Overview
Attorney Karen Mandelbaum has deep experience in all aspects of systems security and data protection from her work as a privacy and cybersecurity official at the Centers for Medicare & Medicaid Services (CMS) and in the private sector.
Karen's work includes the following:
- Guiding clients through complex and evolving privacy, cybersecurity, artificial intelligence, interoperability, digital health, telehealth, fraud and abuse, and other laws and regulations
- Advising clients on all aspects of federal and state privacy and consumer data protection laws and regulations, including HIPAA, HITECH, and 42 CFR Part 2
- Helping to design and develop effective data governance strategies that maximize value and encourage trust
- Advising on the development and implementation of cybersecurity and privacy programs, designing information system security and privacy policies, implementing and operationalizing privacy and security controls, and designing metrics to monitor program compliance
- Helping clients to develop security and privacy incident reporting and breach notification plans and processes, respond to cyber incidents and data breaches, and mitigate the impacts of data loss
- Advising clients on provider reimbursements, Medicare, Medicaid, Affordable Care Act programs, health reform, innovation, and value-based care models
Before joining Epstein Becker Green, Karen served as the Senior Advisor for Security & Privacy Policy and Governance to the Chief Information Officer, Chief Information Security Officer, and Senior Official for Privacy in the Office of Information Technology at CMS, where she was responsible for developing and implementing an integrated approach to CMS’s cybersecurity and privacy program. She was previously a Privacy Policy Subject Matter Expert at the Center for Consumer Information & Insurance Oversight (CCIIO), responsible for defining the scope of privacy requirements and the privacy policy program for the health insurance exchanges and the Federally-Facilitated Marketplace. Earlier in her career, she served as General Counsel and the Privacy and Security Officer of a national health care technology company and then was an attorney at a law firm in Minnesota, where she acted as outside counsel for small and mid-sized business clients on all health care-related privacy and compliance matters.
Karen received the 2018 CMS Administrator’s Honor Award for Execution of Major Projects in appreciation of her contributions to the New Medicare Card Initiative. She also received the 2017 Administrator’s Honor Award for Organizational Excellence in recognition of her contributions to developing the Website Notices for Healthcare.gov and Medicare.gov as part of the Office of Communications Marketing and Privacy Team.
Read less
Focus Areas
Services
- Artificial Intelligence
- Data Asset Management
- Data Breach and Incident Response
- Data Breach/Cybersecurity Investigations & Litigation
- Data Protection
- Fraud and Abuse Compliance Counseling and Defense
- Government and Commercial Coding, Coverage, and Payment
- Health Care
- Health Insurance Exchanges
- Internet of Things (IoT)
- Interoperability
- Managed Care
- Privacy, Cybersecurity & Data Asset Management
- Ransomware
- State Privacy Law Compliance
Industries
Trending Issues
Experience
Recognition
- The Best Lawyers in America, “Ones to Watch,” Health Care Law (2022-2023)
Credentials
Education
- Carlson School of Management (M.H.A., 2007)
- William Mitchell College of Law (J.D., 2004)
- University of Minnesota (B.A., 2000)
Bar Admissions
- District of Columbia
- Minnesota
Board of Directors
- Maryland/Israel Development Center (2023 to present)
Media
Events
Upcoming Events
Past Events
- October 28, 2021
Insights
Insights
- PublicationsAdvancing Interoperability and Improving Prior Authorization: No One Said It Would Be Easy!18 minute read
- BlogsONC’s “Information Blocking Enhancements” Under the HTI-1 Rule Are in Effect12 minute read
- PublicationsMedicare Advantage, Part D, and More: Proposed Rule Outlines Significant Policy and Technical Changes for CY 2025 ...35 minute read
- PublicationsHHS Publishes Proposed “Disincentives Rule” to Prevent Information Blocking by Health Care Providers15 minute read
- BlogsThe Guiding an Improved Dementia Experience (“GUIDE”) Model9 minute read
- Blogs
HHS Proposes Amendments to HIPAA That Protect Reproductive Health Care Information in Wake of Dobbs
8 minute read - BlogsHHS Warns HIPAA Covered Entities and Business Associates That Use of Website Cookies, Pixels, and Other Tracking Technology ...6 minute read
- Publications
Towards an Interconnected Health Care System: How Can Interoperability and Transparency Get Us There? – Journal of Health ...
September–October 2022 - Firm Announcements
Epstein Becker Green Attorneys Recognized by 2023 Best Lawyers for Excellence in the Legal Profession
11 minute read - PublicationsThe Employers Guide to Privacy and Requiring Proof of Employee Vaccination2 minute read
- PublicationsChapter 4, “Proliferation of Health Care Data: Navigating Interoperability and Data Sharing Opportunities and ...1 minute read
- Firm AnnouncementsThirty-Five Epstein Becker Green Attorneys Recognized as “Ones to Watch” by The Best Lawyers in America 2022 ...5 minute read
- BlogsInteroperability and Its Impact on Payors6 minute read
- BlogsInformation Blocking – How Did I Become an “Actor”?5 minute read
- PublicationsEpstein Becker Green 15 Year Relationship with the MIDC4 minute read
- BlogsThe Federal Communications Commission Announces Narrow Window to Apply for Second Round of COVID-19 Telehealth Program ...3 minute read
- PublicationsOIG Issues a Final Rule Designed to Advance the Transition to Value-Based Care and Modernize the Regulatory Framework ...39 minute read
- PublicationsNew Health Care Transparency Requirements: Will They Lower Cost and Improve Quality?11 minute read
- BlogsPrivacy and Security Considerations for Employers Grappling with Introducing Social Distancing and Contact Tracing ...15 minute read
- PublicationsNavigating Symptom Checker Applications, Privacy Concerns, and Workplace Discrimination; Considerations for Best ...2 minute read
- BlogsBe Aware Before You Share: Vetting Third Party Apps Prior to Data Transfer10 minute read
- BlogsECJ Invalidated the EU-US Privacy Shield Framework6 minute read
- PublicationsConsiderations for Employers Using Virus Prevention Tech3 minute read
- BlogsFace or Fingerprint? The DEA Revisits Biometric Identifiers for e-Prescribing Controlled Substances4 minute read
- Media CoverageKaren Mandelbaum Quoted in "Interoperability Rule Exposes Gaps in Protecting Privacy"2 minute read
- Firm AnnouncementsEpstein Becker Green Grows Health Care & Life Sciences Practice with New Hires4 minute read
- PublicationsCan Predictive Modeling Be Used to Score the "Good Guys"?
- PublicationsCrime and Punishment: Can the NHIN Reduce the Cost of Healthcare Fraud?