Overview
As the use and misuse of data loom ever larger in the strategies and anxieties of businesses in all industry sectors, the need for canny guidance through the legal privacy and security implications of business operations grows ever more acute.
Our Privacy, Cybersecurity, and Data Asset Management group works with companies of all sizes—including those lacking in-house privacy or cyber capabilities—to develop and implement defensible compliance solutions in a pragmatic, cost-effective manner. The firm’s dual concentration on both health law and labor and employment law gives us deep insight into the regulatory problems of each, and exceptional capabilities for solving them.
Proactive Risk Mitigation
Much of our work centers on the constantly evolving compliance obligations our clients face over privacy and security. They rely on us to determine which rules—federal, state, local, and international—govern their operations, and to help institute the policies and procedures that address those rules. We strategically partner with industry-recognized technology consultants to see that reasonable and appropriate best practices and systems are selected and configured to reduce exposure to breaches. We advise our clients on technical controls, such as access management and data monitoring and encryption, and we ensure that their people are properly trained in their use. While these measures may or may not prevent privacy or security incidents from occurring, they can help assure regulators that appropriate steps were taken to minimize the risk.
Protecting Health Care Data
With data assets becoming ever more integral to the business models of health care companies, the need to protect sensitive information must be considered mission-critical. From hospitals, insurers, pharmaceutical companies, and other “bricks and mortar” organizations, to the most tech-forward apps and wearables, we help clients navigate the maze of laws and regulations that affect the gathering, use, and disclosure of health-related data. We examine their risks, make them aware of their legal obligations, and defend them in government investigations and private litigation. We also perform due diligence for private equity companies seeking acquisitions in the health field.
Managing Human Resources Data
Across all industries, the privacy and security postures of human resources (HR) departments are under increasing scrutiny by regulators. As predictive analytics and data sharing play a greater role in the hiring and firing practices of HR departments, care must be taken not to run afoul of rules designed to prevent discrimination and bias. Our lawyers provide that care, counseling clients on their legal obligations and advising so that policies and procedures regarding the collection, use, and disclosure of data assets are properly crafted and implemented.
Responding to Security Incidents
The potential effects of data breaches and other security incidents range from merely embarrassing to catastrophic. When such an event occurs, our attorneys act to assess the legal, financial, and reputational consequences to our clients. We help our clients determine who needs to be notified of the incident—whether customers, individuals, vendors, regulators, or media—and in what form the notifications must be delivered. We field follow-on inquiries from regulatory agencies, and we represent our clients in litigation that ensues.
Representative Experience
- Investigated and evaluated possible data breaches at a health insurer, and carried out ensuing breach response obligations. We quickly mobilized a team of people, made an investigation that included a forensic analysis, reviewed documents, conducted interviews, and compiled facts and data points.
- Counseled a digital provider of health coaching services on the privacy aspects of data collection and use as well as in its contracts with payors and the companies it acquired as it expanded its service lines.
- Advised various health care and corporate investment companies on digital health and data asset management strategies and related compliance issues. We advised on data rights issues, data sharing agreements, implementing secure technology, and building robust compliance programs around the data so that our clients could realize the value of data while complying with applicable laws.
- Structured privacy and contract terms for medical technology device and application companies, and advised on their negotiations with payors.
- Assisted a health care client with developing trust networks by communicating with partners about how the client is acting as a trusted data steward and how the client achieves robust privacy, security, and compliance practices.
- Helped a health insurer defeat a data breach class certification motion following the loss of a flash drive containing the personal health information of more than 283,000 individuals.
- Assisted clients in successfully responding to an inquiry from the U.S. Department of Health and Human Services’ Office for Civil Rights related to a breach of protected health information involving the clients’ vendors.
- Counseled health care and other clients on the privacy, security, and compliance implications of interoperability and information blocking rules coming from the U.S. Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology. This work included helping our clients (i) develop compliance programs around data sharing to manage risks and (ii) vet vendors with whom they share data.
Read less
Focus Areas
Services
- Artificial Intelligence
- Cross-Border Data Transfers
- Cybersecurity Risk Assessment
- Data Asset Management
- Data Breach and Incident Response
- Data Breach/Cybersecurity Investigations & Litigation
- Data Protection
- Insider Threats
- Internet of Things (IoT)
- Interoperability
- Privacy Compliance Strategies
- Ransomware
- State Privacy Law Compliance
Industries
Experience
Our Team
Media
Events
Past Events
- April 14, 2023
Insights
Insights
- Firm AnnouncementsEpstein Becker Green Awards 2023 Annual Core Values Champions4 minute read
- Firm AnnouncementsEpstein Becker Green Announces 2024 Promotions6 minute read
- Media Coverage
Featured in The Legal Intelligencer: Epstein Becker Green Snags Employment Benefits Team to Launch Pittsburgh Office ...
