Alumni Login

| Subscribe | Print

Services

Professionals

About Us

Offices

News/Resources

Diversity

Careers

Alumni

Services
Services

Advertising, Marketing and Digital Media

Antitrust and Competition

Bankruptcy and Restructuring

Business and Corporate

Class Action Defense

Commercial Litigation

Compliance

Corporate Governance

Digital Assets and Data Management

Employee Benefits

Employment Investigations

Environmental

Federal Policy

Foreign Corrupt Practices Act (FCPA)

Global Capabilities

Healthcare

Intellectual Property

International Trade and National Security

Labor and Employment

Litigation

Mergers and Acquisitions

OSHA Defense

Private Equity and Venture Capital

Private Wealth

Real Estate

Securities and Governance Litigation

Securities Offerings and Compliance

Tax

White Collar, Investigations and Securities Enforcement and Litigation

View More...
Industries

Aerospace and Defense

Communications Industry

Construction Industry

Distribution and Franchise

Energy Industry

Financial Services Industry

Healthcare Industry

Hospitality Industry

Investment Funds

Life Sciences

Software

Sports and Entertainment

Technology in Manufacturing

View More...
Emerging Issues

Artificial Intelligence (AI)

Blockchain Technologies and Digital Currencies

Business Restructuring Response Team

Contingent Workforce

Coronavirus (COVID-19) Resource Center

IncuBaker – Emerging Technologies

Internet of Things (IoT)

New Markets Tax Credit

U.S. Consumer Privacy and the CCPA

View More...
Professionals

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
About Us
Offices

Atlanta

Chicago

Cincinnati

Cleveland

Columbus

Costa Mesa

Dallas

Denver

Houston

Los Angeles

New York

Orlando

Philadelphia

San Francisco

Seattle

Washington, D.C.

Wilmington
Resources
- Overview
- News
- Press Releases
- Alerts
- Articles
- Events
- Podcasts
- Videos
- Blogs
- Subscribe
- Media Contacts
Diversity
Careers

Laterals

For experienced attorneys looking to build their practice through challenging and innovative work in a leading firm...

View More...

Law Students

Summer associates are welcome to attend all in-house training programs, which may include litigation luncheon series...

View More...

Other Professionals

Because our lawyers, and in many cases our clients, rely on BakerHostetler staff members for support...

View More...
Alumni

Healthcare Privacy and Compliance

Overview

Healthcare providers, insurers and employer-sponsored health plan administrators, as well as the business associates with whom they do business, are particularly vulnerable to data security incidents because of the highly sensitive protected health information they maintain, including Social Security numbers, insurance information, payment records and confidential medical information. In addition, healthcare businesses must deal with the extensive state and federal regulations that are unique to the industry, including the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).

Our diverse team has wide experience in counseling health systems, physician groups, insurers and employers across the country regarding risk assessments, developing comprehensive incident response plans, and responding in a timely and accurate manner to privacy and security incidents, from lost paper files and laptops to the largest cyber incident ever reported involving medical information. We aggressively defend our healthcare clients in investigations brought by the Office for Civil Rights (OCR) and state attorneys general following privacy and security incidents. We advise healthcare industry clients on HIPAA and state law compliance regarding privacy policies and procedures, release of medical information, and access to medical records issues.

We also advise healthcare clients on best practices for leveraging emerging technologies, managing data and structuring operations in compliance with relevant laws and regulations.

We are nationally recognized for our healthcare privacy litigation experience and have served as defense counsel in several of the largest data breaches in the healthcare industry. Our class action defense team has successfully represented major insurance businesses and health systems across the country, minimizing monetary and reputational damage and negotiating with state and federal regulators.

Representative Clients

Health systems.
Academic medical centers.
Healthcare providers.
Specialty treatment centers.
Long-term care facilities.
Schools, colleges and universities.
Health plans (self-funded and large insurers).
Healthcare technology providers.
Medical device manufacturers.

