Kimberly C. Gordy

She | Her | Hers

Associate

Houston
T +1.713.646.1360
F +1.713.751.1717
Seattle
T +1.206.566.7091
F +1.206.624.7317

Overview

Kimberly Gordy approaches healthcare privacy with thoughtful nuance and an appreciation of the industry’s unique operational needs. As a member of the Healthcare Privacy and Compliance team, Kimberly counsels clients on a range of privacy and data security issues, including cybersecurity breach response, regulatory defense and Health Insurance Portability and Accountability Act (HIPAA) compliance. She has handled hundreds of healthcare breaches, ranging from complex ransomware attacks to employee snooping and data theft. Kimberly guides clients through the initial response, forensic investigation and fulfillment of regulatory obligations, as well as defense related to inquiries from state attorneys general and federal regulators.

Kimberly works with clients across the healthcare space. She has extensive experience advising long-term care clients on the intersection between HIPAA and state privacy law and maintains a special interest in working with healthcare organizations in Indian Country on matters related to the exercise of tribal sovereignty and healthcare compliance. Her work on patient consent is published in the Yale Journal of Health Policy, Law, and Ethics, and she is a frequent speaker on privacy related matters. Prior to entering private practice, Kimberly served as law clerk to the Honorable George C. Hanks, Jr., and the Honorable Mary Milloy for the Southern District of Texas.

Select Experience

  • Handled data breaches ranging from a single record loss to five million plus records lost with multi-national notification requirements, and attacks ranging from business email compromises to pervasive network compromises by international hacking groups, leading to personal and company extortion attempts.
  • Advised long-term care providers on matters related to federal and state privacy law, Fair Housing Act compliance, ethical and policy issues related to resident autonomy and employment issues.
  • Counseled Native American governments and healthcare organizations on incident response, compliance and policy development.
More »

Experience

  • Handled data breaches ranging from a single record loss to five million plus records lost with multi-national notification requirements, and attacks ranging from business email compromises to pervasive network compromises by international hacking groups, leading to personal and company extortion attempts.
  • Advised long-term care providers on matters related to federal and state privacy law, Fair Housing Act compliance, ethical and policy issues related to resident autonomy and employment issues.
  • Counseled Native American governments and healthcare organizations on incident response, compliance and policy development.
  • Routinely prepares policies and procedures related to privacy, Incident Response Plans, Information Governance policies and communications as part of an overall risk mitigation strategy.
  • Worked with emerging companies and tech start-ups on HIPAA applicability, the role of a business associate and mobile technology related issues.
  • Advises healthcare clients on privacy considerations unique to oncology, mental health, pediatrics and clinical research.
  • Assists clients in post-breach investigations from the United States Department of Health and Human Services Office for Civil Rights, state attorneys general and other regulators arising from large and small data security incidents.

Recognitions and Memberships

Memberships

  • American Health Lawyers Association
  • American Bar Association: Health Law Section
    • Membership Committee: Vice Chair (2016 to 2018)
  • Washington State Society of Healthcare Attorneys

Community

  • Tiny Trees Preschool: Board of Directors (2018 to present)
  • The Immunization Partnership: Board of Directors (2016 to present)
  • Junior League of Seattle (2016 to present)
    • Project Development: Vice Chair (2017 to 2018)
  • Texas Children's Hospital
    • Clinical Ethics Committee (2010 to 2020; emeritus member: 2021)

Pro Bono

  • Northwest Immigrant Rights Project
  • Tahirih Justice Center: Featured Pro Bono Attorney (2016)

Industries

Prior Positions

  • The Honorable Mary Milloy, U.S. District Court for the Southern District of Texas, Houston Division: Law Clerk (2013 to 2014)
  • The Honorable George C. Hanks, Jr., U.S. District Court for the Southern District of Texas, Houston Division: Law Clerk (2012 to 2013)

Admissions

  • Texas
  • Washington

Education

  • M.A., Health Policy & Clinical Ethics, The University of Texas Medical Branch, 2012
  • J.D., University of Houston Law Center, 2010; Houston Journal of International Law, Editor-in-Chief
  • B.S., Texas A&M University, 2007, magna cum laude

Blog

In The Blogs

Previous Next
Data Counsel
DSIR Deeper Dive: Regulatory Investigation Landscape
By Kimberly C. Gordy, Patrick H. Haggerty, Lynn Sessions
May 26, 2020
HIPAA-covered entity and business associate breaches continue to draw attention from the Office for Civil Rights (OCR) and other regulators. In almost every HIPAA incident we handled in 2019 involving more than 500 individuals, OCR issued...
Read More ->