BakerHostetler
Alumni Login
| Subscribe | Print
Open search/close search button Open menu/close menu button
Services
Professionals
About Us
Offices
News/Resources
Diversity
Pro Bono
Careers
Alumni

Lynn Sessions

She | Her | Hers

Partner

Houston
T +1.713.646.1352
F +1.713.751.1717
lsessions@bakerlaw.com
Download Vcard

“Clients value Lynn Sessions’ ‘understanding of healthcare organizations and hospitals’. She is recommended as an expert in HIPAA compliance and data breach response, bringing to bear her experience as in-house counsel with Texas Children’s Hospital.”

— Chambers Global (USA) 2021

Overview

With more than 27 years of working with healthcare industry clients, Lynn Sessions leads the Healthcare Privacy and Compliance team. She focuses her practice on healthcare privacy and data security, breach response, regulatory defense, and Health Insurance Portability and Accountability Act (HIPAA) compliance. Having previously served as in-house counsel and director of several departments at Texas Children’s Hospital, Lynn collaborates closely with healthcare clients and approaches her legal representation from a client’s perspective.

Lynn is a frequent speaker on a range of topics affecting health industry clients, including HIPAA compliance, data breach response, Office for Civil Rights investigations, cyberliability, and enterprise risk management. She is also the co-leader of the firm's Healthcare industry team and is a regular contributor to the firm’s Data Counsel blog, as well as the Health Law Update.

Select Experience

Privacy and Data Security 
  • Has handled more than 700 healthcare data breaches, including several of the largest breaches reported to date. In her representation, provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.
  • Has responded to more than 350 post-breach investigations from the OCR and state attorneys general arising from large and small data breaches reported by covered entities and has successfully defended healthcare organizations in these investigations.
  • Advises clients on HIPAA compliance, including preparation of policies and procedures, notice of privacy practices, business associate agreements, and incident response plans. Works with healthcare organizations post-data breach to strengthen safeguards under HIPAA and implement corrective action plans.
More »

Experience

Privacy and Data Security 
  • Has handled more than 700 healthcare data breaches, including several of the largest breaches reported to date. In her representation, provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.
  • Has responded to more than 350 post-breach investigations from the OCR and state attorneys general arising from large and small data breaches reported by covered entities and has successfully defended healthcare organizations in these investigations.
  • Advises clients on HIPAA compliance, including preparation of policies and procedures, notice of privacy practices, business associate agreements, and incident response plans. Works with healthcare organizations post-data breach to strengthen safeguards under HIPAA and implement corrective action plans.
  • Advises with large non-healthcare employers on HIPAA issues for their self-insured health plans and with on-site provider clinics on HIPAA compliance, including policies and procedures, business associate arrangements, and sharing of employee information.

Recognitions and Memberships

Recognitions

  • Chambers Global
    • Privacy & Data Security: Healthcare (USA) (2020, 2021) – Band 2; (2018, 2019) – Band 3
  • Chambers USA
    • Nationwide Privacy & Data Security: Healthcare – Band 2 (2019 to 2021); Band 3 (2017 to 2018)
    • Texas: Healthcare: Band 2 (2020-2021); Band 3 (2014 to 2019) 
  • The Legal 500 United States (2019 to 2021)
    • Recommended in Cyber Law (including data privacy and data protection) (2021)
    • Recommended in Industry Focus - Healthcare: service providers (2019 to 2021)
  • Cybersecurity Docket "Incident Response 40" (2021)
  • National Diversity Council, Healthcare Diversity Council: Top 25 Women in Healthcare, Houston (2019)
  • National Law Journal ”Cybersecurity Trailblazer” (2016)
  • Burton Award: Distinguished Writing Award for “Anatomy of Healthcare Data Breach” (2013)
  • American Leadership Forum: Senior Fellow
  • Texas Super Lawyers
    • Super Lawyer (2021)
    • “Rising Star” (2005)
  • Rice University, Jesse H. Jones School of Management Executive Education: Executive Education in Medical and Healthcare Management Certification
  • Texas Children’s Hospital: Advanced Quality Improvement and Patient Safety Certification
  • Development Dimensions International: Strategic Leadership

Memberships

  • American Health Lawyers Association
  • AHLA Enterprise Risk Management Task Force: Vice Chair
  • Risk and Insurance Management Society
  • American Bar Association
  • Houston Bar Association

News

News

Press Releases

Publications

Alerts

Articles

Blog Posts

Events

Community

  • Texas Center for Missing: Board of Directors (2019 to present)
  • Children at Risk: Board of Directors (2009 to 2018)
  • Immunization Partnership: Board of Directors (2013 to 2018)
  • Greater Houston HealthConnect: Board of Directors (2017 to 2019)

Services

Industries

Prior Positions

  • Texas Children's Hospital: Director and In-House Counsel (2004 to 2011)

Admissions

  • U.S. District Court, Southern District of Texas
  • U.S. District Court, Northern District of Texas
  • U.S. District Court, Eastern District of Texas
  • Texas

Education

  • J.D., Baylor Law School, 1993, Order of Barristers
  • B.A., Texas A&M University, 1989

Blog

In The Blogs

Previous Next
Data Counsel
A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Two
By Fernando A. Bohorquez Jr., Yadilsa Diaz, Gerald J. Ferguson
January 12, 2022
Part I: What Are Third-Party Cookies and Why they are Important — PART II — Privacy Laws And Third-Party Cookies Welcome to our second installment in our five-part series preparing you for the post-cookie world. In our first post, we...
Read More ->
Data Counsel
Court Finds HHS Had No Lawful Basis Under HIPAA for a $4.3 Million Civil Money Penalty: What Does This Mean for Future HHS Enforcement Actions?
By Jessica Captain Novick, Sara M. Goldstein, Lynn Sessions
January 27, 2021
The United States Court of Appeals for the Fifth Circuit recently found that the United States Department of Health and Human Services (HHS) lacked a lawful basis for a $4.3 million civil money penalty order that it issued to a healthcare...
Read More ->
Data Counsel
DSIR Deeper Dive: Regulatory Investigation Landscape
By Kimberly C. Gordy, Patrick H. Haggerty, Lynn Sessions
May 26, 2020
HIPAA-covered entity and business associate breaches continue to draw attention from the Office for Civil Rights (OCR) and other regulators. In almost every HIPAA incident we handled in 2019 involving more than 500 individuals, OCR issued...
Read More ->
Data Counsel
FERPA Disclosures in Response to COVID-19
By Lynn Sessions
March 16, 2020
The United States Department of Education (ED) Student Privacy Policy Office (SPPO), on March 13, 2020, issued Frequently Asked Questions related to the serious novel coronavirus disease (COVID-19) that the world is now grappling with...
Read More ->
Data Counsel
Powerful Protection: The Healthcare Privacy and Compliance Team
By Lynn Sessions
February 13, 2020
The following story is one in a six-part series devoted to the pioneering teams that comprise the firm’s new Digital Asset and Data Management Practice Group. A prime example of BakerHostetler’s preeminence in the legal industry is on...
Read More ->

Services

Find Professionals

Offices

About Us

Careers

Firm Diversity

LinkedIn Twitter Facebook Instagram Youtube RSS
Subscribe »
© 2022 Baker & Hostetler LLP