Shaping the Future of Health Data Privacy
Navigating Health Data Privacy
As healthcare rapidly embraces AI and digital transformation, the privacy landscape is shifting in real time. Tina Grande, Healthcare Trust Institute’s President &CEO, brought together the nation’s leading experts, including Citizen Health’s Deven McGraw and Omada Health’s Lucia Savage, for the highly anticipated ADAPT (Advancing Data, Access, Privacy, & Trust) Conference, where attendees will help shape a 3–5 year forecast highlighting how evolving privacy rules, risks, and technologies will impact trust, regulation, and innovation in healthcare. Beyond compliance, this forecast will offer strategic, operational, and public policy insights to support proactive planning in a volatile environment—highlighting everything from cybersecurity threats and liability risks to investments in data governance, trust frameworks, and patient engagement.
Register for the November 10-12 conference: ADAPT Conference 2025 in Palm Springs – Checkout
Takeaways
- Health data sharing is essential for improving healthcare quality.
- HIPAA is often misunderstood, leading to confusion about privacy rights.
- Patients should have control over their health information.
- Technology in healthcare presents both opportunities and risks.
- Trust is crucial for effective healthcare delivery and data sharing.
- Consumers need to be aware of privacy policies and their implications.
- Legislation is evolving to better protect health data.
- Health apps can pose privacy risks if not properly managed.
- The ADAPT conference aims to foster discussions on trust in healthcare.
- Collaboration among stakeholders is key to improving health data privacy.
Chapters
00:00 Introduction to Health Data and Privacy
02:47 Understanding HIPAA and Its Implications
05:24 The Role of Technology in Health Data Management
08:17 Trust and Data Stewardship in Healthcare
11:22 Consumer Rights and Health Information
14:09 Privacy Concerns with Health Apps
17:02 The Impact of Legislation on Health Data
19:43 The Future of Health Data Privacy
22:34 Upcoming Conference: ADAPT
25:26 Personal Perspectives on Health Data and Privacy
Data Privacy
Good morning. I am really excited. Well, first of all, I'm Robin Strong in here with Health Dame and today we're going to be talking about health data and privacy and some really important issues. And it is my pleasure to be able to introduce three of really national, if not global experts in the field, people that.
have been doing this work for a very long time, really, I would say, trailblazers in the space, and certainly very experienced and published. And I'm really excited to learn from you guys today. So what I'm going to do is go around and ask each of you to just say your name, your organization, and a little bit about
what you're doing in this space. And then we're going to launch into many, many questions that I have. So Tina, why don't you start us off, if you will.
Will, thank you, Robin, for having us on today. My name is Tana Brandy, and I'm the founder of the Health Care Trust Institute, which is an alliance of health care organizations. We're located in Washington, DC, and our primary focus is on policy issues that build trust in information sharing. We really feel that as an organization, the way to race towards treatments and cures
and improved healthcare quality is to make sure that data is shared, but that it's done so under the auspices of good data stewardship. So we focus on improving data privacy laws and protections, improving cybersecurity laws and protections, and then watching what's happening with AI to make sure that good data stewardship practices are used as that technology grows. So that is why we exist, and I am so pleased to be on today.
Speaker 2 (01:53.208)
So you're tackling just a simple issue. OK. All right, Devon, you're up.
A simple stack.
Speaker 3 (02:01.422)
I'm Devin McGraw. the Chief Regulatory and Privacy Officer at Citizen Health. Citizen Health is a consumer technology platform that enables patients. We focus on patients with rare and complex conditions to be able to use their rights under US federal law, HIPAA, and the 21st Century Cures Act to get copies of all the health information from every place where they've been seen, under their control, in their possession.
and then for them to be able to use it and then share it to meet their needs. We are about to more publicly release, it's been in beta testing for a couple of months, a tool that we're calling the AI Advocate that enables people to have conversations with their own medical records. Tell me when I had my last tetanus shot. Give me a summary of all the medications my kid is on.
