Experience
Health Information Exchange
Worked on behalf of a client to effect statutory changes to a state law that would allow for the creation of one of the nation's first state-wide health information exchanges.
Privacy/Security Compliance Strategy
Advised a health technology company on privacy and security compliance strategy for its behavioral health services website and mobile application.
Privacy Shield
Assisted a client with all aspects of its initial certification of compliance with the European Union-United States Privacy Shield (Privacy Shield), advising its leadership on the benefits and risks of proceeding with Privacy Shield certification, the privacy and security self-assessment required in order to proceed with Privacy Shield certification, drafting and revising relevant privacy and security policies, and the submission of the Privacy Shield application.
Data Breach Investigation
Investigated data breaches by hospitals and medical groups, drafted Health Insurance Portability and Accountability Act of 1996 (HIPAA) and state breach notifications, and negotiated settlements with the Office for Civil Rights.
HIPAA and HITECH
Created HIPAA and Health Information Technology for Economic and Clinical Health Act policies and procedures for covered entities and business associates.
European Union GDPR—Pharmaceutical Company
Advised pharmaceutical company on all aspects of compliance with the European Union General Data Protection Regulation (GDPR), including gap analysis, policy and procedure development, and vendor and other third party contract revisions.
European Union GDPR—Institution
Drafted policies, notices, consent documents, and data processing agreements for compliance with the GDPR for various academic medical centers and health systems in relation to research, clinical and other activities.