BakerHostetler
Alumni Login
| Subscribe | Print
Open search/close search button Open menu/close menu button
Services
Professionals
About Us
Offices
News/Resources
Diversity
Pro Bono
Careers
Alumni

Lynn Sessions

She | Her | Hers

Partner

Houston
T +1.713.646.1352
F +1.713.751.1717
lsessions@bakerlaw.com
Download Vcard

“[Lynn] is extremely approachable and puts clients at ease with a thorough command of HIPAA and the attendant regulatory landscape.”

— Chambers USA 2022

Overview

Lynn Sessions leads the Healthcare Privacy and Compliance team in the Digital Assets and Data Management Practice Group and serves as national co-lead of the Healthcare Industry Team, demonstrating a career of advising healthcare industry clients in various areas of the law. She focuses her practice now on healthcare privacy and data security, breach response, regulatory defense and Health Insurance Portability and Accountability Act (HIPAA) compliance. Having previously served as in-house counsel and director of several departments at Texas Children’s Hospital, Lynn collaborates closely with healthcare clients and approaches her legal representation from a client’s perspective.

Lynn also regularly advises universities, medical schools and other higher educational institutions on breach preparedness, incident response and regulatory defense, and proactive compliance.

Lynn is a frequent speaker and writer on a range of topics affecting healthcare industry and university clients, including HIPAA compliance, data breach response, Office for Civil Rights investigations, Department of Education investigation, cyberliability and enterprise risk management.

Select Experience

Privacy and Data Security 
  • Has handled more than 800 healthcare data breaches and ransomware attacks, including several of the largest breaches reported to date. In her representation, Lynn provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.
  • Has responded to more than 500 post-breach and HIPAA investigations from the OCR and state attorneys general arising from large and small data breaches reported by covered entities, patient complaints and health information access issues, and has successfully defended healthcare organizations in these investigations.
  • Has advised more than 100 educational institutions in breach response, breach preparedness and regulatory defense, and proactive compliance.
More »

Experience

Privacy and Data Security 
  • Has handled more than 800 healthcare data breaches and ransomware attacks, including several of the largest breaches reported to date. In her representation, Lynn provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.
  • Has responded to more than 500 post-breach and HIPAA investigations from the OCR and state attorneys general arising from large and small data breaches reported by covered entities, patient complaints and health information access issues, and has successfully defended healthcare organizations in these investigations.
  • Has advised more than 100 educational institutions in breach response, breach preparedness and regulatory defense, and proactive compliance.
  • Advises clients on HIPAA and other privacy compliance, including preparation of policies and procedures, notice of privacy practices, business associate agreements, and incident response plans. Works with healthcare organizations post-data breach to strengthen safeguards under HIPAA and implement corrective action plans.
  • Works with large non-healthcare employers on HIPAA and other privacy issues for their self-insured health plans and with on-site provider clinics on HIPAA compliance, including policies and procedures, business associate arrangements, privacy issues arising from Covid-19 testing and vaccines, and sharing of employee information.

Recognitions and Memberships

Recognitions

  • BTI Client Service All-Star (2022)
  • Chambers Global
    • Privacy & Data Security: Healthcare (USA) (2020 to 2023) – Band 2; (2018, 2019) – Band 3
  • Chambers USA
    • Nationwide Privacy & Data Security: Healthcare – Band 2 (2019 to 2022); Band 3 (2017 to 2018)
    • Texas: Healthcare: Band 2 (2020-2022); Band 3 (2014 to 2019) 
  • The Legal 500 United States (2019 to 2022)
    • Recommended in Cyber Law (including data privacy and data protection) (2021 to 2022)
    • Recommended in Industry Focus - Healthcare: service providers (2019 to 2021)
  • Cybersecurity Docket "Incident Response 40" (2021 to 2022)
  • National Diversity Council, Healthcare Diversity Council: Top 25 Women in Healthcare, Houston (2019)
  • National Law Journal ”Cybersecurity Trailblazer” (2016)
  • Burton Award: Distinguished Writing Award for “Anatomy of Healthcare Data Breach” (2013)
  • American Leadership Forum: Senior Fellow
  • Texas Super Lawyers
    • Super Lawyer (2021)
    • “Rising Star” (2005)
  • Rice University, Jesse H. Jones School of Management Executive Education: Executive Education in Medical and Healthcare Management Certification
  • Texas Children’s Hospital: Advanced Quality Improvement and Patient Safety Certification
  • Development Dimensions International: Strategic Leadership

Memberships

  • American Health Law Association
  • Risk and Insurance Management Society
  • American Bar Association
  • Houston Bar Association

News

News

Press Releases

Publications

Alerts

Podcasts

Blog Posts

Events

Community

  • Texas Center for Missing: Board of Directors (2019 to present)
  • Children at Risk: Board of Directors (2009 to 2018)
  • Immunization Partnership: Board of Directors (2013 to 2018)
  • Greater Houston HealthConnect: Board of Directors (2017 to 2019)

Services

Industries

Emerging Issues

Prior Positions

  • Texas Children's Hospital: Director and In-House Counsel (2004 to 2011)

Admissions

  • Texas

Education

  • J.D., Baylor University School of Law, 1993, Order of Barristers
  • B.A., Texas A&M University, 1989

Blog

In The Blogs

Previous Next
Data Counsel
Artificial Intelligence Competitiveness, Inclusion, and Innovation – the U.S. Chamber of Commerce Commission Considers AI Regulation, Competitiveness, and the Future of AI
March 27, 2023
On March 9, 2023, the U.S. Chamber of Commerce released both an Executive Summary and Full Report detailing the work done by the Chamber’s Commission on Artificial Intelligence Competitiveness, Inclusion, and Innovation (“AI Commission”)...
Read More ->
Data Counsel
Generative AI Tools Can Present IP Risks, But They’re Manageable
March 21, 2023
The sudden increase in news coverage of generative artificial intelligence (AI) tools like ChatGPT and Midjourney has employees excited to discover how these accessible tools can make their jobs easier. Employers are concerned about the...
Read More ->
Data Counsel
With New Enforcement Action, FTC Warns Against Health Information Being Used for Advertising Purposes
By Daniel Kaufman, Aleksandra Vold
March 16, 2023
If the Federal Trade Commission’s (FTC) recent pursuits did not make clear the agency’s deep concerns about the use of health information for advertising purposes, a new enforcement action brought by the FTC against BetterHelp – to the...
Read More ->
Data Counsel
2023: A Generative AI Odyssey
By Jiwon (Jamie) Kim, Katherine Lowry, James A. Sherer
March 15, 2023
Artificial intelligence (AI) has long existed in the public consciousness through science fiction, doomsday planners, and fears of Ray Kurzweil’s singularity—but it now appears to be an accessible reality. 2023 has begun with a sharp...
Read More ->
Data Counsel
OCR Guidance on Use of Tracking Technologies Warrants Review of Website Tech
By Stefanie L. Ferrari, Lynn Sessions, Aleksandra Vold
December 13, 2022
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued guidance regarding covered entities’ and business associates’ use of tracking technologies (the Guidance). As discussed in greater detail below, the...
Read More ->

Services

Find Professionals

Offices

About Us

Careers

Firm Diversity

LinkedIn Twitter Facebook Instagram Youtube RSS
Subscribe »
© 2023 Baker & Hostetler LLP