I'm filling out an individualized education program application for my kid's school. I have all these health questions about my kid that I need to answer. Here's the question, what's the answer? Copy and paste it into the form. So things like that, like making data actionable by and for patients versus just a static kind of shoebox of their data.
So I'm going to ask one question and then move to Lucia because I could probably talk for three hours about this. But how do you let people know that's available? Do you do direct to consumer or is it through physicians or health professionals that people find out about how to access those tools?
We do reach out to consumers directly through our website, but most of our patient recruitment, patient outreach comes through partnerships with patient advocacy groups. So if you have like somebody with a rare condition likely has gotten in touch with the patient advocacy nonprofit for that rare condition and we work very closely with those groups to empower them with data if the patients want to share it with them as well as
Speaker 3 (04:09.23)
they help us recruit patients to the lab.
Wow, that's amazing. Lucia, welcome.
Thank you for having me. So I'm Lucia Savage. I'm currently the head of privacy regulatory and public policy at Omada Health. And it will be interesting for your listeners to understand that we also have a software platform, but don't get distracted by the app. So what Omada is, is that Omada is a healthcare provider. So we actually provide a healthcare service. We bill insurance companies with a claim, just like your doctor's office does and sort of all the ordinary
rules that you would expect to find when you go to a doctor's office or hospital also apply to us. So just the app is really not the end of the story. The app is the beginning of the story, which is I think a theme you'll find as you talk to us today. My portfolio there is all things privacy, so state and federal, US based, all things regulatory. So scope of practice, licensure, fraud, waste and abuse, everything in health care. then a side of public policy when the laws are
can't keep up with the technology that I, you call me.
Speaker 2 (05:20.344)
Wow. So obviously, things are exploding when it comes to technology. People understand apps. Well, they understand they're out there and they're using them. But linking them through what they should be aware of when it comes to personal health information and data sharing and tracking and privacy, these are not things that
As a labor, I'm not an attorney. I'm not an expert on privacy. But I use apps. And it wasn't until recently that I started having conversations with people that were making me a nervous wreck about it. But I think it might be helpful if one of you wants to kind of give us a very brief overview. People know what HIPAA is. And that was back in the 90s.
And I think I'm gonna ask you, Lucia, to start, only because before we started today's call, you were telling me something really interesting about Twitter and HIPAA and the law. think it's worth repeating because I just, never thought HIPAA would be funny, but go for it.
so the story was, so the acronym is HIPAA, and that stands for the Health Insurance Portability and Accountability Act. Note the word privacy does not exist in the acronym. And portability was portability of your insurance. So HIPAA was a bunch of different rules. And one of them was the one that allowed you to count coverage at one employer to get rid of the waiting period at the next employer in your career. So that was portability.
And the accountability part was forcing mainly hospitals, but for people who build Medicare to do so with a digital claim, an electronic claim. And because the data was gonna be digitized, actually Rand Paul's dad insisted that we create a privacy regulation so that we could protect what was now gonna be electronic information. And if you remember in 1996, this was very nascent. We barely had HEDIS.
Speaker 1 (07:29.314)
things were still being done on punch cards in some cases. It was still ones and zeros. So was still digital. And so that's how we got the privacy part of HIPAA. And we had some existing rules and structures which instituted in that privacy part the right of each of us personally to get our own health records, which is really fundamental to the work that Citizen Health does. So that's HIPAA. The funny story is, it used to be
during the NCAA bracket, you know, playoffs. Somebody would run a bracket in HIPAA on what was the most misunderstood law in America. And HIPAA was invariably in the top three. It usually lost out to the First Amendment or the Second Amendment. But those of us in the HIKI NŌ who participated in this would like be cheering it on because in my world, we really wanted it to win.
