Overview

Clients across the health care industry rely on attorney Karen Mandelbaum to help them navigate their complex data and technology needs as the digital transformation of health care is changing how we think about health and wellness and how care is paid for and delivered.

Karen has deep roots in working collaboratively with health care providers and experience in all aspects of information technology (IT), system security, and data protection from her background as a data privacy and cybersecurity official at the Centers for Medicare & Medicaid Services (CMS) and in the private sector.

Karen’s work includes the following:

  • Guiding hospitals and health centers, insurers and health plans, value-based care entities, and enablers through the complex and evolving legal and regulatory landscape of data strategy and management, privacy, cybersecurity, interoperability, artificial intelligence (AI),  and digital platforms that are impacting the health and wellness industry
  • Advising clients on all aspects of federal and state privacy and consumer data protection laws and regulations, including HIPAA, HITECH, the Common Rule, 42 CFR Part 2, and the ethical use of AI in health care
  • Helping design and develop effective data governance and technology strategies that encourage information sharing, maximize value, and build trust 
  • Advising on the development and implementation of cybersecurity and privacy programs and the design of information system security and privacy policies and procedures that enhance interoperability
  • Helping clients develop security and privacy incident reporting and breach notification plans and processes, respond to cyber incidents and data breaches, and mitigate the impacts of data loss
  • Advising clients on provider reimbursements; Medicare, Medicaid, and Affordable Care Act programs; health reform and innovation; Quality Payment Program incentives; and value-based care models

Read more

Before joining Epstein Becker Green, Karen served as the Senior Advisor for Security & Privacy Policy and Governance to the Chief Information Officer, Chief Information Security Officer, and Senior Official for Privacy in CMS’s Office of Information Technology. At CMS, Karen was responsible for developing and implementing an integrated approach to CMS’s cybersecurity and privacy program and for defining the security and privacy policy and program for the health insurance exchanges; Agent-Broker, Web-Broker, and Navigator programs; and the Federally-Facilitated Marketplace, known as Healthcare.gov.

Karen was appointed to be the CMS representative on the federal initiative to adopt a roadmap for Interoperability for the Trusted Exchange and Common Agreement (TEFCA) and pioneered an Interoperability Workgroup within CMS. Earlier in her career, she served as General Counsel and the Privacy and Security Officer of a national health IT company and then was an attorney at a law firm in Minnesota, where she acted as outside counsel for small and midsize business clients on all health care-related privacy and compliance matters.

Karen received the 2018 CMS Administrator’s Honor Award for Execution of Major Projects in appreciation of her contributions to the New Medicare Card Initiative. She also received the 2017 Administrator’s Honor Award for Organizational Excellence in recognition of her contributions to developing the Website Notices for Healthcare.gov and Medicare.gov as part of the Office of Communications Marketing and Privacy Team.

Read less

Focus Areas

Experience

Recognition

Credentials

Education

  • Carlson School of Management (M.H.A., 2007)
  • William Mitchell College of Law (J.D., 2004)
  • University of Minnesota (B.A., 2000)

Bar Admissions

Board of Directors

  • Maryland/Israel Development Center (2023 to present)

Media

Events

Insights

Insights

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.