With an emphasis on HIPAA/HITECH, and state data security laws, Lisa assists group health plans, hospitals, physician practice groups, business associates and other clients with state, federal and foreign data privacy and cybersecurity matters.
Her counsel includes compliance, training, implementation of policies and procedures, investigation and mitigation of breaches (including drafting required notifications), on-going oversight and, risk management.
Lisa’s experience includes:
- Advising group health plans, health care providers and their business associates regarding HIPAA privacy and security compliance—gap analysis, policy development and implementation oversight
- Advising group health plans, health care providers and business associates with responses to data breaches—investigation, notice and mitigation/remediation
- Preparing and reviewing business associate agreements and HIPAA Notices of Privacy Practices and counseling clients about compliance with such documents
- Preparing and reviewing security policies and procedures for group health plans, health care providers and business associates
- Advising clients about cyber insurance coverage
- Conducting compliance reviews and providing on-site training of individuals and IT professionals with access to protected information
- Assisting a business associate client with the forensic analysis of their IT system involved with a data breach
- Preparing group health plans, health care providers, and business associates for U.S. Department of Health and Human Services HIPAA audits
In a non-medical data environment, Lisa also:
- Advises clients in M&A transactions concerning data privacy and security obligations in conjunction with due diligence
- Counsels clients on compliance with the FTC’s “red flag” rules
- Counsels financial institutions on compliance with the privacy and security rules under the Gramm-Leach-Bliley Act
- Counseled a mortgage lender who suffered a financial data breach – general data privacy and security
- Counseled a bankruptcy trustee with respect to the sale of the A/R of a bankrupt health care provider.