Stefanie L. Ferrari

She | Her | Hers


T +1.312.416.6229
F +1.312.416.6201


A member of the Healthcare Privacy and Compliance team, Stefanie Ferrari is consistently called on as a key team member when complex HIPAA issues arise. Stefanie works closely with clients across the healthcare industry on responding to cybersecurity and data privacy incidents, regulatory defense and state and federal privacy compliance. Her hands-on approach recognizes the importance of prioritizing patient care and dealing with the unique challenges healthcare providers face.

When a breach occurs, Stefanie guides clients through the initial response and investigation, while helping to ensure their regulatory obligations are met. Stefanie also has significant experience in dealing with vendor-related breaches and appreciates the nuances that arise on both the healthcare provider and vendor sides.

Recognitions and Memberships


  • Illinois Bar Association
  • Chicago Bar Association
  • Women's Bar Association
  • American Bar Association


  • Chicago Pediatric Cancer Research Board: Member (2019 to Present)


  • U.S. District Court, Northern District of Illinois
  • Illinois


  • J.D., Chicago-Kent College of Law, Illinois Institute of Technology, 2018, magna cum laude; Chicago-Kent Law Review, Notes & Comments Editor; Order of the Coif; Kent Legal Scholar
  • B.S., Political Science, University of Illinois at Urbana-Champaign, 2014


In The Blogs

Previous Next
Data Counsel
OCR Guidance on Use of Tracking Technologies Warrants Review of Website Tech
By Stefanie L. Ferrari, Lynn Sessions, Aleksandra Vold
December 13, 2022
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued guidance regarding covered entities’ and business associates’ use of tracking technologies (the Guidance). As discussed in greater detail below, the...
Data Counsel
2022 DSIR Deeper Dive: Vendor Incidents
By Stefanie L. Ferrari
May 6, 2022
Vendor-caused incidents continued to surge in 2021. Nearly 20 percent of the total incidents we handled last year were caused by vendors, with more than half requiring notification. As in prior years, vendor incidents involved phishing...