And so it has incredible branding. People know the acronym, even if they misspell it, they just don't understand either its origin or what it means today. They know it has something to do with healthcare and privacy, and they're not sure where it applies. And people fraudulently say their apps are compliant when they're not even a covered entity in HIPAA. There's a lot of misinformation, and so people are confused.
Devin, remember you and I were on some panel or something like in 2007 or eight or something and the eye, you know, is insurance and you and I were talking about how so many people say information because they associate HIPAA, you know, with information flow and they'll say health information instead of health insurance.
They said Health Information Privacy Protection Act. Yeah. That's probably what I see most often. I'm like, yeah.
Speaker 1 (09:18.042)
I think that there's a I think that's the New York law like they actually have a law that like has the same letters but in a different order and let's not go down that rabbit hole.
There you go. That's part of the challenge, isn't it? And that was in the 90s. there have and that was, you know, that afforded some protection, but obviously it wasn't comprehensive. And there's been a lot of movement forward with new technologies. And what I can't have this conversation without my patron saint, which is Kara Swisher here.
So I'm gonna read just one hope because I think it sets us up nicely for this conversation. So this is her burn book and I'm probably her number one fan girl, but in any event, she quotes this French philosopher Paul and I'm probably mispronouncing his name, Virilio. And she says, this is a quote I think about a lot. When you invent the ship, you also invent the shipwreck. When you invent the plane, you also invent the plane crash. And when you invent electricity,
you invent electrocution. Every technology carries its own negativity, which is invented at the same time as technical progress. And I think as we in healthcare and healthcare technology do have progress, say what you will about AI, artificial intelligence, or other kinds of technologies, even the apps, and we can talk about that and whether they're protected and how they're really not protected, whether it's through HIPAA or others.
You know, your whole institute, Tina, is about trust. you know, where as patients are told, here's how you can stay healthy, check this, do this, collect that, you know, report this. But we need to understand what we need to be thinking about because there are some dangers. I mean, it may not be a shipwreck, but it could be a world of hurt.
Speaker 2 (11:12.49)
if the data get in the wrong hands or the wrong reasons, and there's a million reasons why. So I imagine this went into your thinking with the Institute and say a little bit about what you see as some of the big issues that you and your members are looking to focus on. What would you say are the top two or three issues that are squarely coming down the road here?
Yeah, I think you the reason we were founded or created was you know this blending of information that is already protected under the HIPAA rules right and then you've got this whole world of information that is not in that framework and when we saw some of these traditional healthcare companies partnering with some of the organizations that are outside of that framework and I'm talking you know like
just used the term big tech, right? There were concerns about reputational risks. It was really interesting how some of these companies handled from a public relations standpoint, certain types of partnerships that some people out there would be very skeptical of, and some handled it well and some didn't. And it was really interesting to see the fallout of that. And it was all about trust. was all about, you're putting PHI into this
you personal helping out nation, whatever it is, you protected health information.
The question health information is health information about a person within a covered entity. It's not a generic term for all health information in world. Very technical legal term for it. See? It's held by a covered entity. Okay. That's right.
Speaker 4 (12:52.238)
Right. And so I think the concern was that, we need to make sure that we maintain trust in the sharing of health information so that people will continue to go to their doctors and share information with their doctors. They'll continue to want to do the right things for themselves. They'll continue to want to participate in research because it's good for them. It's good for citizens at large and so forth.
there was this concern that if trust starts to erode because of reputational issues, lawsuits, whatever was happening out there, you know, in the world, we really have to make sure that healthcare is doing right from a data stewardship standpoint, that they're handling people's information correctly. And with the HIPAA world, that's kind of easy. There's a lot, there's a rule, right? Or a state law that you know you have to follow. But in the kind of framework
beyond or there is no framework in the ether world outside of the HIPAA framework. It's sort of, you know, the rules of the road are really murky. And we just wanted to make sure that we are kind of trying to make sense of all the data and all the information that's being shared for legitimate purposes to improve health outcomes, to improve health care quality, to give people autonomy, to
use and share their health information the way they want to, but that it's done in an environment where you can trust that the information isn't going to be abused or it's not going to be used in a way that you wouldn't want it to be used. And all of the organizations that are part of the Health Care Trust Institute all hold that sort of, you know, like we want to improve privacy for people's health information because it will
build or enhance trust in sharing health information for the right.
