Kimberly C. Gordy

She | Her | Hers

Partner

Houston
T +1.713.646.1360
F +1.713.751.1717
Seattle
T +1.206.566.7091
F +1.206.624.7317

Overview

As the Houston Digital Assets and Data Management Leader and member of the Healthcare Privacy and Compliance team, Kimberly counsels clients across the healthcare space on cybersecurity breach response, regulatory defense, and state and federal privacy compliance. She has handled hundreds of privacy and data security incidents, ranging from sophisticated ransomware to employee theft, and approaches each matter with thoughtful nuance and an appreciation of the client’s unique operational needs.

Kimberly guides clients through the initial response, forensic investigation and fulfillment of regulatory obligations, as well as defense related to inquiries from state attorneys general and federal regulators. She has extensive experience advising long-term care clients on the intersection between HIPAA and state privacy law and maintains a special interest in working with healthcare organizations in Indian Country on matters related to the exercise of tribal sovereignty and healthcare compliance. Her work on patient consent is published in the Yale Journal of Health Policy, Law, and Ethics, and she is a frequent speaker on privacy related matters.

Prior to entering private practice, Kimberly served as law clerk to the Honorable George C. Hanks, Jr., and the Honorable Mary Milloy for the Southern District of Texas.

Select Experience

  • Handled data breaches ranging from a single record loss to five million plus records lost with multi-national notification requirements, and attacks ranging from business email compromises to pervasive network compromises by international hacking groups, leading to personal and company extortion attempts.
  • Advised long-term care providers on matters related to federal and state privacy law, Fair Housing Act compliance, ethical and policy issues related to resident autonomy and employment issues.
  • Counseled Native American governments and healthcare organizations on incident response, compliance and policy development.
More »

Experience

  • Handled data breaches ranging from a single record loss to five million plus records lost with multi-national notification requirements, and attacks ranging from business email compromises to pervasive network compromises by international hacking groups, leading to personal and company extortion attempts.
  • Advised long-term care providers on matters related to federal and state privacy law, Fair Housing Act compliance, ethical and policy issues related to resident autonomy and employment issues.
  • Counseled Native American governments and healthcare organizations on incident response, compliance and policy development.
  • Routinely prepares policies and procedures related to privacy, Incident Response Plans, Information Governance policies and communications as part of an overall risk mitigation strategy.
  • Worked with emerging companies and tech start-ups on HIPAA applicability, the role of a business associate and mobile technology related issues.
  • Advises healthcare clients on privacy considerations unique to oncology, mental health, pediatrics and clinical research.
  • Assists clients in post-breach investigations from the United States Department of Health and Human Services Office for Civil Rights, state attorneys general and other regulators arising from large and small data security incidents.

Recognitions and Memberships

Memberships

  • American Health Lawyers Association
  • American Bar Association: Health Law Section
    • Membership Committee: Vice Chair (2016 to 2018)
  • Washington State Society of Healthcare Attorneys

Community

  • Tiny Trees Preschool: Board of Directors (2018 to present)
  • The Immunization Partnership: Board of Directors (2016 to present)
  • Junior League of Seattle (2016 to present)
    • Project Development: Vice Chair (2017 to 2018)
  • Texas Children's Hospital
    • Clinical Ethics Committee (2010 to 2020; emeritus member: 2021)

Pro Bono

  • Northwest Immigrant Rights Project
  • Tahirih Justice Center: Featured Pro Bono Attorney (2016)

Industries

Emerging Issues

Prior Positions

  • The Honorable Mary Milloy, U.S. District Court for the Southern District of Texas, Houston Division: Law Clerk (2013 to 2014)
  • The Honorable George C. Hanks, Jr., U.S. District Court for the Southern District of Texas, Houston Division: Law Clerk (2012 to 2013)

Admissions

  • Texas
  • Washington

Education

  • M.A., Health Policy & Clinical Ethics, The University of Texas Medical Branch, 2012
  • J.D., University of Houston Law Center, 2010; Houston Journal of International Law, Editor-in-Chief
  • B.S., Texas A&M University, 2007, magna cum laude

Blog

In The Blogs

Previous Next
Data Counsel
OCR releases YouTube Addressing "Recognized Security Practices" in HIPAA Enforcement Context
By Adam I. Cohen, Kimberly C. Gordy, Craig A. Robinson
November 14, 2022
As a Halloween treat for HIPAA-covered entities and business associates, on October 31, the Department of Health and Human Services Office for Civil Rights (OCR) released a new video on its YouTube channel, in which senior OCR...
Read More ->
Data Counsel
‘Unboxing' the New NIST Guidance: NIST Publishes Significant Update to Healthcare Cybersecurity Guide
By Adam I. Cohen, Kimberly C. Gordy, Aleksandra Vold
August 5, 2022
Without question, healthcare providers and the companies that support them operate in an elevated cybersecurity risk environment. And when a cybersecurity incident occurs, the ensuing regulatory inquiries and/or litigation often focus on...
Read More ->
Data Counsel
HHS OCR Guidance to 60,000 Retail Pharmacies: Refusal to Fill Rx Based on Potential Pregnancy Termination Concerns Is a Civil Rights Violation, Will Be Investigated
By Kimberly C. Gordy, Aleksandra Vold
July 18, 2022
On July 13, the Department of Health & Human Services (HHS) Office for Civil Rights (OCR) issued guidance to retail pharmacies that refusing to dispense a prescribed medication or making a determination on the suitability of that...
Read More ->
Data Counsel
The Room Where It Happens: The Autonomy of the Hospital Ethics Committees Post-Dobbs
By Kimberly C. Gordy
July 14, 2022
Since the issuance of the Dobbs decision, there’s been significant discussion by lawyers, philosophers, healthcare providers and political leaders. The ruling has created uncertainty and confusion for those working in the healthcare space...
Read More ->
Data Counsel
Sounding the Alarm: New Federal Law Will Mandate the Reporting of Cybersecurity Incidents Involving Critical Infrastructure – What Companies Need to do now to be Prepared
By Sara M. Goldstein, Kimberly C. Gordy, Thomas I. Moran II
March 18, 2022
In response to increased and persistent cybersecurity threats to American infrastructure, Congress passed the Strengthening American Cybersecurity Act (SACA), which President Joe Biden signed into law on March 15. SACA is likely the first...
Read More ->