Careers

Diversity

With 18 offices, from New York to Los Angeles and Seattle to Orlando, we live and work in communities all over the U.S., collaborating across locations, disciplines and even borders. Our experienced, highly ranked lawyers serve businesses wherever they are and wherever they want to go.

Offices

About Us

Pages

Professionals

Thought leadership: blogs, podcasts, videos, publications, events and news

Insights

Practices & Industries

Pro Bono

Am Law 100 firm with practices in Business, Digital Assets and Data Management, Intellectual Property, Labor & Employment, Litigation and Tax.

Home | BakerHostetler

The Privacy Strategist – Data on (and off) the Playing Field: The Business of Sports Data

BakerHostetler Represents McGohan Brabender in Acquisition by Higginbotham

Elise Elam Joins Panel on AI-Accelerated Adversaries at CrowdTour Columbus

Antitrust Advocate

State Action Update (Part II): Fifth Circuit Reaffirms Narrow Municipal Immunity in Megatel Homes v. City of Mansfield

Lynn also regularly advises universities, medical schools and other higher educational institutions on breach preparedness, incident response and regulatory defense, and proactive compliance.
Lynn is a frequent speaker and writer on a range of topics affecting healthcare industry and university clients, including HIPAA compliance, data breach response, Office for Civil Rights investigations, Department of Education investigations, cyberliability and enterprise risk management.
As of January 2026, Lynn is serving a three-year term on the Policy Committee.

core/freeform

core/paragraph

J.D., Baylor University School of Law, 1993, 

B.A., Texas A&M University, 1989

<ul>
<li>Lexology Index (formerly Who&#8217;s Who Legal): Data (2025)</li>
<li>BTI Client Service All-Star (2022)</li>
<li>Chambers Global
<ul>
<li>Privacy and Data Security: Healthcare (USA) (2026) &#8211; Band 1; (2020 to 2025) – Band 2; (2018 to 2019) – Band 3</li>
</ul>
</li>
<li>Chambers USA
<ul>
<li>Privacy and Data Security: Healthcare, Nationwide
<ul>
<li>Band 1 (2025), Band 2 (2019 to 2024), Band 3 (2017 to 2018)</li>
</ul>
</li>
<li>Healthcare in Texas
<ul>
<li>Band 1 (2025), Band 2 (2020 to 2024), Band 3 (2014 to 2019)</li>
</ul>
</li>
</ul>
</li>
<li>The Legal 500 United States (2019 to 2025)
<ul>
<li>Recommended in Media, Technology and Telecoms: Cyber Law (including data privacy and data protection) (2023 to 2025)</li>
<li>Recommended in Cyber Law (including data privacy and data protection) (2021 to 2022)</li>
<li>Recommended in Healthcare: Service Providers (2019 to 2021, 2023 to 2025)</li>
</ul>
</li>
<li>The Best Lawyers in America®
<ul>
<li>Texas: Health Care Law (2024 to 2025)</li>
</ul>
</li>
<li>Cybersecurity Docket
<ul>
<li>&#8220;Incident Response 50&#8221; (2023)</li>
<li>&#8220;Incident Response 40&#8221; (2021 to 2022)</li>
</ul>
</li>
<li>National Diversity Council, Healthcare Diversity Council: Top 25 Women in Healthcare, Houston (2019)</li>
<li>National Law Journal ”Cybersecurity Trailblazer” (2016)</li>
<li>Burton Award for Distinguished Legal Writing
<ul>
<li>“Got Pixels? The Regulatory and Legal Implications of the Use of Third-Party Technologies on Health Care Websites,” Journal of Health and Life Sciences (2025)</li>
<li>“Anatomy of Healthcare Data Breach” (2013)</li>
</ul>
</li>
<li>American Leadership Forum: Senior Fellow</li>
<li>Texas Super Lawyers
<ul>
<li>&#8220;Super Lawyer&#8221; (2021 to 2023)</li>
<li>“Rising Star” (2005)</li>
</ul>
</li>
<li>Rice University, Jesse H. Jones School of Management Executive Education: Executive Education in Medical and Healthcare Management Certification</li>
<li>Texas Children’s Hospital: Advanced Quality Improvement and Patient Safety Certification</li>
<li>Development Dimensions International: Strategic Leadership</li>
</ul>

Houston

BakerHostetler attorneys and practice areas spotlighted in the 2026 Legal 500 annual guide

Data Counsel

The Hidden Risk of Legacy Networks Following Mergers and Acquisitions

Chambers USA Guide 2026 Recognizes 179 BakerHostetler Attorneys and 81 Practice Areas

Lynn Sessions Presents at HCCA Seattle Regional Healthcare Compliance Conference

Lynn Sessions Discusses Implantable Brain-Computer Interfaces and HIPAA at Expert Workshop