Speaker 2 (14:51.062)
Devin, when you're working with your folks on the user end, how do you define, what's the difference between confidentiality and privacy?
Hello.
don't necessarily want to go down that the definitional rabbit hole. Okay, because frankly, they they're there. Okay, and people will argue. It's a very nerdy conversation. parse that. But I will say that I, I so I'm the non HIPAA covered entity at this little table that we've constructed here, right? We are not
I'm deaf.
Speaker 3 (15:32.864)
subject to HIPAA, which frankly is not something that I can control. I'm not opting out of HIPAA. I don't get to be covered by HIPAA. Because as Lucia aptly explained, HIPAA's coverage was defined by Congress and we can't even opt into it. Other than what we can do is make a very strong series of commitments about how we protect data. And then the Federal Trade Commission can come after us if we don't do that.
And they have come after healthcare companies that sit outside of healthcare, somewhat aggressively in some cases. And they took a small amount of authority that they got from Congress under the health data breach notification law for non-HIPAA covered entities like personal health records, and blew the heck out of it so that its coverage is actually now, if they get around to enforcing it and nobody challenges them on this expansion.
is quite broad in addition to at least 18 different states have passed comprehensive privacy legislation that includes health data for which a HIPAA covered entity is exempt from, either because there's a HIPAA data exception or a HIPAA covered entity exception or something along those lines. I no longer sit back and say,
you're not covered by HIPAA. You're in the Wild West danger zone. Because the reality is, is that the environment is a lot more regulated than it was in the past. doesn't mean that there's not pitfalls out there for consumers. We try to do the right thing. We helped to draft and we signed on to the Care and Code of Conduct, which is a voluntary set of attestations around how we handle data. We don't.
permissively use data for treatment, payment and operations without the patient's consent because we require patient consent for every use and disclosure of our data. So it's not to say that it's better to be non-HIPAA covered because I still would, we have supported legislation that extends HIPAA to cover a broader set of actors if for no other reason than the consumer confusion is problematic. And frankly,
Speaker 3 (17:43.16)
there's a whole lot of healthcare that takes place outside of that traditional healthcare wall. And people should be able to use those tools and we want to encourage them to use those tools. Otherwise, becomes, the argument about privacy actually becomes about protecting proprietary assets. I'm not sharing with that consumer tool because they're not covered by HIPAA. Well, really, that's not what that's about. It's more about,
some cheese that you thought was yours is moving from your environment to an environment where the patient gets to decide.
It looks like yeah
I just want to underscore. I've had this conversation several times just in the last few weeks that where people say there's nothing protecting you outside of hip and that's just not true. It may be that consumers don't understand, but some of these state laws, Texas and California come to mind are and Washington quite robust and they apply to businesses based there no matter where their people are. So it gets a pretty broad swap of the consumer public.
And in California, that was the express intention of the California Consumer Privacy Act. And they're constantly iterating on it. They're doing enforcements. Stuff is happening there. It's just that the branding, the HIPAA branding, as we discussed. So that's one. Two is absolutely, there is a proprietary or for a patient, they just want the health provider they're seeing. And it could be a physician in a recognized system. It could be.
Speaker 1 (19:21.132)
a holistic practitioner in their community. It could be an herbalist in their community or a Chinese medicine practitioner who wants to see the lab tests so they can do whatever they need to do professionally. We're all healthcare providers that patients choose and the vast majority of providers have some kind of license and quality oversight by a state entity, if not exams and school and all that kind of stuff. And so when we cloak
When we say it's a privacy problem because the next recipient on the food chain isn't a recognized kind of health care provider and some status, it really disadvantages the patient who may need that care and that comprehensive record to travel with them. And that's why a service like Citizens Health where you are controlling where your total record gets disclosed for people who want the responsibility of doing that management and not everyone does, but
Plenty, many people do. That's a really important service. But yes, underscoring, there's not nothing. It's that there's stuff there that people don't recognize and it's kind of new and there hasn't been enough enforcement for it to be embraced as sufficient.
