Lynn Sessions

Partner

Houston
T +1.713.646.1352
F +1.713.751.1717

"Lynn’s practice covers the full breadth of data crisis management, specifically in relation to the healthcare industry. She is 'well respected and can be relied on for complex matters in that space'."

— Chambers USA 2020

Overview

With more than 25 years of working with healthcare industry clients, Lynn Sessions leads the Healthcare Privacy and Compliance team and serves as the Texas Digital Assets and Data Management Leader. She focuses her practice on healthcare privacy and data security, breach response, regulatory defense, and Health Insurance Portability and Accountability Act (HIPAA) compliance. Having previously served as in-house counsel and director of several departments at Texas Children’s Hospital, Lynn collaborates closely with healthcare clients and approaches her legal representation from a client’s perspective.

Lynn is a frequent speaker on a range of topics affecting health industry clients, including HIPAA compliance, data breach response, Office for Civil Rights investigations, cyberliability, and enterprise risk management. She is also the co-leader of the firm's Healthcare industry team and is a regular contributor to the firm’s Data Counsel blog, as well as the Health Law Update.

Select Experience

Privacy and Data Security 
  • Has handled more than 600 healthcare data breaches, including several of the largest breaches reported to date. In her representation, provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.
  • Has responded to more than 350 post-breach investigations from the OCR and state attorneys general arising from large and small data breaches reported by covered entities and has successfully defended healthcare organizations in these investigations.
  • Advises clients on HIPAA compliance, including preparation of policies and procedures, notice of privacy practices, business associate agreements, and incident response plans. Works with healthcare organizations post-data breach to strengthen safeguards under HIPAA and implement corrective action plans.
More »

Experience

Privacy and Data Security 
  • Has handled more than 600 healthcare data breaches, including several of the largest breaches reported to date. In her representation, provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.
  • Has responded to more than 350 post-breach investigations from the OCR and state attorneys general arising from large and small data breaches reported by covered entities and has successfully defended healthcare organizations in these investigations.
  • Advises clients on HIPAA compliance, including preparation of policies and procedures, notice of privacy practices, business associate agreements, and incident response plans. Works with healthcare organizations post-data breach to strengthen safeguards under HIPAA and implement corrective action plans.
  • Advises with large non-healthcare employers on HIPAA issues for their self-insured health plans and with on-site provider clinics on HIPAA compliance, including policies and procedures, business associate arrangements, and sharing of employee information.

Recognitions and Memberships

Recognitions

  • Chambers Global:
    • Privacy & Data Security: Healthcare (USA)
      • Band 2 (2020)
    • Privacy & Data Security (USA)
      • Band 3 (2018 to 2019)
  • Chambers USA
    • Nationwide Privacy & Data Security: Healthcare
      • Band 2 (2019 to 2020), Band 3 (2017 to 2018)
    • Texas: Healthcare
      • Band 2 (2020), Band 3 (2014 to 2019)
  • The Legal 500 United States (2019 to 2020)
    • Recommended in Industry Focus - Healthcare: service providers
  • National Diversity Council, Healthcare Diversity Council: Top 25 Women in Healthcare, Houston (2019)
  • National Law Journal ”Cybersecurity Trailblazer” (2016)
  • Burton Award: Distinguished Writing Award for “Anatomy of Healthcare Data Breach” (2013)
  • American Leadership Forum: Senior Fellow
  • Texas Super Lawyers “Rising Star” (2005)
  • Rice University, Jesse H. Jones School of Management Executive Education: Executive Education in Medical and Healthcare Management Certification
  • Texas Children’s Hospital: Advanced Quality Improvement and Patient Safety Certification
  • Development Dimensions International: Strategic Leadership

Memberships

  • American Health Lawyers Association
  • AHLA Enterprise Risk Management Task Force: Vice Chair
  • Risk and Insurance Management Society
  • American Bar Association
  • Houston Bar Association

Community

  • Texas Center for Missing: Board of Directors (2019 to present)
  • Children at Risk: Board of Directors (2009 to 2018)
  • Immunization Partnership: Board of Directors (2013 to 2018)
  • Greater Houston HealthConnect: Board of Directors (2017 to 2019)

Prior Positions

  • Texas Children's Hospital: Director and In-House Counsel (2004 to 2011)

Admissions

  • U.S. District Court, Southern District of Texas
  • U.S. District Court, Northern District of Texas
  • U.S. District Court, Eastern District of Texas
  • Texas

Education

  • J.D., Baylor Law School, 1993, Order of Barristers
  • B.A., Texas A&M University, 1989

Blog

In The Blogs

Previous Next
Data Counsel
Ann O'Brien, Jeewon Serrato, Alyse Stach Author Article Examining Privacy and Antitrust Issues
By Ann M. O'Brien, Jeewon K. Serrato, Alyse F. Stach
June 29, 2020
Partners Ann O’Brien and Jeewon Serrato and Associate Alyse Stach authored an article published by the International Association of Privacy Professionals (IAPP) on June 23, 2020. The article, “The Thin Line Between Privacy and Antitrust,”...
Read More ->
Data Counsel
DSIR Deeper Dive: Regulatory Investigation Landscape
By Kimberly C. Gordy, Patrick H. Haggerty, Lynn Sessions
May 26, 2020
HIPAA-covered entity and business associate breaches continue to draw attention from the Office for Civil Rights (OCR) and other regulators. In almost every HIPAA incident we handled in 2019 involving more than 500 individuals, OCR issued...
Read More ->
Data Counsel
FERPA Disclosures in Response to COVID-19
By Lynn Sessions, Benjamin P. Wells
March 16, 2020
The United States Department of Education (ED) Student Privacy Policy Office (SPPO), on March 13, 2020, issued Frequently Asked Questions related to the serious novel coronavirus disease (COVID-19) that the world is now grappling with...
Read More ->
Data Counsel
Powerful Protection: The Healthcare Privacy and Compliance Team
By Lynn Sessions
February 13, 2020
The following story is one in a six-part series devoted to the pioneering teams that comprise the firm’s new Digital Asset and Data Management Practice Group. A prime example of BakerHostetler’s preeminence in the legal industry is on...
Read More ->
Data Counsel
HHS OIG Launches Cybersecurity Webpage to Raise Awareness and Boost Cybersecurity Best Practices
By Alexandra Royal, Lynn Sessions
December 5, 2018
Healthcare data can be up to 10 times more valuable to cyber criminals than credit card numbers, according to a report from the Department of Health & Human Services’ (HHS) Office of the Inspector General (OIG). And, with...
Read More ->