMS) issued the final requirements that health care providers (chiefly physicians and hospitals) must meet to be “meaningfully using” EHRs and therefore qualify for federal Medicare and/or Medicaid subsidies beginning in 2011. This is on top of the proposed privacy rule issued by the Office of Civil Rights last Thursday (see our blog post on that rule).

Blog Post - Health IT After HITECH Panel: Protect Privacy, Let Data Flow (Video)

7/1/2010 Health Privacy

Last Wednesday, CDT convened a breakfast panel discussion on health information privacy at the San Francisco office of the law firm of Manatt, Phelps and Phillips LLP. The panel combined both California and national health IT expertise and featured Jonah Frolich, California Deputy Secretary for Health Information Technology; Alex Kam, Acting Director of the California Office of Health Information Integrity (OHIII); David Lansky, President and CEO of the Pacific Business Group on Health; John Mattison, M.D., Chief Medical Information Officer of Kaiser Permanente; Deven McGraw, CDT’s Health Privacy Project Director; and Julie Murchinson, Managing Director of Manatt Health Solutions. Leslie Harris, President and CEO of CDT, moderated a discussion that quickly became an active one among both panelists and attendees.

The focus was initially on California and a recent paper released by CalOHIII largely raising concerns about “secondary” uses of health data (the paper will be available online shortly, check back here for a link). Such uses are often cited as raising greater privacy concerns. Yet the use of data for secondary (beyond individual treatment) purposes – such as for quality measurement and comparative effectiveness research – are key to achieving greater health system reform, raising the question of whether they should be relegated to secondary status.

Planted Press - Translating Lessons Learned from Grantees into Meaningful Use

5/24/2010 Health Privacy

Sometimes the work of federal policymakers in Washington seems far away from the daily reality of trying to improve the health of individuals with chronic conditions. But as health IT incentives move forward at a rapid pace there has never been a better time to educate policymakers about our work.

As Project HealthDesign grantees demonstrate how technology can be leveraged to improve health, I am working with the legal and regulatory team at Manatt Phelps & Phillips, LLP to help bring their experiences into HITECH/ARRA implementation policy discussions.

Blog Post - A Good Day for Health Privacy

2/18/2010 Health Privacy

Today’s Health IT News was focused on the Health IT Policy Committee’s discussions about adding some flexibility to the criteria that health care providers and hospitals will have to meet in order to be “meaningfully using” health IT. Only “meaningful users” are eligible for to receive federal funds under the stimulus legislation (ARRA) to purchase electronic health records.

That news should not overshadow two important health privacy developments that also occurred yesterday. First, the Policy Committee endorsed a recommendation from its Privacy and Security Workgroup (which CDT co-chairs) that providers and hospitals who are fined for significant civil or a criminal HIPAA violation should be ineligible for a health IT incentive payments. In short, you cannot be “meaningfully using” health IT if you are willfully neglecting or intentionally violating federal health privacy and security rules. This particular meaningful use recommendation - and other meaningful use requirements that are aimed at promoting privacy and security - was not among those eligible for “flexibility.”

Second, the Office of the National Coordinator for Health IT announced that it had appointed Joy Pritts to be the Office’s first ever Chief Privacy Officer. Joy is an alum of the Health Privacy Project (before it was merged into CDT), and has spent more than a decade working on health privacy. CDT has worked closely with Joy in the past, and we look forward to working with her to promote a

See all Deven McGraw's Work

Issues

-> Free Expression

-> Consumer Privacy

-> Health Privacy

-> Security & Surveillance

-> Digital Copyright

-> Internet Openness & Standards

-> International

-> Open Government

Contact Deven McGraw

Recent Blog Posts

FCC Delays Neutrality Ruling as Two Key Issues Are Studied

Internet neutrality has been the focus of a lot of private discussions in Washington over the last month or two. As has been widely reported, the FCC tried hosting a series of stakeholder negotiations; Google and Verizon jointly proposed a... Continued »

First Amendment Shell Game

Last week, Senator Al Franken said Internet neutrality is “the First Amendment issue of our time.” Franken’s statement comes as Internet service providers—including giants like AT&T, Time Warner and Verizon—have... Continued »

The U.A.E./BlackBerry Privacy Dustup Affects Us All

Governments of countries including the United Arab Emirates, Saudi Arabia and India have recently insisted on the need for access to users' BlackBerry messages for security purposes. If BlackBerry maker Research in Motion (RIM) doesn't... Continued »