As the healthcare industry continues its rapid digital transformation, the intersection of privacy, personalization, and patient trust has never been more critical. In this second installment of our three-part series, Melissa Mitchell, Chief Privacy Officer at Phreesia, speaks with Todd Foley, CISO at Lydonia, about the evolving landscape of data governance and patient engagement.

Phreesia, a leading patient intake and engagement platform, touches over 170 million patient visits annually across the U.S. healthcare system. From streamlining check-ins to delivering targeted health content, the company plays a pivotal role in how patients interact with providers and, more importantly, how they make informed choices about their health data.

In this conversation, Mitchell explores how privacy is not just a compliance requirement but a foundation for trust and personalization. She reflects on emerging state laws, the practical implications of HIPAA, and why empowering patients with choice is key to both ethical data use and more proactive care. Whether it’s nudging patients with timely, relevant information or helping them arrive better prepared for appointments, Phreesia’s model underscores the value of responsible data use in enhancing outcomes.

Edited Excerpts

Q: As someone deeply involved in privacy and patient engagement, how do you see this space evolving in the next few years? Where do you think it’s headed?

The nature of being in healthcare is that HIPAA applies to many of the different entities involved in this space. So while we’ve been compliant with HIPAA throughout our entire journey, that compliance has also pushed us to think more deeply about the foundation of HIPAA itself.

And that brings me back to our North Star – why did we have HIPAA in the first place? And why are these emerging state laws now coming into play? While they’re all different, they’re still tied to a common thread: Do people really understand what’s happening with their data? Is it being appropriately safeguarded? And are they being given a choice in situations where we believe choice should be allowed or required?

It may look like this journey has gone up and down or all over the place, but I still see it as part of a larger trajectory, one that’s moving us closer to what people expect in terms of choice and control around their data. At the same time, we’re trying to harness the incredible power that data holds.

Some people really want to do that – they want their data to be used in specific ways. Others don’t. For example, I love to travel. I’m someone who plans everything in advance – I research, I read reviews, I sign up for things. I check the boxes that allow companies to use my data to track my preferences and offer me suggestions because I find that convenient and valuable.

But not everyone wants that. Some people don’t like the added noise or don’t find that kind of data use helpful.

So we’re all, every day, making these trade-offs. What’s important to understand is that people making these choices are probably thinking about at least two things: Do I trust this company to do the right thing with my data? And if I do, is it valuable enough to me to share it? Because if it’s not valuable, then it doesn’t matter how much they trust you, they still may not want to engage.

We believe what we offer is very valuable. We’ve done the hard work to earn people’s trust. That kind of thinking, I believe, is what sets us apart. But I also think there will be many more players entering this space. And if we’re all thinking that way about trust, value, and respecting choice, we’ll be well-positioned to harness the power of data in the right way.

Q: And how can building patient trust lead to more personalized healthcare?

We’re in a really unique position to do exactly that. When users opt-in to our platform for personalized messaging, we’re able to deliver highly relevant, high-quality information right at the moments when patients need it most. That could be just before they speak with their provider or when they’re dealing with a specific issue in their healthcare journey.

That’s how we see people engaging with our platform and finding value in it. From there, it becomes a question of how we build trust and help people understand what we believe is the true power behind that data.

Many healthcare challenges today rely on patients being more informed and active in their care. How does Phreesia support that kind of patient engagement, especially when someone opts into your platform before even visiting a provider?

The type of powerful data that we’re sitting on lets us say to a person, “If you opt into this, we have a message that might be very relevant to where you are.” And that, in turn, allows them to come to their next appointment with questions, ideas, or even thoughts like, “Maybe I should be trying this potential therapy instead of the one I’ve been using.” It really gives people a more active role in their care because it exposes them to data and potential choices along their healthcare journey.

CDO Magazine appreciates Melissa Mitchell for sharing her insights with our global community.