Interesting. So without getting political, without getting political, my understanding is, and I, somebody was explaining this to me not too long ago, that some of the apps like period or ovulation trackers, if you're tracking sensitive personal information, that others can be monitoring it and using it.
because it doesn't fall under certain protections. Am I correct in understanding this or what am I hearing that's not quite right? What for a consumer, what should I be thinking about with very personal apps? What would you recommend or just suggest we think about?
Speaker 1 (21:27.288)
So the problem is that when you see an ad for Betty Boop, I'm making up a name, Betty Boop Period Tracker, on your Facebook page or your Pinterest page, and you click through to that link, the place you clicked through reports back to your social media that a click occurred, because that's how they know if their ads are affected. And what they report back is,
your session ID, you as the social media account, it's Devon's account, it's Lucia's account, it's Tina's account. And so the social media company knows exactly that you as a person went to the website of a period tracking app or logged into a period tracking app. Remember like 15 years ago, people said, people should be able to log into their EHRs with their Google identity. No, because then you report back to Google that Lucia just logged into her MyChart app.
Yep. And that's the tracking. you follow the trades and you remember three years ago, the sort of big explosion of litigation about tracking, that's what tracking information is. That's what Flow got in trouble for is they made some representations about how their app worked. But in fact, when people were interacting and browsing from one place to a Flow place, Flow was reporting back to the first place. And Meta was one of the places, the Meta platforms, right?
They have Instagram, Facebook, I can't remember them all, Snapchat, those things reported back to Meta as a person is using Flow. So that's how they work. And so I think, you know, it's not about Flow's app per se, it's about the interaction between you and your browsing pattern.
Interesting.
Speaker 3 (23:11.15)
I think the other thing that the issues around surveillance got heightened when the Dobbs decision came out of the Supreme Court. then suddenly, people who were tracking fertility, tracking periods, were at risk of having that information end up being used in a law enforcement investigation in states that were hostile to certain types of reproductive care. And frankly, even in a HIPAA context,
the ability for law enforcement to get health data is not, those protections are not very good. And that's heavily negotiated rulemaking as part of HIPAA Justice Department at the table. We might need health data in certain investigations that not even necessarily looking at the fall of Roe v. or predicting it, but just sort of thinking like,
law enforcers, sometimes we might need this data, we should be able to get it if we're in an investigation and then you end up with a set of rules that said the law enforcement can get it. And that's true of a lot of privacy laws. the particular example that you raised around reproductive health data and the concerns there got escalated pretty considerably. And so when I can remember doing a number of conversations with reporters about flow and fertility tracking apps and like,
What would you advise patients to do? Well, I always advise patients, actually have to read the privacy policy to see what their data practices are. But second of all, you might consider writing it down on a piece of paper in this environment. It's a terrible piece of advice, but it's the reality for this particular type of data and the kinds of consequences when law enforcement can get a hold of it.
Good.
Speaker 1 (25:01.422)
It's something that...
Those privacy policies that Devin's talking about, so many of them, a normal person who is not steeped in these
to understand, right? And what's there that you might not really get. Yeah.
Roll to the bottom and admit it well you guys probably don't but you know 98 % of even if you PS when you're reading like you have to scroll through five pages just to initial and I think to myself who's reading this you know the line is out the door you don't want to be the one that's holding up everybody with the screaming kids behind you so you sign up but I think what this points to is there really are are some gaps and.
