Site Information

For US Office of the Chief Privacy Officer – National Coordinator for Health IT, DHHS

US Office of the Chief Privacy Officer – National Coordinator for Health IT, DHHS

Government Agencies

12 Credit

Healthcare; Intellectual Property; Media/Communication Law

Factual Investigation; Legal Research & Analysis; Policy; Transactional Drafting

Work Description


Office of the Chief Privacy Officer – Office of the National Coordinator for Health Information Technology, Office of the Secretary, US Department of Health and Human Services, Health IT Privacy and Security Program Analysis    

POSITION TITLE: Health IT Privacy and Security Program Intern / Extern

LOCATION: Washington, DC

DURATION: 3-6 months

Help influence policy to protect the security and privacy of the nation’s health records!  In the Office of the Chief Privacy Officer (OCPO), you will gain valuable experience in the policymaking process as you assist in the development and coordination of the nation’s Health Information Technology security and privacy policy.  We are seeking an extern who wants to work in a fast-paced, innovative office and to learn more about how technology intersects with the policy aspects of health IT privacy and security.  In this position, you will serve as a Health IT Privacy and Security Program Analyst.

The Privacy and Security Program Intern/Extern position in the Office of the Chief Privacy Officer will be mentored by an OCPO official.  However, the Analyst may be asked to participate in privacy and security-related projects from other senior-level staff and will fall under their supervision when doing so.  It is expected that the Health IT Privacy and Security Program Analyst will use his/her knowledge of the policymaking process (including any knowledge of the legal system and legal research and writing experience if relevant) to analyze policies related to privacy and security of health records and health information exchange– with a focus on legislative and regulatory texts.  The Analyst should gain knowledge and experience in policymaking, as he or she will conduct research and participate in meetings directly tied to the policymaking process.  Within these areas, the Analyst will exercise a high level of autonomy.


  1. The Extern will be expected to assist in preparing, reviewing, and commenting on requests for information, notices of proposed rulemaking, and final rules to ensure their alignment with the goals and projects of the Office of the National Coordinator.  He/She will write memoranda and present findings to the Chief Privacy Officer.
  2. The Extern will assist the Chief Privacy Officer in examining the applicability of existing state and federal privacy laws and regulations to different health information technology policy proposals.
  3. The Extern will conduct research and assist in the preparation work for hearings of the Privacy and Security workgroups of the Health Information Technology Policy Committee (HITPC), a Federal Advisory Committee.  This work will include the preparation of documents for the work groups, including summaries of: laws and regulations, public comments, and questions from prior workgroup meetings.  The Analyst will also assist in keeping the workgroups’ pages on the ONC website up to date.
  4. The Extern will assist the Chief Privacy Officer in keeping the Privacy and Security section of the ONC website current by drafting new items and blog posts.
  5. The Extern will assist in the management of contractor projects by participating in meetings and assisting in scoping the work to further ONC goals, reading and commenting on deliverable materials, providing input into the day to day work of the contractor and offering suggestions for further inquiry and research.
  6. The Extern will attend learning session meetings within ONC, conducted by persons invited by the department from different stakeholder groups.  He/she will be expected to take notes at these meetings and report back the Chief Privacy Officer concerning any relevant material from the meeting.
  7. The Extern will also attend meetings held by other divisions within HHS concerning privacy and security of health information to take notes and report back to the Chief Privacy Officer.

Possible projects include but are not limited to:

  • 50 state survey on state medical record access laws: Update the existing report:, including minors and the accessing of health information
  • Update privacy and security content on, including the privacy and security policy section: 
  • Assist in development of simplified policy and procedure template to move materials from internal ONC system (HITRC) to 
  • 50 state survey of privacy and security laws affecting health research (related to the patient centered outcomes research)  Using superior knowledge of HIPAA, HITECH, and Meaningful Use, the Analyst will review current summaries of privacy and security state laws related to health, He/She will write memoranda and present findings to the Chief Privacy Officer.  Memoranda should be free from errors and in near final condition. The Analyst will examine the applicability of existing state and federal privacy laws and regulations to different health information technology policy proposals, and provide appropriate comment as necessary.  Comments should be professional in nature, free from errors and in near final condition.
  • Revising the New Risk Assessment Tool – OCPO will be releasing a risk assessment tool that it plans to continue to revise and refine based on public comments.  A wiki page will be launched with the risk assessment is released.  An extern could help review comments, prioritize issues, monitor the wiki pages, and assist in working with the contractor on communicating, monitoring and reviewing the revisions to the risk assessment tool.  This will likely include testing, providing prototype language or design to providers and receiving and documenting feedback.
  • Consent Management Technology Environmental Scan – Intern will review information stemming from an environmental scan of consent technology.  This work will support the HITPC and the Health IT Standards Committee’s policymaking process regarding electronically capturing and managing patient consent.  This will include a review of available literature and background information provided by ONC as well as structured interviews with key opinion leaders in health care and other industries. The intern will serve as a key participant in the effort, including reviewing and researching policy recommendations stemming from the effort.

This is just a partial list of the potential projects and tasks for the Privacy and Security Program Analyst under the Chief Privacy Officer.  They are subject to change as the privacy and security policy development for health information technology is dynamic and requires constant re-evaluation. 

EXPERIENCE: The position requires flexibility and ability to multitask. Key attributes of a highly-qualified candidate include: 

  • Knowledge of and skill in performing research and analysis
  • Skill in preparing written recommendations in plain language, including experience with drafting policy documents for senior leadership.
  • Knowledge of the Federal Advisory Committee (FACA) deliberations and policymaking process
  • Knowledge of policies related to privacy and security in the health information privacy policy field
  • Knowledge of Federal and State health IT security and privacy laws, in particular the Privacy and the Security Rules of the Health Information Portability and Accountability Act of 1996 (HIPAA), and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, including Meaningful Use regulations (Stage 1 and 2).
  • Knowledge of other Federal consumer privacy protections, such as the Federal Trade Commission Act, the Fair Credit Reporting Act, the Family Educational Rights and Privacy Act,  and the Gramm-Leach-Bliley Act.           

POINT OF CONTACT: For more information or t o be considered for this assignment, please send a cover letter, resume, and a writing sample to Libbie Buchele –, 202.205.9277 

UNC School of Law | Van Hecke-Wettach Hall | 160 Ridge Road, CB #3380 | Chapel Hill, NC 27599-3380 | 919.962.5106 | Accessibility

If you are seeing this, you are either using a non-graphical browser or Netscape 4.x (4.7, 4.8, etc.) and this page appears very plain. If you are using a 4.x version of Netscape, this site is fully functional but lacks styles and optimizations available in other browsers. For full functionality, please upgrade your browser to the latest version of Internet Explorer or Firefox.