HIPAA at 21 Years of Compliance: Why the Security Rule May Be Entering a More Prescriptive Era

Lynn Sessions Participates in Panel at Western Region Captive Insurance Conference

BakerHostetler releases 2026 Data Security Incident Response Report: Familiar threats, new pressures

BakerHostetler Increases Number of Internationally Recognized Attorneys in 2026 Rankings from Chambers Global

State Attorneys General and Healthcare: CLE Webinar

Lynn Sessions Participates in AHA Academic Medical Center COO Roundtable Fall 2025

Lynn Sessions Presents on Panel at Swiss RE Cyber Leadership Summit

California Court of Appeal Reins in CDPH’s Misuse of Strict Liability in Hospital Privacy Breach Cases

Lynn Sessions Discusses Developments and Trends in Health Care Data Privacy at 2025 Health Law Institute

Lynn Sessions Takes Part in Panel at 2025 UT System Legal Conference

BakerHostetler Attorneys Named 2026 Best Lawyers, Ones to Watch and Lawyers of the Year

Texas Sets AI Policy Agenda: Key Bills from the 89th Legislative Session – and What Businesses Should Do Now

Lynn Sessions Guests on CITI Program On Tech Ethics and Managing Healthcare Cybersecurity Risks

Lynn Sessions Speaks on Webinar Regarding Protected Health Information

Lynn Sessions, Kimberly Gordy, Jessica Johnson, Pierce Cox Recognized by State Bar of Texas for Article Penned for The Houston Lawyer

BakerHostetler attorneys and practice areas spotlighted in the 2025 Legal 500 annual guide

Chambers USA Guide 2025 Recognizes 171 BakerHostetler Attorneys and 73 Practice Areas

A Year of Privacy and Cybersecurity: A Look Back, A Look Around and A Look Ahead (The Houston Lawyer)

Lynn Sessions Presents at Children’s Hospital Association Conference

Paul Karlsgodt, Lynn Sessions Speak at Crum & Forster’s 4th Annual Cyber Symposium

Lynn Sessions, Kimberly Gordy Speak on Panels at HCCA 29th Annual Compliance Institute

Lynn Sessions Explores Legal Considerations of Cybersecurity in Healthcare at UT Law CLE’s Health Law Conference

BakerHostetler launches 2025 Data Security Incident Response Report

Lynn Sessions Offers Opinion on 23andMe Data Privacy and Bankruptcy in CNBC Article

Lynn Sessions, Stefanie Ferrari Receive “Law360 Distinguished Legal Writing Awards” (Burton Awards)

BakerHostetler Expands International Recognition with 2025 Rankings from Chambers Global

Health Law Update

Healthcare Industry Team 2024 Year in Review

DSIR Deeper Dive: Tracking the Crackdown on Tracking/Pixel Technologies: Web Litigation and Regulatory Landscape – Part 2

Lynn Sessions Participates in Crum & Forster/Lockton Companies Joint Event

Lynn Sessions Takes Part in University of Maryland Medical System Compliance Summit

DSIR Deeper Dive: Tracking the Crackdown on Tracking/Pixel Technologies: Web Litigation and Regulatory Landscape – Part 1

Lynn Sessions Participates in Panel at WCAS Technology Executives Summit

Lynn Sessions Presents at TBA’s 36th Annual Health Law Forum

BakerHostetler Attorneys from Dallas, Houston Offices Selected for The Best Lawyers in America®

Lynn Sessions, Stefanie Ferrari Publish Article in Journal of Health and Life Sciences Law

The Future for Healthcare Is So Loper Bright, I Gotta Wear Shades

Webinar: The Privacy Strategist: Loper Bright, Chevron Deference and Data Regulation

Texas Attorneys Earn Accolades from The Best Lawyers in America®

Northern District of Texas Flashes the ‘Blue Lights’ on OCR’s Pixel Guidance

Lynn Sessions Serves as Panelist for CrowdTour24 in Dallas

BakerHostetler attorneys, practice areas stand out in The Legal 500 annual guide

Chambers USA Guide 2024 Recognizes 155 BakerHostetler Attorneys and ­66 Practice Areas

Lynn Sessions, Paul Karlsgodt Present at American Hospital Association CCO 2024 Spring Roundtable

Lynn Sessions Takes Part in State of Cyber Defense Webinar

Lynn Sessions Discusses DSIR Report on Healthcare Info Security Podcast

BakerHostetler launches 2024 Data Security Incident Response Report, ‘Persistent Threats, New Challenges’

Change Healthcare Incident: Update on ‘Impacted Data’ Analysis and Notification Plan

