Lynn Sessions

Partner

Houston
T +1 713.646.1352  |  F +1 713.751.1717

"The 'very knowledgeable' Lynn Sessions…[is able to] 'get to the short and sweet - she gets right to the point, which is extraordinarily beneficial to us.'"

— Chambers USA 2015

With more than 20 years of working with healthcare industry clients, Lynn Sessions focuses her practice on healthcare operations and regulatory work, with an emphasis on healthcare privacy and data security, breach response, and Health Insurance Portability and Accountability Act (HIPAA) compliance. Having previously served as in-house counsel and director of several departments at a nationally ranked children’s hospital, Lynn collaborates closely with healthcare clients and approaches her legal representation from a client’s perspective. 

Lynn is a frequent speaker on a range of topics affecting health industry clients, including HIPAA compliance, data breach response, cyber and network security, enterprise risk management, the Emergency Medical Treatment and Labor Act (EMTALA), handling adverse patient events, and insurance and risk financing. Lynn is also a regular contributor to BakerHostetler’s “Data Privacy Monitor” blog, available at www.dataprivacymonitor.com, as well as the Health Law Update.

Select Experience

Privacy and Data Security 

  • Has handled more than 300 healthcare data breaches, including several of the largest breaches reported to date. In her representation, provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.

Operations and Regulatory Practice 

  • Regularly advises hospitals on EMTALA.
  • Conducted an audit of a top children’s hospital’s risk management department and advised on departmental and operational changes for improved function within the hospital.
More »

Experience

Privacy and Data Security 
  • Has handled more than 300 healthcare data breaches, including several of the largest breaches reported to date. In her representation, provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.
  • Has responded to more than 75 post-breach investigations from the OCR and state attorneys general arising from large and small data breaches reported by covered entities, and has successfully defended healthcare organizations in these investigations.
  • Represents educational institutions regarding data breaches, including breach analysis, breach response, crisis management and regulatory reports.
  • Advises clients on HIPAA compliance, including preparation of policies and procedures, notice of privacy practices, business associate agreements, and incident response plans. Works with healthcare organizations post-data breach to strengthen safeguards under HIPAA and implement corrective action plans.
  • Advises with large non-healthcare employers on HIPAA issues for their self-insured health plans and with on-site provider clinics on HIPAA compliance, including policies and procedures, business associate arrangements, and sharing of employee information. 
Operations and Regulatory Practice 
  • Regularly advises hospitals on EMTALA.
  • Conducted an audit of a top children’s hospital’s risk management department and advised on departmental and operational changes for improved function within the hospital.
  • Develops and enhances credentialing and peer review processes for hospitals and physician groups.
  • Advises hospitals and large physician practices on informed consent, release of patient information, affiliation agreements and privileging of peer review and quality review activities. 

Recognitions

  • Chambers USA: Healthcare in Texas (2014 to 2016)
  • National Law Journal "Cybersecurity Trailblazer" (2016)
  • Burton Award: Distinguished Writing Award for "Anatomy of Healthcare Data Breach" (2013)
  • American Leadership Forum: Senior Fellow
  • Texas Bar Foundation: Fellow
  • Texas Super Lawyers "Rising Star" (2005)
  • Rice University, Jesse H. Jones School of Management Executive Education: Executive Education in Medical and Healthcare Management Certification
  • Texas Children's Hospital: Advanced Quality Improvement and Patient Safety Certification
  • Development Dimensions International: Strategic Leadership

Memberships

  • American Health Lawyers Association
  • AHLA Enterprise Risk Management Task Force: Vice Chair
  • American Society for Healthcare Risk Management
  • Risk and Insurance Management Society
  • American Bar Association
  • Houston Bar Association

Alerts

Articles

Community

  • Children at Risk: Board of Directors, Chair of Development
  • Immunization Partnership: Board of Directors

Services

Industries

Prior Positions

  • Texas Children's Hospital: Director and In-House Counsel (2004 to 2011)

Admissions

  • U.S. District Court, Southern District of Texas
  • U.S. District Court, Northern District of Texas
  • U.S. District Court, Eastern District of Texas
  • Texas

Education

  • J.D., Baylor Law School, 1993, Order of Barristers
  • B.A., Texas A&M University, 1989

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Finalized New York Department of Financial Services Cybersecurity Regulation to Take Effect March 1
February 23, 2017
On February 16, 2017, the New York Department of Financial Services (NYDFS) announced the release of its finalized Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulation”), which will take effect on March 1...
Read More ->
Data Privacy Monitor
Will the proposed “Countering Russian Hostilities Act” stop Russian cyberattacks?
January 27, 2017
On Jan. 10, 2017, a bipartisan group of five Republican and five Democratic senators announced their support for the Countering Russian Hostilities Act of 2017. Lindsey Graham, one of the senators who announced the proposed legislation...
Read More ->
Data Privacy Monitor
FINRA Seeks Comment on Blockchain
January 26, 2017
On Jan. 18, 2017, the Financial Industry Regulatory Authority (FINRA) became the latest organization to weigh in on distributed ledger technology (DLT), also known as blockchain. Recognizing the growing interest and potential benefits...
Read More ->
Data Privacy Monitor
Federal agencies given new breach response and preparation guidelines
By Erich M. Falke
January 17, 2017
The White House has made a step toward implementing in federal agencies some breach response best practices currently used in the private sector. On Jan. 3, the White House issued a memorandum (Memo) updating for the first time in almost a...
Read More ->
Data Privacy Monitor
Swiss-U.S. Privacy Shield Framework to Launch April 12
By Emily R. Fedeles, Melinda L. McLellan
January 14, 2017
On January 11, 2017, the U.S. Department of Commerce, the Swiss Federal Council and the Swiss Federal Data Protection and Information Commissioner (FDPIC) issued press releases announcing that an agreement has been reached on a new...
Read More ->