Lynn Sessions

Partner

Houston
T +1.713.646.1352
F +1.713.751.1717

"She is smart, reasonable and great to work with. She has a depth of knowledge on health privacy that is hard to find."

— Chambers USA 2018

Overview

With more than 25 years of working with healthcare industry clients, Lynn Sessions leads the Healthcare Privacy and Compliance team as part of BakerHostetler’s Digital Assets and Data Management group. She focuses her practice on healthcare privacy and data security, breach response, regulatory defense, and Health Insurance Portability and Accountability Act (HIPAA) compliance. Having previously served as in-house counsel and director of several departments at Texas Children’s Hospital, Lynn collaborates closely with healthcare clients and approaches her legal representation from a client’s perspective.

Lynn is a frequent speaker on a range of topics affecting health industry clients, including HIPAA compliance, data breach response, Office for Civil Rights investigations, cyberliability, and enterprise risk management. Lynn is a regular contributor to the firm’s Data Privacy Monitor blog, as well as the Health Law Update.

Select Experience

Privacy and Data Security 
  • Has handled more than 600 healthcare data breaches, including several of the largest breaches reported to date. In her representation, provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.
  • Has responded to more than 350 post-breach investigations from the OCR and state attorneys general arising from large and small data breaches reported by covered entities and has successfully defended healthcare organizations in these investigations.
  • Advises clients on HIPAA compliance, including preparation of policies and procedures, notice of privacy practices, business associate agreements, and incident response plans. Works with healthcare organizations post-data breach to strengthen safeguards under HIPAA and implement corrective action plans.
More »

Experience

Privacy and Data Security 
  • Has handled more than 600 healthcare data breaches, including several of the largest breaches reported to date. In her representation, provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.
  • Has responded to more than 350 post-breach investigations from the OCR and state attorneys general arising from large and small data breaches reported by covered entities and has successfully defended healthcare organizations in these investigations.
  • Advises clients on HIPAA compliance, including preparation of policies and procedures, notice of privacy practices, business associate agreements, and incident response plans. Works with healthcare organizations post-data breach to strengthen safeguards under HIPAA and implement corrective action plans.
  • Advises with large non-healthcare employers on HIPAA issues for their self-insured health plans and with on-site provider clinics on HIPAA compliance, including policies and procedures, business associate arrangements, and sharing of employee information.

Recognitions and Memberships

Recognitions

  • Chambers Global:
    • Privacy & Data Security (USA)
      • Band 3 (2018 to 2019)
  • Chambers USA
    • Nationwide Privacy & Data Security: Healthcare
      • Band 2 (2019), Band 3 (2017 to 2018)
    • Texas: Healthcare
      • Band 3 (2014 to 2019)

  • National Diversity Council, Healthcare Diversity Council: Top 25 Women in Healthcare, Houston (2019)
  • National Law Journal ”Cybersecurity Trailblazer” (2016)
  • Burton Award: Distinguished Writing Award for “Anatomy of Healthcare Data Breach” (2013)
  • American Leadership Forum: Senior Fellow
  • Texas Super Lawyers “Rising Star” (2005)
  • Rice University, Jesse H. Jones School of Management Executive Education: Executive Education in Medical and Healthcare Management Certification
  • Texas Children’s Hospital: Advanced Quality Improvement and Patient Safety Certification
  • Development Dimensions International: Strategic Leadership

Memberships

  • American Health Lawyers Association
  • AHLA Enterprise Risk Management Task Force: Vice Chair
  • Risk and Insurance Management Society
  • American Bar Association
  • Houston Bar Association

News

News

Press Releases

Publications

Alerts

Community

  • Texas Center for Missing: Board of Directors (2019 to present)
  • Children at Risk: Board of Directors (2009 to 2018)
  • Immunization Partnership: Board of Directors (2013 to 2018)
  • Greater Houston HealthConnect: Board of Directors (2017 to 2019)

Prior Positions

  • Texas Children's Hospital: Director and In-House Counsel (2004 to 2011)

Admissions

  • U.S. District Court, Southern District of Texas
  • U.S. District Court, Northern District of Texas
  • U.S. District Court, Eastern District of Texas
  • Texas

Education

  • J.D., Baylor Law School, 1993, Order of Barristers
  • B.A., Texas A&M University, 1989

Blog

In The Blogs

Previous Next
Data Privacy Monitor
California AG Press Release Clarifies CCPA's Jan. 1 Effective Date and Data Broker Registry, Provides No Update on Draft Regulations
By Kyle R. Fath
January 14, 2020
On Jan. 6, 2020, the California attorney general (AG) released a CCPA advisory press release outlining the new data privacy rights under the California Consumer Privacy Act (CCPA) afforded to California consumers and clearly stating that...
Read More ->
Data Privacy Monitor
Cybersecurity Remains a Top SEC Examination Priority in the New Decade
By Jonathan A. Forman
January 10, 2020
It may be a new decade, but the focus of the Securities and Exchange Commission (SEC) on cybersecurity has not shifted. In particular, the SEC noted in its 2020 Examination Priorities that the Office of Compliance Inspections and...
Read More ->
Data Privacy Monitor
Steps to Develop a Mature Third-Party Risk Management Program With High-Risk Third Parties
By Daniel A. Pepper
January 10, 2020
This blog is the first in a series exploring how organizations can prevent or mitigate the severity of a third-party data breach or cyber exploit by implementing a variety of cybersecurity risk management controls such as assessing...
Read More ->
Data Privacy Monitor
HHS OIG Launches Cybersecurity Webpage to Raise Awareness and Boost Cybersecurity Best Practices
By Alexandra Royal, Lynn Sessions
December 5, 2018
Healthcare data can be up to 10 times more valuable to cyber criminals than credit card numbers, according to a report from the Department of Health & Human Services’ (HHS) Office of the Inspector General (OIG). And, with...
Read More ->
Data Privacy Monitor
OCR Announces Intention to Move Forward With Development of Methodology to Distribute Enforcement Funds to Victims of HIPAA Violations
By Kathryn Carey, Lynn Sessions
June 15, 2018
The Office for Civil Rights (OCR) updated its agenda, outlining proposed and final rules as well as pre-rule document releases for 2018. A notable, and highly anticipated, advance notice of proposed rulemaking included on the agenda...
Read More ->