2 minute read - Media CoverageKathryn English, Sandra Mihok, Heather Stone Fletcher, William Carter, Samuel Nolan Featured in “5-Person Benefits ...3 minute read
- Media CoverageEpstein Becker Green Expands Pittsburgh Footprint Following Addition of 5 Former Attorneys from Eckert Seamans1 minute read
- Firm AnnouncementsEpstein Becker Green Expands Employee Benefits Practice with Five-Attorney Group in Pittsburgh3 minute read
- Media CoverageAlaap Shah Featured in “You Gotta Get the Data Right! Talking EMPI”2 minute read
- Media CoverageBrian Cesaratto Quoted in “Best Practices for Detecting and Managing Fraud”3 minute read
- Firm Announcements
Epstein Becker Green Receives New York Law Journal’s 2023 Innovation Award
4 minute read - Media CoverageBonnie Odom Quoted in “Health Care’s AI Embrace Boosts Workforce Despite Privacy Risks”2 minute read
- Publications#WorkforceWednesday: “No Robot Bosses Act,” NJ Unemployment Compensation, California Enforces CCPA/CPRA3 minute read
- BlogsSEC Finalizes Cybersecurity Rule: What It Means7 minute read
- BlogsThe California Attorney General and the California Privacy Protection Agency Are Accelerating Enforcement on CCPA/CPRA ...6 minute read
- BlogsWhite House Releases National Cybersecurity Strategy Implementation Plan7 minute read
- BlogsWhite House Releases National Cybersecurity Strategy Implementation Plan7 minute read
- PublicationsEuropean Commission Adopts an Adequacy Decision for a New EU-U.S. Data Privacy Framework6 minute read
- BlogsNevada Joins Washington and Connecticut to Protect Consumer Health Data Privacy6 minute read
- Firm Announcements
Elizabeth Scarola Named to the 2023 Florida Rising Stars List
6 minute read - Blogs
HHS Proposes Amendments to HIPAA That Protect Reproductive Health Care Information in Wake of Dobbs
8 minute read - Media CoverageAlaap Shah Quoted in "New Health App Rule Would Better Protect Users – and So Can You"2 minute read
- Media CoverageRobert Hearn Quoted in “Surveying Laboratory Tests from a Health IT Perspective”3 minute read
- Media CoverageAlaap Shah Featured in AHLA Podcast, “Health Care Data Governance: How to Build a Culture of Compliance”2 minute read
- PublicationsWomen's Network—Health Apps for Women: Life Solutions v. Data Risks2 minute read
- Firm AnnouncementsEpstein Becker Green Welcomes Labor & Employment Trial Lawyer J.T. Wilson III in Chicago3 minute read
- BlogsFTC Brings Enforcement Action Under FTC Act and Health Breach Notification Rule Based on GoodRx’s Use of Advertising ...5 minute read
- BlogsCalifornia Privacy Protection Agency Board Adopts and Approves CCPA Regulations and Discusses Preliminary Rulemaking for ...2 minute read
- Media CoverageAlaap Shah Quoted in “ChatGPT's Real Estate Potential Is Big, but Attys Urge Caution”2 minute read
- Media CoverageLisa Pierce Reisz Featured in “People on the Move”1 minute read
- Media CoverageLisa Pierce Reisz Featured in “Wake Up Call: Laterals, Moves, In-House”1 minute read
- Firm AnnouncementsHealth Care Attorney Lisa Pierce Reisz Joins Epstein Becker Green in Columbus4 minute read
- Media CoverageLisa Pierce Reisz Featured in “Epstein Becker Brings On Health Care Atty in Ohio”2 minute read
- Media Coverage
Clifford Barnes Featured in Follow the Brand Podcast: “Wise Counsel”
2 minute read - PublicationsCalifornia Employers: New Employment Laws for 202324 minute read
- Media CoverageJayme Matchinski Featured in “Health Hires: Epstein Becker Green”2 minute read
- Media Coverage
Jayme Matchinski Featured in the Chicago Daily Law Bulletin’s “People” Column
1 minute read - Media CoverageElizabeth Scarola Featured in “People on the Move”1 minute read
- Media CoverageJayme Matchinski Featured in “Laterals, Moves, In-House”1 minute read
- Firm AnnouncementsHealth Care Attorney Jayme R. Matchinski Joins Epstein Becker Green in Chicago3 minute read
- Firm AnnouncementsEpstein Becker Green Announces 2023 PromotionsOctober 28, 20225 minute read
- PublicationsNewborn Screening Blood Spot Retention and Reuse: A Clash of Public Health and Privacy Interests3 minute read
- Media CoverageArena District Gains National Law Firm Tenant: Epstein Becker Green Moves into New Office Space in Columbus, Ohio ...2 minute read
- Firm AnnouncementsEpstein Becker Green Expands Columbus Office in New Arena District Location3 minute read
- BlogsNo More Exceptions: What to Do When the California Privacy Exemptions for Employee, Applicant and B2B Data Expire on January ...6 minute read
- Firm AnnouncementsLawdragon Names Adam S. Forman as a “Leading Corporate Employment Lawyer”2 minute read
- Firm Announcements
Adam S. Forman Named to the 2022 Michigan Super Lawyers List
6 minute read - Blogs
Biden Administration Seeks to Clarify Patient Privacy Protections Post-Dobbs, Though Questions Remain
11 minute read - BlogsCFPB Advisory Opinion Underscores FCRA’s Privacy Protections, Applicable to Consumer Reporting Agencies and Users of ...6 minute read
- PublicationsUSA: Employee Monitoring and Regulatory Frameworks for Keylogging Technology2 minute read
- Firm Announcements
Elizabeth Scarola Named to the 2022 Florida Rising Stars List
6 minute read - Blogs
The Pendulum Swings Both Ways: State Responses to Protect Reproductive Health Data, Post-Roe
12 minute read