Tina, I want you to share a little bit about your upcoming conference because I think you're tackling all of these really groundbreaking areas and some that have been with us for a while and still need some help in modernizing or bringing up to where they need to be. So say a little bit about, is it ADAPT that's coming up in the next? All of you guys have to be participating and then some. take a
Speaker 1 (26:10.542)
called Adapt.
Speaker 4 (26:15.278)
We're so excited to have Devin and Lucia as part of this and we've got all these great speakers lined up. But yes, ADAPT stands for Advancing Data Access, Privacy and Trust. And we're really going to be focusing on these trust issues that we've been talking about just literally today and we'll have some other issues that we're discussing. But it's all about just how do we build a trust environment in healthcare so that we can all, you know,
do what we need to do to be healthier people, right? And there's trust from consumer or patient to provider or health plan or app, you know, that whole world. And then there's also business to business trust. Yeah, of course. also play a part here. So the conference is November 10 through 12 in Plum Springs, California. And Devin and Lucia are going to be really huge contributors. We are so thrilled. And
Yeah, we're just, it's not meant to be some big trade show with booths and all that kind of stuff. This is supposed to be really a thought leader conference where we bring people together to talk about these trust issues, do a little forecasting on the next three to five years. Where do we see some of these trust issues and health information sharing going so that we can help plan, you know, as organizations.
group think about what you sort of future predict wow do you feel your thunder but that sounds amazing it'll be cool
Yeah, we're gonna draw.
Speaker 4 (27:44.472)
We're going to actually like literally draw pictures of the issue. It's a visual product. So I'm thrilled. We've got innovators like Lucia and Devin who are going to be contributing. We've got government people coming in to talk about where the government's head is right now on this. We've got certain kinds of like
Yeah, yeah.
been
Speaker 4 (28:10.446)
regulating type entities like the Joint Commission coming in to talk about some.
care regulatory in addition to the government.
Okay. Yes. So it should be a lot of fun. We're hoping that there's a lot of networking and, you know, just building of relationships at this conference so that we can all sort of work together to like push forward trust in healthcare sharing.
So Lucia, did you mention earlier before we got on that you're doing a panel with your husband to tell me about what you're doing? Are you guys kind of cool?
Little peek if you were to come to my house for dinner. Okay. The gist of it is we have and he works in health IT and he's a consumer advocate and a civil rights attorney by background. So he's very interested in making sure that what we're doing, the innovation we're doing is accessible to all people in the US regardless of their health literacy, their English literacy, etc.
Speaker 1 (29:11.854)
even their broadband. But in that context, we've been having a lot of very passionate discussions about, you know, when a person takes their health data, their full record, and then gives it to an AI company to help them analyze it, you know, is that a catastrophe waiting to happen? To your Kara Swisher quote. And we have different points of view. So my point of view is we should expect bad things to happen, but people have, adults have autonomy, and we should let the adults
manage the autonomy with as good of language as we can give them. We don't patronize people in banking. We don't make people go through hoops to manage their own money. And unfortunately, catastrophes happen there too, because people can be poor money managers. And his point of view is that maybe more, well, I'm speaking for him, so he will say his own point of view in this trust talk, but he has a different point of view about how much protections we need to do to keep that trust fabric in place that Tina is talking about.
So that's what we'll be doing is a little bit, it's very short, 20 minutes, pro and con, maybe we'll love- ...bar afterwards and you can talk to us more. But I think there are a couple of different angles to think about this, as we empower patients, what are the backstops that we build in institutionally versus how much do we let autonomy run? There are orgs like Devon's doing a great job. There are other orgs-
that.
Speaker 1 (30:36.726)
that we can just say we know there are orgs out there that are not doing a great job, or that could be completely fake apps that are hoovering it into the dark web or fake terrorism. There's all kinds of ways to get bamboozled. So that's what we'll be talking about.