Select Experience

Led the incident response for approximately 50 percent of the largest healthcare data security incidents reported to date.
Successfully defended more than 500 investigations commenced by the Department of Health and Human Services Office for Civil Rights (OCR).
Negotiated more resolution agreements and corrective action plans with the OCR arising out of data security incidents than any other firm (more than 12 agreements negotiated and finalized).
Defended hundreds of investigations by attorneys general, including multi-state investigations, arising out of data security incidents.

Name	Title	Office	Email
Jessica Captain Novick Orlando +1.407.649.4025 Partner Jessica Captain Novick	Partner	Orlando	jcaptainnovick@bakerlaw.com
Kathryn Carey New York +1.212.589.4696 Associate Kathryn Carey	Associate	New York	kcarey@bakerlaw.com
Kathryn E. Childress Dallas +1.214.210.1134 Associate Kathryn E. Childress	Associate	Dallas	kchildress@bakerlaw.com
Payal P. Cramer Atlanta +1.404.256.8433 Counsel Payal P. Cramer	Counsel	Atlanta	pcramer@bakerlaw.com
Vimala Devassy Atlanta +1.404.256.8243 Counsel Vimala Devassy	Counsel	Atlanta	vdevassy@bakerlaw.com
Stefanie L. Ferrari Chicago +1.312.416.6229 Associate Stefanie L. Ferrari	Associate	Chicago	sferrari@bakerlaw.com
Amy E. Fouts Atlanta +1.404.256.8434 Partner Amy E. Fouts	Partner	Atlanta	afouts@bakerlaw.com
Alan L. Friel Los Angeles / Costa Mesa +1.310.442.8860 / +1.310.442.8860 Partner Alan L. Friel	Partner	Los Angeles	afriel@bakerlaw.com
Baylie M. Fry Atlanta +1.404.946.9304 Associate Baylie M. Fry	Associate	Atlanta	bfry@bakerlaw.com
Sara M. Goldstein Philadelphia +1 215.564.1572 Associate Sara M. Goldstein	Associate	Philadelphia	sgoldstein@bakerlaw.com
Kimberly C. Gordy Houston / Seattle +1.713.646.1360 / +1.206.566.7091 Associate Kimberly C. Gordy	Associate	Houston	kgordy@bakerlaw.com
Kyle R. Gregory Atlanta +1.404.459.4218 Associate Kyle R. Gregory	Associate	Atlanta	kgregory@bakerlaw.com
Patrick H. Haggerty Cincinnati +1.513.929.3412 Partner Patrick H. Haggerty	Partner	Cincinnati	phaggerty@bakerlaw.com
Mark Hatcher Columbus +1.614.462.4765 Partner Mark Hatcher	Partner	Columbus	mhatcher@bakerlaw.com
Steven C. Hiestand Columbus +1.614.462.4786 Staff Attorney Steven C. Hiestand	Staff Attorney	Columbus	shiestand@bakerlaw.com
Susan Whittaker Hughes Cleveland +1.216.861.7841 Partner Susan Whittaker Hughes	Partner	Cleveland	shughes@bakerlaw.com
Theodore J. Kobus III New York +1.212.271.1504 Partner Theodore J. Kobus III	Partner	New York	tkobus@bakerlaw.com
M. Scott Koller Los Angeles +1.310.979.8427 Partner M. Scott Koller	Partner	Los Angeles	mskoller@bakerlaw.com
Laurice Rutledge Lambert Atlanta +1.404.256.8417 Partner Laurice Rutledge Lambert	Partner	Atlanta	llambert@bakerlaw.com
Robin L. Larmer Seattle +1.206.332.1115 Counsel Robin L. Larmer	Counsel	Seattle	rlarmer@bakerlaw.com
Courtney L. Litchfield Chicago +1.312.416.6236 Associate Courtney L. Litchfield	Associate	Chicago	clitchfield@bakerlaw.com
Stephanie A. Lucas Los Angeles +1.310.442.8847 Associate Stephanie A. Lucas	Associate	Los Angeles	slucas@bakerlaw.com
Jennifer A. Mills Cleveland +1.216.861.7874 Partner Jennifer A. Mills	Partner	Cleveland	jmills@bakerlaw.com
Brian M. Murray Cleveland +1.216.861.7084 Partner Brian M. Murray	Partner	Cleveland	bmurray@bakerlaw.com
Eric A. Packel Philadelphia +1.215.564.3031 Partner Eric A. Packel	Partner	Philadelphia	epackel@bakerlaw.com
Alexandra Royal Atlanta +1.404.256.6688 Associate Alexandra Royal	Associate	Atlanta	aroyal@bakerlaw.com
Lynn Sessions Houston +1.713.646.1352 Partner Lynn Sessions	Partner	Houston	lsessions@bakerlaw.com
Aleksandra Vold Chicago +1.312.416.6249 Counsel Aleksandra Vold	Counsel	Chicago	avold@bakerlaw.com
Jennifer P. Whitton Atlanta +1.404.256.8426 Associate Jennifer P. Whitton	Associate	Atlanta	jwhitton@bakerlaw.com
Robert M. Wolin Houston +1.713.646.1327 Partner Robert M. Wolin	Partner	Houston	rwolin@bakerlaw.com
Kristen McDermott Woodrum Atlanta +1.404.256.6698 Partner Kristen McDermott Woodrum	Partner	Atlanta	kwoodrum@bakerlaw.com

