Courtney L. Litchfield

She | Her | Hers

Associate

Chicago
T +1.312.416.6236
F +1.312.416.6201

Overview

Courtney Litchfield’s attention to detail, knowledge of state and federal breach notification laws and dedication to client service make her a go-to associate for both her colleagues and organizations across the country. Day in and day out, Courtney works closely with clients through the life cycle of privacy and cybersecurity incidents, including prevention, preparedness and response.

Courtney’s practice is dedicated to counseling healthcare organizations, such as health systems, hospitals, insurance carriers and business associates. She works with clients on identifying, evaluating and managing first- and third-party data privacy and security risks; breach response and preparedness; and compliance with state, federal and international data protection laws. While Courtney leverages her extensive experience when assisting clients through an incident, she does not take a "one fits all" approach. Instead, she considers each client's unique circumstances, communities, organizational structures, business relationships and more to develop a response strategy that will best protect their reputation and reduce regulatory scrutiny, while still meeting legal and contractual requirements.

As a member of the Healthcare Privacy and Compliance team, Courtney has defended numerous regulatory investigations brought by the Department of Health and Human Services – Office for Civil Rights, attorneys general, departments of health and departments of insurance.

While Courtney focuses her practice on healthcare, she has counseled organizations from all industries, including multibillion-dollar technology companies, manufacturers, consulting firms, post-secondary education institutions and more. She also has experience representing companies and individuals in professional and general liability matters, as well as insurers and insureds in connection with coverage issues and resolution of coverage disputes.

Select Experience

  • Responded to breaches and mitigated data exposures involving phishing, ransomware, employee negligence, inadvertent disclosure, theft, vendor misconduct and other potential or actual security incidents.
  • Organizes and coordinates all aspects of breach response, including assisting clients with mitigation efforts, selecting vendors, managing and directing forensic investigations, and preparing the requisite notification communications such as individual notification, regulatory notification and media statements.
  • Regularly assists clients in preparing for, managing and responding to regulatory inquiries or investigations conducted by state attorneys general and HHS OCR, including reviewing internal policies and procedures, implementing corrective action plans, updating staff training materials and preparing formal responses to regulatory inquiries.
More »

Experience

  • Responded to breaches and mitigated data exposures involving phishing, ransomware, employee negligence, inadvertent disclosure, theft, vendor misconduct and other potential or actual security incidents.
  • Organizes and coordinates all aspects of breach response, including assisting clients with mitigation efforts, selecting vendors, managing and directing forensic investigations, and preparing the requisite notification communications such as individual notification, regulatory notification and media statements.
  • Regularly assists clients in preparing for, managing and responding to regulatory inquiries or investigations conducted by state attorneys general and HHS OCR, including reviewing internal policies and procedures, implementing corrective action plans, updating staff training materials and preparing formal responses to regulatory inquiries.
  • Advises large non-healthcare employers on HIPAA compliance for their employee group health plans, including policies and procedures, business associate relationships and managing, protecting and sharing employee information.
  • Assisted a federal law enforcement investigation on behalf of a hospital that resulted in the conviction and imprisonment of an internal bad actor.
  • Represented a wide variety of clients in commercial and general litigation matters, including suits alleging breach of contract, malpractice, personal injury, wrongful death and more. Advised insurers and insureds in connection with coverage issues and resolution of coverage disputes.

Recognitions and Memberships

Recognitions

  • Illinois Super Lawyers "Rising Star" (2020 to 2023)

Memberships

  • Illinois State Bar Association
  • Women's Bar Association of Illinois
  • International Association of Privacy Professionals

Community

  • Bartlett Lion's Club
  • Have Dreams

Emerging Issues

Admissions

  • Illinois

Education

  • J.D., Chicago-Kent College of Law, Illinois Institute of Technology, 2016
  • B.S., University of Illinois at Urbana-Champaign, 2013

Blog

In The Blogs

Previous Next
Data Counsel
2022 DSIR Report Deeper Dive: OCR's Right of Access Initiative
By Courtney L. Litchfield
October 7, 2022
In 2019, the U.S. Department of Health & Human Services, Office for Civil Rights (OCR) announced its Right of Access Initiative, promising to prioritize patients’ rights to receive timely copies of their medical records without being...
Read More ->
Data Counsel
OCR Provides Guidance on the Privacy of Data Stored on Health Apps and Mobile Devices
By Robyn M. Feldstein, Courtney L. Litchfield
July 15, 2022
In the wake of the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, many individuals and organizations have expressed uncertainty about the protection afforded to data stored on health apps, including cycle...
Read More ->
Data Counsel
OCR Announces Four Enforcement Actions
By Courtney L. Litchfield, Aleksandra Vold
April 20, 2022
On March 28, 2022, Health and Human Services, Office for Civil Rights (OCR) announced the resolution of four enforcement actions, three resolved in 2021 and one resolved in 2022. There are some interesting aspects of this group of covered...
Read More ->
Data Counsel
Ransomware, COVID-19 and Regulations: Healthcare Entities Confront a Triple Threat
By Vimala Devassy, Courtney L. Litchfield, Eric A. Packel
July 1, 2021
Given what the healthcare industry faced in 2020, the seventh edition of our Data Security Incident Response (DSIR) Report, “Disruption and Transformation,” is aptly titled. As if fighting the COVID-19 pandemic weren’t enough for the...
Read More ->