Health Information Exchange

Worked on behalf of a client to effect statutory changes to a state law that would allow for the creation of one of the nation's first state-wide health information exchanges.

Privacy/Security Compliance Strategy

Advised a health technology company on privacy and security compliance strategy for its behavioral health services website and mobile application.

Privacy Shield

Assisted a client with all aspects of its initial certification of compliance with the European Union-United States Privacy Shield (Privacy Shield), advising its leadership on the benefits and risks of proceeding with Privacy Shield certification, the privacy and security self-assessment required in order to proceed with Privacy Shield certification, drafting and revising relevant privacy and security policies, and the submission of the Privacy Shield application.

Data Breach Investigation

Investigated data breaches by hospitals and medical groups, drafted Health Insurance Portability and Accountability Act of 1996 (HIPAA) and state breach notifications, and negotiated settlements with the Office for Civil Rights.


Created HIPAA and Health Information Technology for Economic and Clinical Health Act policies and procedures for covered entities and business associates.

European Union GDPR—Pharmaceutical Company

Advised pharmaceutical company on all aspects of compliance with the European Union General Data Protection Regulation (GDPR), including gap analysis, policy and procedure development, and vendor and other third party contract revisions.

European Union GDPR—Institution

Drafted policies, notices, consent documents, and data processing agreements for compliance with the GDPR for various academic medical centers and health systems in relation to research, clinical and other activities.