BakerHostetler
Client Login Alumni Login
| Subscribe | Print | Client Login
Open search/close search button Open menu/close menu button
Services
Professionals
About Us
Offices
News/Resources
Diversity
Careers
Alumni

Lynn Sessions

Partner

Houston
T +1.713.646.1352
F +1.713.751.1717
lsessions@bakerlaw.com
Download Vcard

"She is smart, reasonable and great to work with. She has a depth of knowledge on health privacy that is hard to find."

— Chambers USA 2018

Overview

With more than 20 years of working with healthcare industry clients, Lynn Sessions focuses her practice on healthcare operations and regulatory work, with an emphasis on healthcare privacy and data security, breach response, and Health Insurance Portability and Accountability Act (HIPAA) compliance. Having previously served as in-house counsel and director of several departments at a nationally ranked children’s hospital, Lynn collaborates closely with healthcare clients and approaches her legal representation from a client’s perspective. 

Lynn is a frequent speaker on a range of topics affecting health industry clients, including HIPAA compliance, data breach response, cyber and network security, enterprise risk management, the Emergency Medical Treatment and Labor Act (EMTALA), handling adverse patient events, and insurance and risk financing. Lynn is also a regular contributor to BakerHostetler’s “Data Privacy Monitor” blog, available at www.dataprivacymonitor.com, as well as the Health Law Update.

Select Experience

Privacy and Data Security 

  • Has handled more than 550 healthcare data breaches, including several of the largest breaches reported to date. In her representation, provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.

Operations and Regulatory Practice 

  • Regularly advises hospitals on EMTALA.
  • Conducted an audit of a top children’s hospital’s risk management department and advised on departmental and operational changes for improved function within the hospital.
More »

Experience

Privacy and Data Security 
  • Has handled more than 550 healthcare data breaches, including several of the largest breaches reported to date. In her representation, provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.
  • Has responded to more than 250 post-breach investigations from the OCR and state attorneys general arising from large and small data breaches reported by covered entities, and has successfully defended healthcare organizations in these investigations.
  • Represents educational institutions regarding data breaches, including breach analysis, breach response, crisis management and regulatory reports.
  • Advises clients on HIPAA compliance, including preparation of policies and procedures, notice of privacy practices, business associate agreements, and incident response plans. Works with healthcare organizations post-data breach to strengthen safeguards under HIPAA and implement corrective action plans.
  • Advises with large non-healthcare employers on HIPAA issues for their self-insured health plans and with on-site provider clinics on HIPAA compliance, including policies and procedures, business associate arrangements, and sharing of employee information. 
Operations and Regulatory Practice 
  • Regularly advises hospitals on EMTALA.
  • Conducted an audit of a top children’s hospital’s risk management department and advised on departmental and operational changes for improved function within the hospital.
  • Develops and enhances credentialing and peer review processes for hospitals and physician groups.
  • Advises hospitals and large physician practices on informed consent, release of patient information, affiliation agreements and privileging of peer review and quality review activities. 

Recognitions and Memberships

Recognitions

  • Chambers Global: Privacy & Data Security (USA) (2018, 2019)
  • Chambers USA
    • Nationwide Privacy & Data Security (2018)
      • Band 3 (2014 to 2018)
    • Healthcare in Texas (2014 to 2018)
      • Band 3 (2017 to 2018)
  • National Law Journal "Cybersecurity Trailblazer" (2016)
  • Burton Award: Distinguished Writing Award for "Anatomy of Healthcare Data Breach" (2013)
  • American Leadership Forum: Senior Fellow
  • Texas Bar Foundation: Fellow
  • Texas Super Lawyers "Rising Star" (2005)
  • Rice University, Jesse H. Jones School of Management Executive Education: Executive Education in Medical and Healthcare Management Certification
  • Texas Children's Hospital: Advanced Quality Improvement and Patient Safety Certification
  • Development Dimensions International: Strategic Leadership
  • National Diversity Council, Healthcare Diversity Council: Top 25 Women in Healthcare, Houston (2019)

Memberships

  • American Health Lawyers Association
  • AHLA Enterprise Risk Management Task Force: Vice Chair
  • American Society for Healthcare Risk Management
  • Risk and Insurance Management Society
  • American Bar Association
  • Houston Bar Association

News

News

Press Releases

Publications

Alerts

Blog Posts

Events

Community

  • Children at Risk: Board of Directors, Chair of Development
  • Immunization Partnership: Board of Directors

Services

Industries

Prior Positions

  • Texas Children's Hospital: Director and In-House Counsel (2004 to 2011)

Admissions

  • U.S. District Court, Southern District of Texas
  • U.S. District Court, Northern District of Texas
  • U.S. District Court, Eastern District of Texas
  • Texas

Education

  • J.D., Baylor Law School, 1993, Order of Barristers
  • B.A., Texas A&M University, 1989

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Deeper Dive: Choose the Right Forensics Firm for the Job
By William R. Daugherty, Eric A. Packel
April 17, 2019
Forensics are a key component of many data incident investigations. The importance of forensics cannot be overstated. In fact, in 2018, 65% of the incidents we handled involved some type of forensic investigation. Forensics firms can not...
Read More ->
Data Privacy Monitor
In BIPA's Wake, a Wave of New Biometric Privacy Proposals
By Robyn M. Feldstein, Melinda L. McLellan
April 15, 2019
Over the past year, a host of new national, state and local laws have been introduced to regulate the collection and use of biometric information. Although these proposals vary in their requirements, certain elements appear to be inspired...
Read More ->
Data Privacy Monitor
Deeper Dive: The Scourge of O365 Incidents
April 11, 2019
A Growing Menace 2018 saw a continuation of companies moving toward cloud-based email systems. Phishing incidents targeting those systems followed suit. Fully one-third of incidents addressed by our incident response team in 2018 involved...
Read More ->
Data Privacy Monitor
HHS OIG Launches Cybersecurity Webpage to Raise Awareness and Boost Cybersecurity Best Practices
By Alexandra Royal, Lynn Sessions
December 5, 2018
Healthcare data can be up to 10 times more valuable to cyber criminals than credit card numbers, according to a report from the Department of Health & Human Services’ (HHS) Office of the Inspector General (OIG). And, with...
Read More ->
Data Privacy Monitor
OCR Announces Intention to Move Forward With Development of Methodology to Distribute Enforcement Funds to Victims of HIPAA Violations
By Kathryn Carey, Lynn Sessions
June 15, 2018
The Office for Civil Rights (OCR) updated its agenda, outlining proposed and final rules as well as pre-rule document releases for 2018. A notable, and highly anticipated, advance notice of proposed rulemaking included on the agenda...
Read More ->

Services

Find Professionals

Offices

About Us

Careers

Firm Diversity

LinkedIn Twitter Facebook Instagram Youtube RSS
Subscribe »
© 2019 Baker & Hostetler LLP