Drafted policies, notices, consent documents, and data processing agreements for compliance with the GDPR for various academic medical centers and health systems in relation to research, clinical and other activities.
Advised pharmaceutical company on all aspects of compliance with the European Union General Data Protection Regulation (GDPR), including gap analysis, policy and procedure development, and vendor and other third party contract revisions.
Investigated data breaches by hospitals and medical groups, drafted Health Insurance Portability and Accountability Act of 1996 (HIPAA) and state breach notifications, and negotiated settlements with the Office for Civil Rights.
Advised a health technology company on privacy and security compliance strategy for its behavioral health services website and mobile application.
Created HIPAA and Health Information Technology for Economic and Clinical Health Act policies and procedures for covered entities and business associates.
Assisted a client with all aspects of its initial certification of compliance with the European Union-United States Privacy Shield (Privacy Shield), advising its leadership on the benefits and risks of proceeding with Privacy Shield...
Worked on behalf of a client to effect statutory changes to a state law that would allow for the creation of one of the nation's first state-wide health information exchanges.