And one of the reasons I love that is because when my husband was alive, he worked at the Food and Drug Administration and I usually worked, I wouldn't say on the other, yeah, he was in CEDAR, the Center for Drug Evaluation and Research, he was a pharmacist by training. And I was always advocating for parents to have access and so he was always coming with the, you know, it could actually, and I'm saying these are like life and death, they've run out of options and he's like,
Robin, you think it's gonna always work, but what if it makes the baby worse? so he was coming at it from the protection side. I was coming from it as a desperate parent needing to try, and that there has to be some middle ground. And of course there are some interesting middle grounds and that's what maybe your conference will come out with. What are these flexible protections? So as things are moving forward,
You know, you want people to be protected. You want the companies to be protected and you want the health providers who are also at risk. They want their patients to get better, but they're kind of having to learn all this new technology, let alone all the regulatory stuff. And so Devin, tell us a little about what you are going to be doing at the conference.
Sure, I'm moderating a panel on technology innovations to protect privacy. And we're going to be talking a lot about how do we make sure that individuals can consent granularly to the sharing of their health information in circumstances where we should be giving them choices.
Speaker 3 (32:35.062)
We don't, for example, have a choice to share our data with public health departments. That is important for all of us for that to happen. You can't opt out of that. But in circumstances when you do have a choice or you should have a choice, it should be something that's better than all or nothing. Like, I'm OK sharing something more along the lines of, you can share this information, but my conversations with my shrink or the fact that I'm seeing one.
I don't wanna share that with anybody, because that's really sensitive to me and it's important that I keep that private. So that's just an example of share some pieces, choose who you wanna share things with in a more granular way and how do we do that technologically for patients. And that's what the panel is gonna be about. I'm moderating it as a number of folks who are kind of involved in the policy development, the technology.
next
Speaker 3 (33:31.426)
development and where are we with that and where are we headed?
Perfect. And I know we only have about four minutes left before we lose Lucia. And I always ask everyone for their favorite song. But before I do that, Tina, just give us a website address where people want to learn more about the conference or how they can attend. I don't even know if that, think there are still tickets left and I would encourage everyone to check out the website and see if you can get out to Palm Springs and do a deeper dive. So where are we sending folks?
We're sending them to adapt-conference.com. And if you go there, you'll see the list of speakers, the agenda, the location, beautiful brand new Thompson Hotel, just hugging the mountains. It'll be a beautiful setting to relax and share.
Good, good, good. And Lucia, I'm going to have you share your favorite song, which will be part of the curated health game playlist. And then if you need to hop off, you go and we'll get the other, because I want to make you late to your next session meeting.
Well, when you asked me this, mean, everyone has like a thousand songs, but I will just tell you one that's the nearest and dearest to my heart these days and, it's context for healthcare, which is I love Patty Smith. The people have the power. I love every version of it. I've ever heard. There's a YouTube version. There's a choir choir choir version. There's orchestral versions. There's just Patty Smith and a raspy voice, but it's a song about how we have autonomy and we can take charge and we can change the world.
Speaker 1 (35:03.938)
You know, as Gandhi said, be the change you want to see in the world. And that song really embodies that to me. And it's been my kind of career philosophy, but also it's perfect for this moment of health information.
I love that! That's perfect, Devon!
again, I have lots of favorite songs and mine is not nearly as inspirational as Lucia's. I'm so impressed. There is something about this song, Walking on Sunshine, that literally the minute it starts, I'm just like, it can make me feel so happy no matter what mood that I'm in. It's Katrina in the Waves. It's from the 80s. I don't think she did anything else.
Or she didn't, know, it never got, you know, the kind of attention that walking on sunshine, it's just, it's, I love that song.
Excellent, perfect. And Tina.
Speaker 4 (36:01.166)
God, this is the hardest question I've had in so long, There are so many and I'm such a music fan. All right, I would have to say my own son wrote a song called Nightingale that they just produced in a studio and I mean, I cried.
name of their
in our
for so many years and so I have to say that's my favorite but really it all for me it's all very mood dependent. Eva Cassidy is a local DC singer songwriter from like the 70s and 80s and she did a cover of Fields of Gold by Sting that isn't it gorgeous if I'm in a... No are you kidding?
to my high school, Tina.
