Overview
Clients across the health care industry rely on attorney Karen Mandelbaum to help them navigate their complex data and technology needs as the digital transformation of health care is changing how we think about health and wellness and how care is paid for and delivered.
Karen has deep roots in working collaboratively with health care providers and experience in all aspects of information technology (IT), system security, and data protection from her background as a data privacy and cybersecurity official at the Centers for Medicare & Medicaid Services (CMS) and in the private sector.
Karen’s work includes the following:
- Guiding hospitals and health centers, insurers and health plans, value-based care entities, and enablers through the complex and evolving legal and regulatory landscape of data strategy and management, privacy, cybersecurity, interoperability, artificial intelligence (AI), and digital platforms that are impacting the health and wellness industry
- Advising clients on all aspects of federal and state privacy and consumer data protection laws and regulations, including HIPAA, HITECH, the Common Rule, 42 CFR Part 2, and the ethical use of AI in health care
- Helping design and develop effective data governance and technology strategies that encourage information sharing, maximize value, and build trust
- Advising on the development and implementation of cybersecurity and privacy programs and the design of information system security and privacy policies and procedures that enhance interoperability
- Helping clients develop security and privacy incident reporting and breach notification plans and processes, respond to cyber incidents and data breaches, and mitigate the impacts of data loss
- Advising clients on provider reimbursements; Medicare, Medicaid, and Affordable Care Act programs; health reform and innovation; Quality Payment Program incentives; and value-based care models
Before joining Epstein Becker Green, Karen served as the Senior Advisor for Security & Privacy Policy and Governance to the Chief Information Officer, Chief Information Security Officer, and Senior Official for Privacy in CMS’s Office of Information Technology. At CMS, Karen was responsible for developing and implementing an integrated approach to CMS’s cybersecurity and privacy program and for defining the security and privacy policy and program for the health insurance exchanges; Agent-Broker, Web-Broker, and Navigator programs; and the Federally-Facilitated Marketplace, known as Healthcare.gov.
Karen was appointed to be the CMS representative on the federal initiative to adopt a roadmap for Interoperability for the Trusted Exchange and Common Agreement (TEFCA) and pioneered an Interoperability Workgroup within CMS. Earlier in her career, she served as General Counsel and the Privacy and Security Officer of a national health IT company and then was an attorney at a law firm in Minnesota, where she acted as outside counsel for small and midsize business clients on all health care-related privacy and compliance matters.
Karen received the 2018 CMS Administrator’s Honor Award for Execution of Major Projects in appreciation of her contributions to the New Medicare Card Initiative. She also received the 2017 Administrator’s Honor Award for Organizational Excellence in recognition of her contributions to developing the Website Notices for Healthcare.gov and Medicare.gov as part of the Office of Communications Marketing and Privacy Team.
Read less
Focus Areas
Services
- Artificial Intelligence
- Data Asset Management
- Data Breach and Incident Response
- Data Breach/Cybersecurity Investigations & Litigation
- Data Protection
- Fraud and Abuse Compliance Counseling and Defense
- Government and Commercial Coding, Coverage, and Payment
- Health Care
- Health Insurance Exchanges
- Internet of Things (IoT)
- Interoperability
- Managed Care
- Privacy, Cybersecurity & Data Asset Management
- Ransomware
- State Privacy Law Compliance
Industries
Trending Issues
Experience
Recognition
- The Best Lawyers in America, “Ones to Watch,” Health Care Law (2022-2023)
Credentials
Education
- Carlson School of Management (M.H.A., 2007)
- William Mitchell College of Law (J.D., 2004)
- University of Minnesota (B.A., 2000)
Bar Admissions
- District of Columbia
- Minnesota
Board of Directors
- Maryland/Israel Development Center (2023 to present)
Media
Events
Past Events
- October 28, 2021
Insights
Insights
- BlogsAs the Window for Comments Closes on ONC/ASTP’s HTI-2 Proposed Rule: What’s in HTI-2 and What Does It Mean for You ...12 minute read
- PublicationsThe Challenge of AI Governance: The Blessing and the Curse of Safeguarding Personal Data2 minute read
- BlogsHHS Publishes Final Rule to Support Reproductive Health Care Privacy10 minute read
- PublicationsAdvancing Interoperability and Improving Prior Authorization: No One Said It Would Be Easy!18 minute read
- BlogsONC’s “Information Blocking Enhancements” Under the HTI-1 Rule Are in Effect12 minute read
- PublicationsMedicare Advantage, Part D, and More: Proposed Rule Outlines Significant Policy and Technical Changes for CY 2025 ...35 minute read
- PublicationsHHS Publishes Proposed “Disincentives Rule” to Prevent Information Blocking by Health Care Providers15 minute read
- BlogsThe Guiding an Improved Dementia Experience (“GUIDE”) Model9 minute read
- Blogs
HHS Proposes Amendments to HIPAA That Protect Reproductive Health Care Information in Wake of Dobbs
8 minute read - BlogsHHS Warns HIPAA Covered Entities and Business Associates That Use of Website Cookies, Pixels, and Other Tracking Technology ...6 minute read
- Publications
Towards an Interconnected Health Care System: How Can Interoperability and Transparency Get Us There? – Journal of Health ...
September–October 2022 - Firm Announcements
Epstein Becker Green Attorneys Recognized by 2023 Best Lawyers for Excellence in the Legal Profession
11 minute read - PublicationsThe Employers Guide to Privacy and Requiring Proof of Employee Vaccination2 minute read
- PublicationsChapter 4, “Proliferation of Health Care Data: Navigating Interoperability and Data Sharing Opportunities and ...1 minute read
- Firm AnnouncementsThirty-Five Epstein Becker Green Attorneys Recognized as “Ones to Watch” by The Best Lawyers in America 2022 ...5 minute read
- BlogsInteroperability and Its Impact on Payors6 minute read
- BlogsInformation Blocking – How Did I Become an “Actor”?5 minute read
- PublicationsEpstein Becker Green 15 Year Relationship with the MIDC4 minute read
- BlogsThe Federal Communications Commission Announces Narrow Window to Apply for Second Round of COVID-19 Telehealth Program ...3 minute read
- PublicationsOIG Issues a Final Rule Designed to Advance the Transition to Value-Based Care and Modernize the Regulatory Framework ...39 minute read
- PublicationsNew Health Care Transparency Requirements: Will They Lower Cost and Improve Quality?11 minute read
- BlogsPrivacy and Security Considerations for Employers Grappling with Introducing Social Distancing and Contact Tracing ...15 minute read
- PublicationsNavigating Symptom Checker Applications, Privacy Concerns, and Workplace Discrimination; Considerations for Best ...2 minute read
- BlogsBe Aware Before You Share: Vetting Third Party Apps Prior to Data Transfer10 minute read
- BlogsECJ Invalidated the EU-US Privacy Shield Framework6 minute read
- PublicationsConsiderations for Employers Using Virus Prevention Tech3 minute read
- BlogsFace or Fingerprint? The DEA Revisits Biometric Identifiers for e-Prescribing Controlled Substances4 minute read
- Media CoverageKaren Mandelbaum Quoted in "Interoperability Rule Exposes Gaps in Protecting Privacy"2 minute read
- Firm AnnouncementsEpstein Becker Green Grows Health Care & Life Sciences Practice with New Hires4 minute read
- PublicationsCan Predictive Modeling Be Used to Score the "Good Guys"?
- PublicationsCrime and Punishment: Can the NHIN Reduce the Cost of Healthcare Fraud?