Experience

Led the incident response for approximately 50 percent of the largest healthcare data security incidents reported to date.
Successfully defended more than 500 investigations commenced by the Department of Health and Human Services Office for Civil Rights (OCR).
Negotiated more resolution agreements and corrective action plans with the OCR arising out of data security incidents than any other firm (more than 12 agreements negotiated and finalized).
Defended hundreds of investigations by attorneys general, including multi-state investigations, arising out of data security incidents.
Negotiated numerous consent judgments and settlements with attorneys general, including some of the largest on record.
Defending a large public health system in a multi-state attorney general investigation. The matter arises out of a nation-state sponsored data security incident.
Advise health systems, physician groups, academic medical centers and long-term care facilities regarding all aspects of general privacy matters, including HIPAA compliance, the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other state privacy laws. Our team provides guidance on the HIPAA Privacy and Security Program, state law requirements, breach analysis, regulatory reporting, policies and procedures, and general privacy advice, including best practices for safeguarding individuals’ protected health information and other personally identifiable information,
Because of our privacy and regulatory expertise, clients often look to us to conduct privacy assessments. We conduct gap analyses; review policies and procedures to assess HIPAA compliance, state law compliance, policy and procedure comprehensiveness; provide training and education on privacy matters, privacy awareness and readiness within the organization; and review processes in business agreements, breach notification protocols and investigation procedures, among other privacy issues.
We represent healthcare clients in connection with HIPAA audits conducted by federal regulators. Since 2016, we have helped several diverse healthcare entities prepare for audits across the privacy, security and breach notification rules under HIPAA in anticipation that they would be chosen for an audit. When the audits were sent later that year, we worked with selected entities to respond to the HIPAA audits and OCR findings. Because of this experience, in June 2018 we began working with large health system in the Midwest in preparation for an expected onsite OCR audit. Our work in this area represents our strong command of HIPAA laws, policies and procedures, a practical understand of healthcare operations, as well as our strong working relationship with the OCR, which allows us to guide the client’s response in such a way that it demonstrates compliance while advocating for a practical approach to HIPAA at healthcare organizations.
We advise medical device manufacturers on their obligations as business associates and data owners on general privacy matters, including HIPAA compliance, GDPR, CCPA and state privacy laws. Our team provides guidance on the HIPAA Privacy and Security Program, state law requirements, breach analysis, regulatory reporting, policies and procedures, and general privacy advice, including best practices for safeguarding individuals’ protected health and other personally identifiable information. A recent secondment of our attorneys at a device manufacturer presented the team with a real-time look into the complex and volume of privacy issues that these entities face, and we were able to successfully support the client through these issues.
As privacy and data protection issues have moved into the boardroom, we find our team of attorneys being requested to attend board meetings at healthcare organizations to explain the regulatory and risk environment and to provide real-time advice on responding to high-stakes cybersecurity incidents. These presentations range from tabletop exercises and breach workshops, risk assessment advice and compliance strategy to crisis management and strategy during a large data breach. Our clients include some of the United States’ largest and most well-respected healthcare providers and health insurers.

