Data Privacy & Ethics
Written by: CDO Magazine Bureau
Updated 12:30 PM UTC, Thu July 3, 2025
Phreesia is a leader in healthcare technology, offering a platform that streamlines patient intake and helps organizations automate administrative workflows — from check-in to post-visit outreach. Serving a wide network of providers, Phreesia supports over 100 million patient visits annually, making it a major player in patient engagement and healthcare access.
The part 1 of this three-part series, Melissa Mitchell, Chief Privacy Officer at Phreesia, discussed how the company approaches privacy amid shifting regulations, emphasizing the value of clear and transparent communication. Part 2 explored how real-time data empowers patients and builds trust in a complex healthcare ecosystem.
In the final installment of this three-part series, Melissa Mitchell, Chief Privacy Officer at Phreesia, joins Todd Foley, Chief Information Security Officer at Lydonia Technologies, to explore how patient trust, communication, and privacy practices intersect in healthcare. Mitchell reflects on how Phreesia takes patient feedback seriously, sometimes responding to questions personally, and how those interactions help shape both the product interface and privacy communications.
The conversation also unpacks why patients are increasingly willing to share their health data, how targeted outreach like flu shot reminders and screening awareness can drive better outcomes, and what an ideal future for privacy regulation could look like, one that is aligned with what patients actually want and expect.
Edited Excerpts:
Q: You mentioned that Phreesia regularly receives patient feedback—and that sometimes you personally respond. How do you use that feedback to shape the platform and your privacy practices?
We read it, share it with our product team, and use it to improve the user experience—whether that means updating the interface or rewording something to make it clearer.
If patients are reading our FAQs, privacy page, or writing in, we try to explain things in a way that’s simple and relatable. When we land on an explanation that clicks, where someone says, “Oh, now I get it,” we keep using that language elsewhere.
We’ve made this a part of our privacy team’s day-to-day. We’re proactive in explaining our business model, but also responsive when people reach out. That feedback loop has been really valuable.
Q: And that kind of responsiveness helps build trust too?
Absolutely. People are often surprised to get a real answer from a real person, not just something canned.
We reuse explanations that work, but we also personalize our responses. If someone takes the time to write in, we take the time to write back and ask if we’ve answered their question or if they need more help. It’s time-consuming but it matters, and it helps people understand what we’re trying to do.
Q: Why do you think patients are willing to share their data? You mentioned convenience, like when traveling, people want personalized recommendations. What’s driving that willingness in healthcare?
I don’t think people always see healthcare as a space where they have options. In other areas like shopping or ride-sharing, we’re used to choice. Healthcare often feels more limited.
Our tools try to open that up. Maybe someone’s newly diagnosed and doesn’t know all their therapy options. Or maybe they’re in a new age bracket and should consider certain screenings. We help surface those possibilities.
We’ve done campaigns on things like Alzheimer’s, breast cancer, sunscreen awareness, and flu shots. I recently checked in using Phreesia myself, and the system reminded me about the flu vaccine, something I hadn’t thought about. It was a helpful nudge.
Q: Can you give more detail on how those campaigns work, like for flu shots or screenings?
Some are seasonal, like flu shot reminders. Others are more condition-specific, like introducing a new therapy option.
We sometimes work with nonprofits, government agencies, or health institutes to get the word out on topics that matter to specific communities. The idea is to get the right information to the right people at the right time.
Q: Looking ahead, what’s your vision for where privacy regulations are headed?
I think everyone involved, privacy teams, organizations, and patients, want the same thing: clarity, simplicity, and alignment with expectations.
When I worked at hospitals, HIPAA was top of mind, and rightly so. But even while checking all the boxes, I’d ask: Are we meeting patient expectations? That mindset has stuck with me.
Now in healthcare tech, things are more dynamic but I still come back to the same idea. If we stay focused on what patients want and expect, and make it easy to understand, that serves everyone.
And honestly, I think that’s where things are going. If you look closely at recent regulations, the message is clear: make sure people understand what’s happening and what choices they have. That’s the future I’m hoping for– simpler, more aligned with what individuals want.
CDO Magazine appreciates Melissa Mitchell for sharing her insights with our global community.