UCSF’s Chief Privacy Officer Balances Privacy and Progress

In the late 1990s, UC San Francisco School of Nursing alumna Deborah Yano-Fong (BS ’78, MS ’87) was already working two half-time jobs, as co-director of patient relations and as an assistant director of nursing at UCSF Medical Center, when she was asked to take on a new responsibility: patient privacy compliance.

Although this was originally proposed as a simple addition to her patient relations duties, Yano-Fong could not have envisioned how the job would grow as the Internet became ubiquitous, the health care industry moved to electronic health records, and the vulnerability of data to hackers became painfully obvious. The privacy job soon grew exponentially, and in 2002, Yano-Fong would become UCSF’s first chief privacy officer, overseeing all privacy-related policies and procedures for the medical center and the four UCSF graduate health sciences schools. Her work touches all areas of the organization’s operations as new challenges have risen alongside new technologies that promise better care and better communication.

From Bedside Nursing to Nursing Management

“My aunt was a nurse, and I had always wanted to do something meaningful that would help other people,” says Yano-Fong. After finishing her undergraduate studies at UC Berkeley, she completed her BS degree in nursing at UCSF and went to work in the neurology and neurosurgery unit at UCSF Medical Center, eventually becoming the unit’s nurse manager.

Her interest in the management side of the nursing profession grew, and in 1985, she returned to the School for a master’s degree in health care administration.

Shortly after completing her master’s program, Yano-Fong had her first child and was looking for a way to balance her work and family lives. She and another recent master’s graduate, Susan Alves-Rankin, hoped to create a shared position, but at the time, there was little support for job sharing within the medical center’s nursing department.

She recalls, “We found a position for the director of patient relations, which reported outside of nursing, and the hiring director accepted our proposal for a job share. We became the first job share within the UC system.” The arrangement proved successful, and Yano-Fong and her co-director were often invited to speak and give presentations on job sharing, which has since grown to around 1 percent of the United States workforce, according to a 2007 survey by the American Business Collaboration.

HIPAA Puts the Focus on Patient Privacy

In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA), which requires certain health care organizations and providers to ensure the privacy and security of patient information. As HIPAA regulations came into force, the medical center’s management realized they needed someone to oversee a new program dedicated to privacy compliance with HIPAA regulations. Because of the overlap between patient privacy and patient relations, they tapped Yano-Fong to develop the new program.

“They said, ‘Could you do this on top of everything else?’” she says, laughing. “Initially, I was managing, because I was starting up a new program, and nobody really knew what it was going to be. Then it took off, at which point they said, ‘Maybe you should do this full-time.’”

UCSF’s Integrated Privacy Model

Unlike the four other UC medical centers, at UCSF’s Privacy Office a single officer oversees privacy issues for both the medical center and the four UCSF graduate health sciences schools, as well as UCSF Benioff Children’s Hospital Oakland and UCSF Benioff Children’s Physicians. As the only UC campus dedicated solely to graduate education in the health sciences, UCSF faces privacy issues that reach across clinical, research and academic arenas in a comprehensive way; there is little academic activity that isn’t also affected by HIPAA and other privacy concerns. It made sense to then-Chancellor J. Michael Bishop to unite responsibility for privacy issues under one office, including areas such as contracting, fund-raising, human resources, education and training.

The model has turned out to be eminently practical, says Yano-Fong. “So much of our academic and clinical activity crosses over, and having that consistency, with a single office, simplifies things. People don’t have to think about which office to call for privacy concerns,” she says.

Operational simplicity is particularly important because it makes it easier for people to comply with what can sometimes seem like a complex maze of regulations from both the state and the federal government. “Our job is to translate the regulations and the legalese into actionable steps: What does it mean to the person on the front line taking care of patients or doing patient-centered research?” Yano-Fong says.

She and her staff of 10 actively collaborate with stakeholders across the organization to ensure communication goes both ways and organizational policies and procedures meet the needs of all parties. “We try to understand why a particular project is important. We look at the hurdles and try to find ways to help them stay compliant [with privacy regulations],” she says.

New Technologies, New Challenges

Yano-Fong with her staff While patient care and compliance with HIPAA is one of the main responsibilities of the Privacy Office, the scope of its responsibilities is much broader. Marketing, workforce management, student and alumni records, development, research, intellectual property management and even vendor contracting are some of the activities that have a potential impact on privacy. That variety is part of what Yano-Fong enjoys about the job. “No two days are quite the same. Some of the things that come up, I couldn’t even dream of,” she says.

Moreover, the scope of her job is changing rapidly and constantly. Some of the greatest current privacy challenges were barely on the horizon when HIPAA was enacted. While the law was written specifically to address the electronic transmission of patient information, Congress didn’t foresee the explosion of technology that would allow corporations, researchers and individuals to share enormous amounts of data with a few clicks of a mouse.

Mobile health is one example of a rapidly expanding new technology with implications for privacy, and Yano-Fong often gets calls from researchers who are developing a new app for a research protocol and want to know what privacy issues they have to think about. “We work with our IT [information technology] security colleagues to ensure everything is secure from end point to end point,” she says.

Yano-Fong and her staff frequently find themselves trying to piece together protocols and policies to protect privacy within the framework of these evolving challenges. Cybercriminals hacking into and holding for ransom entire databases of clinical records – as happened to three (non-UC) California hospitals in a single month in 2016 – is one startling example. Another issue that keeps many hospital administrators up at night is the potential for criminals to hack into medical devices and harm patients.

Transparency and Communication Are Key

Scenarios like these have people understandably concerned when presented with consent forms that include releases of information for research or internal quality improvement projects. A big part of Yano-Fong’s job is to ensure transparency, which means being open and specific about exactly how data will be used. It can be tempting for researchers working with large data sets to use information for purposes beyond the scope of the original releases signed by patients; researchers are understandably eager to expand and move ahead with projects that could ultimately improve care, but Yano-Fong and her staff sometimes have to ask them to take a few steps back and look for ways to get explicit consent.

She says, “We always remind them to ask, ‘What does the patient know about how their information is being shared?’ It really only becomes problematic when we haven’t told the patient what we’re doing with their information.”

She sees the value of using big data to both speed and deepen clinical research. Her role is to balance the use of this information while ensuring that the researcher and the university comply with applicable privacy laws and policies, so she believes that communicating this value is another important aspect of her role. “Most people haven’t had much experience being involved in research, and they’re concerned about these large databases, which are a really critical component of making health care better,” she says. “We have to ensure they understand the value but also that we take privacy very seriously, and that we have multiple protocols, processes and checks and balances.”

In the end, says Yano-Fong, ensuring privacy is a function of effective communication and collaboration, and she invites anyone with questions about privacy to contact her office. She sees her nursing background as critical to her success. “I think having the clinical background and the operational framework has added to my credibility,” she says. “We focus on solutions everybody can live with. Everyone wants to do the right thing.”