Recognition

Chambers Global: Privacy & Data Protection (USA) (2014 to 2019)
Chambers USA: Nationwide Privacy & Data Security (2013 to 2019)
- Chambers USA Privacy and Data Security - Healthcare Spotlight Table (2018 to 2019)
- Chambers USA Award: “Privacy & Data Security Team of the Year” finalist (2015, 2017)
Chambers Fintech: Legal – USA (2018 to 2019)
The Legal 500 United States (2016 to 2019)
- Media, Technology and Telecoms: Data Privacy and Data Protection, Tier 1
- Media, Technology and Telecoms: Cyber Law, Tier 2
Law360: Privacy "Practice Group of the Year" (2013 to 2015, 2018)
Recognized as one of the top law firms for client service, BakerHostetler was named to the 2020 BTI Client Service 30 for the sixth consecutive year.

News

Press Releases

Publications

Alerts

Related Services

Key Contacts

Lynn Sessions lsessions@bakerlaw.com T +1.713.646.1352

Blog

In The Blogs

Previous Next

Data Counsel

Welcome to Data Counsel

By Theodore J. Kobus III

June 14, 2020

Dear Friends, In January, we announced the creation of the firm’s 6th practice group—Digital Assets and Data Management. Since September 2010, members of our group have been covering privacy and security topics through our Data Privacy...

Read More ->

Data Counsel

DSIR Deeper Dive: Regulatory Investigation Landscape

By Kimberly C. Gordy, Patrick H. Haggerty, Lynn Sessions

May 26, 2020

HIPAA-covered entity and business associate breaches continue to draw attention from the Office for Civil Rights (OCR) and other regulators. In almost every HIPAA incident we handled in 2019 involving more than 500 individuals, OCR issued...

Read More ->

Data Counsel

Sixth Annual Data Security Incident Response Report Released – Managing Enterprise Risks and Leveraging Data in a Digital World

By Theodore J. Kobus III

April 30, 2020

We are excited to present our sixth Data Security Incident Response Report (DSIR). We hope this issue finds you safe and healthy while working from home (WFH). Each year, we talk about last year’s trends and where we think the current year...

Read More ->

Data Counsel

Due to the COVID-19 Pandemic, HHS Eases Restrictions on the Use and Disclosure of PHI by Business Associates

By Eric A. Packel

April 3, 2020

The COVID-19 public health emergency already has caused the U.S. Health and Human Services (HHS) Office for Civil Rights to announce various enforcement changes and waivers. On April 2, HHS issued another notification of enforcement...

Read More ->

Data Counsel

CARES Act Significantly Revises Part 2 Rules to Better Align with HIPAA

By Vimala Devassy, Kyle R. Gregory

April 2, 2020

On March 27, 2020, President Trump signed the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”) into law. While the focus of the CARES Act has been on direct financial aid to Americans, the Act also contains a number of...

Read More ->

Healthcare Privacy and Compliance

Overview

Representative Clients

Select Experience

Professionals

Experience

Recognition

News

News

Press Releases

Publications

Alerts

Blog Posts

Related Services

Key Contacts

Blog

In The Blogs

Services

Find Professionals

Offices

About Us

Careers

Firm Diversity