Rebecca Fayed – R1 RCM

Rebecca Fayed was an early expert on healthcare data privacy. As she was writing her master’s thesis on genetic privacy in 1998, the Health Insurance Portability and Accountability Act—which generally prohibits healthcare organizations from using or disclosing patient information without the patient’s authorization—had recently become law, but its regulations had not yet been enacted.

“I went on to law school with a very focused course of study, knowing that I wanted to come out being a health regulatory lawyer,” Fayed says.

She’s now senior vice president of data protection and chief privacy officer for R1 RCM, a revenue cycle management company serving healthcare providers.

Rebecca Fayed | Senior Vice President, Data Protection & Chief Privacy Officer | R1 RCM

“What sets us apart is that we’re good stewards of data, but my team does that through being good business partners with company leaders,” she says. “So, they go hand-in-hand.”

On a daily basis, Fayed solves legal and compliance problems to help the company reach its goals. Sometimes, she says, she must tell people, “We can’t do that today,” which often elicits a laugh and questions about when they can. Fayed will then lay out the roadmap of how to get there.

Each business or operational partner who knocks on her door is a little different from the last, she says, so it’s important to know her audience, and how to get them to tell her the whole story. When she has all the details about a given hurdle, she can help overcome it.

Reshaping the privacy program

When she joined R1 as its chief privacy officer, her primary task was to reshape the company’s privacy program.

She and her team first created a data incident response program to ensure that R1 would have the structure in place to investigate incidents, mitigate potential harm and implement corrective actions—both from an operational compliance standpoint and from a sanctions standpoint. She also solidified a process for notifying any impacted customers.

“We built that program into a very detailed, well-oiled machine that is still running today,” Fayed says. “It was also about understanding what the company’s strategies were around data use.”

From there, they asked themselves what a best-in-class privacy compliance program should look like. Their answer required them to build relationships with business owners within the company and discuss which challenges made it harder to do business.

“Let us help you. Let’s figure out what your road map looks like for the next six months to a year,” Fayed says her team told the business side. “How can we help you get to where you want to be consistent with applicable law?”

This combination of reactive and proactive strategies was “fabulous,” Fayed says, because they improved operational guidelines to help R1 better cater to its customers while protecting patient data.

Doing data analytics right

Within R1 RCM, there is a data analytics group that works with customers to determine how to use and analyze their data to best serve the customer’s patients. The group, which includes members from the recently acquired company Cloudmed, works with Fayed to use the data compliantly and apply findings to customers’ revenue cycle management.

“We can say, ‘Hey, look, you asked us to help you with your revenue cycle management. And some of the things we’re able to see in the data suggest that you might be able to serve your patients better this way,’” Fayed says. “And they love that.”

For example, she helps her data analytics colleagues so they can suggest improvements to obtaining reimbursement for services. They can help hospitals collect on bills and can work with patients to find better financial options for payment.

“The outcome is better patient service because of a tailored approach,” Fayed says. “It furthers our mission to make healthcare simpler for patients.”

Becoming a healthcare privacy pro

While studying biology at Boston College, Fayed had planned to go into medicine, but a life-changing course, “Law, Medicine and Ethics,” in her senior year prompted her to take the LSAT on a whim. She did better on the LSAT than she had been doing on her practice MCATs, so she dropped out of the medical school application process and began thinking seriously about a legal career.

After earning her master’s in public health from Boston University in 1998, she got her J.D. from George Washington University Law School in 2001. Her first law job was as an attorney at Epstein Becker & Green, where she practiced health law, ranging from healthcare fraud and abuse to antitrust and privacy concerns. She joined the firm’s newly formed healthcare privacy team and helped clients build privacy compliance programs from scratch.

In 2006, she joined SNR Denton (now Dentons), working with health care clients on health regulatory and privacy issues. This included helping them understand their obligations in the event of data privacy breaches and helping with data security risk assessments.

In 2011, she joined The Advisory Board Company as associate general counsel responsible for health regulatory issues and as the privacy officer where she built the company’s privacy compliance program. After the Advisory Board Company was acquired by a larger company, Fayed joined R1 in 2018, where she’s risen from vice president of data and information privacy and health regulatory counsel to her current role.

Fayed believes she has been successful because of the relationships she’s built with her business partners.

“Doing things the right way doesn’t mean you have to be the lawyer that says ‘no’,” she says. “You can be the lawyer that says ‘not yet’ as long as you have a plan to get to yes.”

View this feature in the Vanguard Spring II 2023 Edition here.