Lipstick on a Pig: OCR’s Cosmetic Revisions to Guidance on Tracking Technology in Healthcare Fail to Address Fundamental Issues

Theodore Kobus, Sara Goldstein, Lynn Sessions Weigh in On Change Healthcare’s Data Security Incident

Imminent Cybersecurity Threats to Healthcare Revenue Cycle Management

BakerHostetler Continues to Collect Accolades with 2024 Rankings from Chambers Global

Healthcare Industry Team 2023 Year in Review

Lynn Sessions discusses trends in class action, regulatory claims related to data breaches

Lynn Sessions shares insights on ransomware at compliance, audit summit

Existential threat: Hospitals must understand, prepare for cyber attacks

Companies must lower legal risks amid growing litigation over AI

What healthcare organizations need to know about ad tech

Lee Rosebush, Lynn Sessions and Laura Macherelli Address FDA Guidance About Cybersecurity and Medical Devices

BakerHostetler Attorneys and Practice Areas Recognized in The Legal 500 2023 Guide

Chambers USA Guide 2023 Honors 147 BakerHostetler Attorneys and Recognizes 64 Practice Areas

Artificial Intelligence and Machine Learning in the Development of Drug and Biological Products

BakerHostetler Launches 2023 Data Security Incident Response Report

Lynn Sessions Takes Part in University of Texas Info Security and Info Tech Conference

Ted Kobus, Lynn Sessions and Aleksandra Vold Again Named Top Cybersecurity Incident Responders

​​​​​​​Cybersecurity in Medical Devices

Lynn Sessions Discusses Vendor Incidents at Health Information Management Meeting

Lynn Sessions Takes Part in National HIPAA Summit

Paul Karlsgodt and Lynn Sessions Take Part in Program on Pixels as Cyberthreat

Thirteen BakerHostetler Attorneys, Eight Practice Areas Ranked in 2023 Edition of Chambers Global

Lynn Sessions and Paul Karlsgodt Talk All Things Pixel

OCR Guidance on Use of Tracking Technologies Warrants Review of Website Tech

DSIR Report Deeper Dive - 2022

2022 DSIR Deeper Dive: OCR’s Right of Access Initiative

Lynn Sessions Discusses Innovation Affecting Healthcare Providers

Lynn Sessions Discusses Trends in Healthcare Privacy

Lynn Sessions Speaks at AEHIS Healthcare Security Leaders Forum

Lynn Sessions Speaks at Summit on Healthcare Cybersecurity

Lynn Sessions Speaks at Healthcare Cybersecurity Webinar

2022 DSIR Report Deeper Dive: Vendor Incidents

Lynn Sessions Speaks About the Lifecycle of a Ransomware Attack

Lynn Sessions Quoted in Article on Data Breach-Related Litigation Trends

BakerHostetler Attorneys Make Significant Gains in The Legal 500 Annual Guide

Chambers and Partners USA Honors 127 Attorneys and 43 Practice Areas in 2019 Guide

Chambers and Partners USA Honors 118 Attorneys and 45 Practice Areas in 2018 Guide

Health Law Update—January 5, 2012

Industries

Healthcare

Services

Digital Assets and Data Management

Business

Healthcare Privacy and Compliance

Digital Risk Advisory and Cybersecurity

Healthcare Technology

Strategic Healthcare Initiatives

Telehealth

Life Sciences

Educational Institutions

<h5>Privacy and Data Security</h5>
<ul>
<li>Has handled more than 1,200 healthcare data breaches and ransomware attacks, including several of the largest breaches reported to date. In her representation, Lynn provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.</li>
<li>Has responded to more than 800 post-breach and HIPAA investigations from the OCR and state attorneys general arising from large and small data breaches reported by covered entities, patient complaints and health information access issues, and has successfully defended healthcare organizations in these investigations.</li>
<li>Has advised more than 100 educational institutions in breach response, breach preparedness and regulatory defense, and proactive compliance.</li>
<li>Advises clients on HIPAA and other privacy compliance, including preparation of policies and procedures, notice of privacy practices, business associate agreements, and incident response plans. Works with healthcare organizations post-data breach to strengthen safeguards under HIPAA and implement corrective action plans.</li>
<li>Works with large non-healthcare employers on HIPAA and other privacy issues for their self-insured health plans and with on-site provider clinics on HIPAA compliance, including policies and procedures, business associate arrangements, privacy issues arising from COVID-19 testing and vaccines, and sharing of employee information.</li>
</ul>

Lynn Sessions

Lynn Sessions

Experience

Recognitions and Memberships

Insights and News

Prior Positions

Credentials

Community and Pro Bono

Areas of Focus

Industries

Services

Featured Insights