• Deven McGraw

    Healthcare Industry
    Download Contact (.vcf)

    Direct: 202.585.6552
    General: 202.585.6500
    Fax: 202.585.6600


    Georgetown University Law Center, L.L.M., Advocacy, 2002.


    Georgetown University Law Center, J.D., magna cum laude, 1995. Executive Editor, Georgetown Law Journal.


    Johns Hopkins School of Hygiene and Public Health, M.P.H., Public Health, Health Care Finance, 1993.


    University of Maryland, College Park, B.S. and B.A., Journalism, magna cum laude, English, 1986.

    • Profile
    • Representative Matters
    • Honors & Awards
    • Publications
    • Memberships & Activities
    • Speaking Engagements


    Deven McGraw is a partner in the healthcare practice of Manatt, Phelps & Phillips, LLP. She provides legal, regulatory and strategic policy and business counsel to healthcare providers, payers and other healthcare organizations with respect to the adoption and implementation of health IT and electronic health information exchange. Her areas of focus include HIPAA/privacy advice and compliance, data security, data governance, research and health data analytics, health IT policy, and patient engagement.

    Previously, Ms. McGraw was the Director of the Health Privacy Project at the Center for Democracy & Technology (CDT). In this role she led efforts to develop and promote workable privacy and security protections for electronic personal health information.

    Ms. McGraw’s background includes service on a number of committees established by the U.S. Department of Health and Human Services (HHS) and other workgroups to provide guidance on a wide array of health IT, privacy and security policy and business issues. She was one of three persons appointed by former HHS Secretary Kathleen Sebelius to serve on the Health Information Technology (HIT) Policy Committee, a federal advisory committee established in the American Recovery and Reinvestment Act of 2009. As a part of this committee, she serves on the Meaningful Use workgroup, chairs the Privacy and Security Tiger Team and is cochair of the Information Exchange workgroup.

    Ms. McGraw also served on two key workgroups of the American Health Information Community (AHIC), the federal advisory body established by HHS in the Bush Administration to develop recommendations on how to facilitate use of health information technology to improve health. Specifically, she cochaired the Confidentiality, Privacy and Security Workgroup and was a member of the Personalized Health Care Workgroup. Ms. McGraw also served on the Policy Steering Committee of the eHealth Initiative and currently serves on its Leadership Committee. She also serves on the Steering Committee of the Electronic Data Methods Forum and leads the privacy policy work for the Patient-Centered Outcomes Research Network.

    Prior to CDT, Ms. McGraw was the Chief Operating Officer at the National Partnership for Women & Families. Her responsibilities included providing strategic direction and oversight for all of the organization’s core program areas, including the promotion of initiatives to improve healthcare quality. Earlier in her career, Ms. McGraw was an associate in the public policy and healthcare groups of two international law firms. She also served as Deputy Legal Counsel to the Governor of Massachusetts and taught in the Federal Legislation Clinic at the Georgetown University Law Center.

    Representative Matters

    Honors & Awards

    Top 10 Influencer in Health Info Security 2013, Healthcare Info Security Media.


    Coauthor, “Business Associate Compliance With HIPAA: Findings From a Survey of Covered Entities and Business Associates,” Funded by the California HealthCare Foundation, October 2014. 

    Coauthor, “Confidentiality of Health Information in PHRs and Mobile Health Apps in California,” iHealthBeat, September 22, 2014.

    Coauthor, “Engaging Patients While Addressing Their Privacy Concerns: The Experience of Project HealthDesign,” Personal and Ubiquitous Computing, August 2014. 

    “Ethics, Regulation, and Comparative Effectiveness Research: Time for a Change,” Journal of the American Medical Association, April 16, 2014.

    “Building Public Trust in Uses of HIPAA De-Identified Data,” Journal of American Medical Informatics Association, June 2012.

    “Gov't Promotes Consistent Approaches to Consumer and Health Data Privacy,” iHealthBeat, May 24, 2012.

    “Paving the Regulatory Road to the ‘Learning Health Care System,’ ” Stanford Law Review, February 8, 2012.

    “Time for Action on Health Privacy,” iHealthBeat, January 9, 2012.

    “A Policy and Technology Framework for Using Clinical Data to Improve Quality,” Houston Journal of Health Law & Policy, 2012.

    “Lack of Genuine Privacy Interest Doomed Vermont Drug Marketing Law,” iHealthBeat, July 11, 2011.

    “Supreme Court Case on Rx Data Mining Requires Nuanced Understanding of Privacy,” iHealthBeat, April 19, 2011.

    Memberships & Activities

    Admitted to practice in the District of Columbia and the Commonwealth of Massachusetts.

    Chair, Privacy and Security Tiger Team; CoChair, Information Exchange Workgroup; and Member, Meaningful Use Workgroup, Health Information Technology (HIT) Policy Committee established in the American Recovery and Reinvestment Act of 2009, 2010-present.

    CoChair, Confidentiality, Privacy and Security Workgroup, and Member, Personalized Health Care Workgroup, of American Health Information Community, 2006-2008.

    Member, Leadership Committee, eHealth Initiative.

    Member, Steering Group, Markle Foundation’s Connecting for Health, 2008-2012.

    Member, Digital Health Council, World Economic Forum, 2011-present.

    Member, Advisory Board, Health Data Consortium, 2012-present.

    Speaking Engagements

    Speaker, “Meaningful ‘Re-use’ of Health Data—Confronting and Resolving the Policy and Ethical Issues,” New York eHealth Collaborative (NYeC) Digital Health Conference, New York, NY, November 17, 2014.

    Speaker, “Developments and Trends in Patient Privacy,” Health Information and Management Systems Society (HIMSS) 2014 Annual Conference, Orlando, FL, February 23-27, 2014.

    Speaker, “Protecting Patient Rights While Exchanging Data,” 2013 Health Data Exchange & Interoperability Summit, Washington, DC, October 30-31, 2013.

    Speaker, “Evolving Security of Electronic Patient Data,” RSA Conference, San Francisco, CA, February 25 – March 1, 2013.

    Speaker, Keynote Address, 21st National HIPAA Summit, Washington, DC, February 19-21, 2013.

    Speaker, “eHealth: Securing Patient Records,” RSA Conference, San Francisco, CA, February 27 – March 2, 2012.

    Speaker, “Protecting Patient Privacy in a Wireless, Networked World. What Are the Rules and to Whom Do They Apply?” California Healthcare Institute, La Jolla, CA, August 4, 2011.