Speaker 2 (36:47.982)
It's gonna be
You
high school. Wow, that is amazing. I'd say that's my favorite if I'm in a reflective mood, but then I have other moods. Like if I'm in a really like fun mood, I'm at Almond Brothers, you Jessica is up there or live music. I don't know. Going to California.
We have to interview again so that we get more songs. Lucia, thank you. She has her hop to her next meeting. No worries. I know it's very hard to pick one song. But before I end, just give us the websites for both your organizations. Devon, what's yours for Citizen Health?
Yeah
Speaker 2 (37:40.312)
Don't what?
dot com.
Okay.com. It sounded like you said dot funk. I was like, doesn't sound right. There are so many embassies and sometimes my connection gets a little muddled when there's like world events happen. I always know before the news reports, cause my internet goes a little weird. Okay. Tina, take us home. What's the website for the Tusk Institute?
Speaker 2 (38:15.266)
that. Okay, all right.com. And I'll get a lot of health for Lucia. And we will get this up and on the health team site, and we'll make sure to promote it. So everybody gets to know more about what each of you are really important work that you guys are doing. And I just want to thank you for taking the time to talk with me this morning. So I'll give you back the rest of your day.
And I think the conference is going to be incredible. And I did see the lineup of speakers. And it is really a who's who of who is in this field. So everyone better get their tickets while they're still available. So I encourage everyone to check it out. Thanks, guys. Have a great day. Bye, Devon.
now. Thanks for having me. Bye, everybody. Bye.
President and CEO, Healthcare Trust Institute
Tina Olson Grande, MHS, is President and Chief Executive Officer of the Healthcare Trust Institute (HTI), an alliance of the nation’s leading healthcare organizations committed to promoting and implementing effective privacy and security protections for health information that engender trust in the healthcare system and allow for the advancement of treatments, cures and improved healthcare quality for individuals and populations.
Tina Grande | LinkedIn
Favorite Song: Fields of Gold, Eva Cassidy and Nightingale, Tina’s Son
Deven McGraw is Chief Regulatory and Privacy Officer for Citizen Health, a platform for patients to gather, manage, and share their complete health histories (previously known as Ciitizen and divested from Invitae in late 2023). From 2015-2017, she directed U.S. health privacy and security policy as Deputy Director, Health Information Privacy at the HHS Office for Civil Rights and Chief Privacy Officer (Acting) of the Office of the National Coordinator for Health IT. Widely recognized for her health privacy expertise, she directed the Health Privacy Project at the Center for Democracy & Technology for six years, testifying before Congress on health privacy issues on multiple occasions.
Deven McGraw | LinkedIn
Favorite Song: Walking on Sunshine, Katrina & the Waves
Chief Regulatory & Privacy Officer, Citizen Health
Chief Privacy & Regulatory Officer, Omada Health
Lucia Savage is the Chief Privacy & Regulatory Officer, Omada Health. Named “one of the largest patient privacy and digital health advocates” in the nation by SC Magazine (Sept. 2021) Ms. Savage embodies the strategic expertise needed for a 21st Century health care system. An experienced C-suite executive and board member, Ms. Savage advises CEO’s, Cabinet Secretaries, and Members of Congress on how health care can most effectively take advantage of ubiquity of digital tools, and how health care is evolving in the 21st Century.
Lucia Savage | LinkedIn
Favorite Song: People Have The Power, Patti Smith
Stay in the KNow!
Get our monthly email featuring expert interviews from the healthcare industry with real insights, no fluff. Get the latest information that help you better understand your healthcare options.
Thank you for subscribing! We're excited to have you here.
You’re all set and will receive our monthly email with expert conversations and insights from leaders in healthcare.