As the use and misuse of data loom ever larger in the strategies and anxieties of businesses in all industry sectors, the need for canny guidance through the legal privacy and security implications of business operations grows ever more acute.

Our Privacy, Cybersecurity, and Data Asset Management group works with companies of all sizes—including those lacking in-house privacy or cyber capabilities—to develop and implement defensible compliance solutions in a pragmatic, cost-effective manner. The firm’s dual concentration on both health law and labor and employment law gives us deep insight into the regulatory problems of each, and exceptional capabilities for solving them.

Proactive Risk Mitigation

Much of our work centers on the constantly evolving compliance obligations our clients face over privacy and security. They rely on us to determine which rules—federal, state, local, and international—govern their operations, and to help institute the policies and procedures that address those rules. We strategically partner with industry-recognized technology consultants to see that reasonable and appropriate best practices and systems are selected and configured to reduce exposure to breaches. We advise our clients on technical controls, such as access management and data monitoring and encryption, and we ensure that their people are properly trained in their use. While these measures may or may not prevent privacy or security incidents from occurring, they can help assure regulators that appropriate steps were taken to minimize the risk.

Read more

Protecting Health Care Data

With data assets becoming ever more integral to the business models of health care companies, the need to protect sensitive information must be considered mission-critical. From hospitals, insurers, pharmaceutical companies, and other “bricks and mortar” organizations, to the most tech-forward apps and wearables, we help clients navigate the maze of laws and regulations that affect the gathering, use, and disclosure of health-related data. We examine their risks, make them aware of their legal obligations, and defend them in government investigations and private litigation. We also perform due diligence for private equity companies seeking acquisitions in the health field.

Managing Human Resources Data

Across all industries, the privacy and security postures of human resources (HR) departments are under increasing scrutiny by regulators. As predictive analytics and data sharing play a greater role in the hiring and firing practices of HR departments, care must be taken not to run afoul of rules designed to prevent discrimination and bias. Our lawyers provide that care, counseling clients on their legal obligations and advising so that policies and procedures regarding the collection, use, and disclosure of data assets are properly crafted and implemented.

Responding to Security Incidents

The potential effects of data breaches and other security incidents range from merely embarrassing to catastrophic. When such an event occurs, our attorneys act to assess the legal, financial, and reputational consequences to our clients. We help our clients determine who needs to be notified of the incident—whether customers, individuals, vendors, regulators, or media—and in what form the notifications must be delivered. We field follow-on inquiries from regulatory agencies, and we represent our clients in litigation that ensues.

Representative Experience

  • Investigated and evaluated possible data breaches at a health insurer, and carried out ensuing breach response obligations. We quickly mobilized a team of people, made an investigation that included a forensic analysis, reviewed documents, conducted interviews, and compiled facts and data points.
  • Counseled a digital provider of health coaching services on the privacy aspects of data collection and use, as well as in its contracts with payors and the companies it acquired as it expanded its service lines.
  • Advised various health care and corporate investment companies on digital health and data asset management strategies and related compliance issues. We advised on data rights issues, data sharing agreements, implementing secure technology, and building robust compliance programs around the data so that our clients could realize the value of data while complying with applicable laws.
  • Structured privacy and contract terms for medical technology device and application companies, and advised on their negotiations with payors.
  • Assisted a health care client with developing trust networks by communicating with partners about how the client is acting as a trusted data steward and how the client achieves robust privacy, security, and compliance practices.
  • Helped a health insurer defeat a data breach class certification motion following the loss of a flash drive containing the personal health information of more than 283,000 individuals.
  • Assisted clients in successfully responding to an inquiry from the U.S. Department of Health and Human Services’ Office for Civil Rights related to a breach of protected health information involving the clients’ vendors.
  • Counseled health care and other clients on the privacy, security, and compliance implications of interoperability and information blocking rules coming from the U.S. Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology. This work included helping our clients (i) develop compliance programs around data sharing to manage risks and (ii) vet vendors with whom they share data.

Read less

Focus Areas


Our Team





Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.