Aleksandra Vold

She | Her | Hers

Partner

Chicago
T +1.312.416.6249
F +1.312.416.6201

Overview

Recognized as one of the 40 best Incident Response attorneys in 2021 and 2022, Aleksandra Vold's ability to weave together each of her clients’ unique concerns and personalities with her tactical, common sense approach has earned the trust of some of the nation's top healthcare organizations.

Aleksandra's practice is devoted to healthcare, and she has assisted hundreds of healthcare organizations and business associates through privacy and data security incidents, regulatory inquiries and complex Health Insurance Portability and Accountability Act (HIPAA) compliance issues.

Incident Response

When a privacy and/or security incident occurs, Aleksandra takes an arms-linked approach with clients, coordinating a skilled team - including forensic, public relations and negotiations professionals - to quickly help contain the incident, reduce public and regulatory scrutiny, guide investigations and protect the clients’ reputations.

Regulatory Investigations

Whether received in the aftermath of significant incidents or as a result of a complaint, regulatory investigations of healthcare entities and business associates carry significant risk. Clients have entrusted Aleksandra with coordinating the internal investigation for and responding to hundreds of regulatory inquiries conducted by federal and state regulators. Aleksandra’s early-career litigation experience has made her an incredibly effective oral advocate when presenting to regulators, and honed her ability to gracefully work with regulators on difficult points of contention.

Proactive HIPAA Compliance

Aleksandra is a sought-after business partner for privacy and compliance issues. Clients appreciate her ability to leverage her wealth of regulatory and client experiences to help the client find solutions that are bespoke to their organization and particular challenge.

Aleksandra is the firm’s Chicago Digital Assets and Data Management Leader.

Aleksandra brings a strategic advantage to the defense of class action litigation, having started her legal career as a plaintiffs’ attorney focusing on consumer data privacy class actions. Her strengths in cybersecurity are bolstered by her representation of startups and closely held technology companies in a variety of commercial disputes.

Select Experience

  • Handled data breaches ranging from a single record loss to 500 million records lost with multi-national notification requirements, and attacks ranging from drive-by ransomware injections to pervasive network compromises by international hacking groups, which led to personal and company extortion attempts.
  • Counsels some of the nation's largest and most prestigious healthcare organizations on HIPAA Privacy Rule and Security Rule compliance.
  • Coordinates all aspects of data security incident response, from intake and vendor selection (forensics, PR and notification), to supervising and directing forensic investigations and designing public disclosure content and strategy.
More »

Experience

  • Handled data breaches ranging from a single record loss to 500 million records lost with multi-national notification requirements, and attacks ranging from drive-by ransomware injections to pervasive network compromises by international hacking groups, which led to personal and company extortion attempts.
  • Counsels some of the nation's largest and most prestigious healthcare organizations on HIPAA Privacy Rule and Security Rule compliance.
  • Coordinates all aspects of data security incident response, from intake and vendor selection (forensics, PR and notification), to supervising and directing forensic investigations and designing public disclosure content and strategy.
  • Assisted federal law enforcement investigations for two separate hospitals that resulted in the conviction and imprisonment of internal bad actors.
  • Assists in management, investigation and response related to regulatory inquiries from state attorneys general, state regulators and HHS OCR. Coordinates and participates in clients’ internal investigations, document and policy reviews, and drafts formal responses to regulatory inquiries.
  • Works with clients to understand system posture and regulatory environment to counsel on best practices, regulatory requirements and industry standards. Drafts and revises policies and procedures related to privacy, Incident Response Plans, Information Governance policies and Data Mapping initiatives to mitigate cyber risks. Counsels companies in various industries on website best practices, as well as international and domestic requirements for terms of use, and privacy policies.
  • Counsels both acquiring/investing and target companies on the scope of due diligence requests and responses related to data privacy and data security reps and warranties.

Recognitions and Memberships

Recognitions

  • Cybersecurity Docket Incident Response 40 (2021 to 2022)
  • Illinois Super Lawyers "Rising Star" (2013 to 2022)

Memberships

  • American Health Lawyers Association
  • American Bar Association

Prior Positions

  • Columbia College: Adjunct Professor of Law (2010 to 2012)

Admissions

  • U.S. District Court, Northern District of Illinois
  • U.S. Court of Appeals, Seventh Circuit
  • Illinois

Education

  • J.D., John Marshall Law School, 2010; John Marshall Review of Intellectual Property, Staff Editor; CALI Award: Protecting Intellectual Property in a Global/Digital Environment
  • B.A., Columbia College, 2006, cum laude

Blog

In The Blogs

Previous Next
Data Counsel
‘Unboxing' the New NIST Guidance: NIST Publishes Significant Update to Healthcare Cybersecurity Guide
By Adam I. Cohen, Kimberly C. Gordy, Aleksandra Vold
August 5, 2022
Without question, healthcare providers and the companies that support them operate in an elevated cybersecurity risk environment. And when a cybersecurity incident occurs, the ensuing regulatory inquiries and/or litigation often focus on...
Read More ->
Data Counsel
HHS OCR Guidance to 60,000 Retail Pharmacies: Refusal to Fill Rx Based on Potential Pregnancy Termination Concerns Is a Civil Rights Violation, Will Be Investigated
By Kimberly C. Gordy, Aleksandra Vold
July 18, 2022
On July 13, the Department of Health & Human Services (HHS) Office for Civil Rights (OCR) issued guidance to retail pharmacies that refusing to dispense a prescribed medication or making a determination on the suitability of that...
Read More ->
Data Counsel
Dobbs Triggers Significant Healthcare and Privacy Law Concerns and Confusion
By Amy E. Fouts, Aleksandra Vold
July 1, 2022
To help guide entities through the significant confusion and changes that will be evolving for the next several years, BakerHostetler has assembled the Dobbs Decision Task Force (DDTF), led by attorneys in five major areas...
Read More ->
Data Counsel
Office for Civil Rights Provides HIPAA Privacy Rule on Disclosures of Information Relating to Reproductive Healthcare
By Aleksandra Vold
July 1, 2022
On June 29, in response to the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, the U.S. Department of Health & Human Services Office for Civil Rights (HHS OCR) issued guidance on when entities covered by the...
Read More ->
Data Counsel
OCR Announces Four Enforcement Actions
By Courtney L. Litchfield, Aleksandra Vold
April 20, 2022
On March 28, 2022, Health and Human Services, Office for Civil Rights (OCR) announced the resolution of four enforcement actions, three resolved in 2021 and one resolved in 2022. There are some interesting aspects of this group of covered...
Read More ->