CRISP Shared Services Interview: Discussion with General Counsel and Chief Privacy Officer Nichole Sweeney Regarding the HIE's Non-Profit Status
Nichole Sweeney Leads CRISP Shared Services in National Health Data Sharing Efforts
Nichole Sweeney, the General Counsel and Chief Privacy Officer at CRISP Shared Services (CSS), is at the forefront of a mission to facilitate secure and efficient health data sharing across multiple states. As a non-profit organization, CSS provides technology infrastructure and services to Health Information Exchanges (HIEs) nationwide.
In her role, Sweeney ensures compliance with health information privacy laws and governance policies for data sharing among healthcare entities. This includes patient consent and data governance issues, critical aspects of HIEs that Sweeney addresses in her presentations at events such as the Alaska HIE Summit in 2025.
CSS plays a pivotal role in enabling multiple state HIEs to interoperate, improving care coordination and outcomes by allowing healthcare providers to share patient data securely. The work of CSS has been instrumental in achieving critical national public health priorities established by federal agencies, including the CDC and Office of the National Coordinator for Health Information Technology.
Sweeney's background includes a decade at The MITRE Corporation, a federally funded research and development corporation, where she became department head of the health policy department. Prior to joining CSS three years ago, she served as vice president, general counsel, and chief privacy officer.
One of CSS's key goals is the establishment of a governance engine, a not-for-profit or public/private entity in each state that would allow for the governance of data at the state level as it enters and leaves the state. This would enable policymakers to understand the need for tight privacy controls that reflect the policies in each state.
CSS aspires to remain the go-to technology partner for HIEs across the country. By offering advice to other agencies and organizations, CSS aims to help build robust, secure, patient-centered HIEs that respect the data sharing frameworks in their jurisdictions and prioritize patient control over their health data.
Recently, CSS, in partnership with eHealth Exchange, helped engineer a custom portal that successfully demonstrated TEFCA utilization for the first public health use case. CSS was also selected by the CDC as one of three awardees under the new $255 million National Implementation Center Program to provide infrastructure and implementation services to public health agencies across the country.
Sweeney's work at CSS supports HIEs in over 10 jurisdictions, providing legal and policy advice for health information exchanges and health data utilities. She is proud of the relationship she has forged with privacy advocates, who were once considered potential opponents, and sees this as a significant milestone.
Sweeney is also proud of the work done in filtering and parsing data in the CRISP HIE to allow more restrictive data sharing for abortion data in Maryland, which is becoming a national model. She has also provided educational technical assistance for legislators in Maryland, giving them firm examples of how data parsing could work, resulting in legislation that allows data parsing to be implemented at a scalable level.
As of October 2024, CSS serviced 4,899 organizations and 63,303 users, who performed, on average, 1.4 million queries per month. Sweeney affirmed that CSS is use case-driven and policy-driven, building technology based on fixing problems and adhering to policy.
In summary, Sweeney's work at CSS is focused on legal oversight, privacy compliance, and data governance for HIEs, with the goal of establishing a governance engine and remaining a leading technology partner in the field of health data sharing.
In her role at CRISP Shared Services (CSS), Nichole Sweeney advocates for the application of science to improve medical-conditions and health-and-wellness by ensuring secure and efficient health data sharing among healthcare entities. This data sharing, facilitated by CSS, aids in addressing medical-conditions by allowing healthcare providers to make informed decisions based on accessible patient data.
The establishment of a governance engine, a key goal of CSS, aims to prioritize health-and-wellness by enabling policymakers to understand and implement tighter privacy controls on health data at the state level, reflecting each state's unique policies. This focus on governance and privacy is a critical aspect of CSS's mission to facilitate health data sharing while respecting patient control over their information.
