Overview
As the use and misuse of data loom ever larger in the strategies and anxieties of businesses in all industry sectors, the need for canny guidance through the legal privacy and security implications of business operations grows ever more acute.
Our Privacy, Cybersecurity, and Data Asset Management group works with companies of all sizes—including those lacking in-house privacy or cyber capabilities—to develop and implement defensible compliance solutions in a pragmatic, cost-effective manner. The firm’s dual concentration on both health law and labor and employment law gives us deep insight into the regulatory problems of each, and exceptional capabilities for solving them.
Proactive Risk Mitigation
Much of our work centers on the constantly evolving compliance obligations our clients face over privacy and security. They rely on us to determine which rules—federal, state, local, and international—govern their operations, and to help institute the policies and procedures that address those rules. We strategically partner with industry-recognized technology consultants to see that reasonable and appropriate best practices and systems are selected and configured to reduce exposure to breaches. We advise our clients on technical controls, such as access management and data monitoring and encryption, and we ensure that their people are properly trained in their use. While these measures may or may not prevent privacy or security incidents from occurring, they can help assure regulators that appropriate steps were taken to minimize the risk.
Protecting Health Care Data
With data assets becoming ever more integral to the business models of health care companies, the need to protect sensitive information must be considered mission-critical. From hospitals, insurers, pharmaceutical companies, and other “bricks and mortar” organizations, to the most tech-forward apps and wearables, we help clients navigate the maze of laws and regulations that affect the gathering, use, and disclosure of health-related data. We examine their risks, make them aware of their legal obligations, and defend them in government investigations and private litigation. We also perform due diligence for private equity companies seeking acquisitions in the health field.
Managing Human Resources Data
Across all industries, the privacy and security postures of human resources (HR) departments are under increasing scrutiny by regulators. As predictive analytics and data sharing play a greater role in the hiring and firing practices of HR departments, care must be taken not to run afoul of rules designed to prevent discrimination and bias. Our lawyers provide that care, counseling clients on their legal obligations and advising so that policies and procedures regarding the collection, use, and disclosure of data assets are properly crafted and implemented.
Responding to Security Incidents
The potential effects of data breaches and other security incidents range from merely embarrassing to catastrophic. When such an event occurs, our attorneys act to assess the legal, financial, and reputational consequences to our clients. We help our clients determine who needs to be notified of the incident—whether customers, individuals, vendors, regulators, or media—and in what form the notifications must be delivered. We field follow-on inquiries from regulatory agencies, and we represent our clients in litigation that ensues.
Representative Experience
- Investigated and evaluated possible data breaches at a health insurer, and carried out ensuing breach response obligations. We quickly mobilized a team of people, made an investigation that included a forensic analysis, reviewed documents, conducted interviews, and compiled facts and data points.
- Counseled a digital provider of health coaching services on the privacy aspects of data collection and use, as well as in its contracts with payors and the companies it acquired as it expanded its service lines.
- Advised various health care and corporate investment companies on digital health and data asset management strategies and related compliance issues. We advised on data rights issues, data sharing agreements, implementing secure technology, and building robust compliance programs around the data so that our clients could realize the value of data while complying with applicable laws.
- Structured privacy and contract terms for medical technology device and application companies, and advised on their negotiations with payors.
- Assisted a health care client with developing trust networks by communicating with partners about how the client is acting as a trusted data steward and how the client achieves robust privacy, security, and compliance practices.
- Helped a health insurer defeat a data breach class certification motion following the loss of a flash drive containing the personal health information of more than 283,000 individuals.
- Assisted clients in successfully responding to an inquiry from the U.S. Department of Health and Human Services’ Office for Civil Rights related to a breach of protected health information involving the clients’ vendors.
- Counseled health care and other clients on the privacy, security, and compliance implications of interoperability and information blocking rules coming from the U.S. Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology. This work included helping our clients (i) develop compliance programs around data sharing to manage risks and (ii) vet vendors with whom they share data.
Read less
Focus Areas
Services
- Artificial Intelligence
- Cross-Border Data Transfers
- Cybersecurity Risk Assessment
- Data Asset Management
- Data Breach and Incident Response
- Data Breach/Cybersecurity Investigations & Litigation
- Data Protection
- Insider Threats
- Internet of Things (IoT)
- Interoperability
- Privacy Compliance Strategies
- Ransomware
- State Privacy Law Compliance
Industries
Experience
Our Team
Media
Events
Past Events
Insights
Insights
- Firm AnnouncementsEpstein Becker Green Announces 2025 Promotions4 minute read
- BlogsHISAA: New Legislation Would Bring Cybersecurity Requirements for HIPAA Covered Entities and Business Associates ...6 minute read
- Media CoverageLisa Pierce Reisz Quoted in “New Health Apps May Pose Challenges to Patient Privacy”3 minute read
- PublicationsUSA: Health Data Laws - Navigating State Regulations2 minute read
- BlogsIn the Cloud: A Safe Place for Your Personal Data?9 minute read
- Firm AnnouncementsEpstein Becker Green Continues Expansion in Portland, Strengthens West Coast Foothold with New Employment Law-Focused ...4 minute read
- Media CoverageCourtney McFate, Rishi Puri, Carlie Bacon Featured in “Epstein Becker Green Expands in Portland with Lane Powell Trio” ...2 minute read
- BlogsOCR Withdraws Appeal of District Court Order Declaring Unlawful and Vacating the “Proscribed Combination” Portion of ...4 minute read
- BlogsDOJ’s First Civil Cyber-Fraud Initiative Litigation Serves as Warning to Government Contractors Who Fail to Abide by ...3 minute read
- PublicationsThe Challenge of AI Governance: The Blessing and the Curse of Safeguarding Personal Data2 minute read
- BlogsVideo: New DOL Guidance - ERISA Plan Cybersecurity Update - Employment Law This Week3 minute read
- Media CoverageMarylana Saadeh Helou Quoted in “FDA Offers Road Map for Remote Trials, but Questions Linger”2 minute read
- BlogsDeepfakes: Why Executive Teams Should Prepare for the Cybersecurity and Fraud Risks6 minute read
- BlogsUnited States’ Complaint-in-Intervention Highlights Continuing Effort to Use the False Claims Act to Pursue Alleged ...5 minute read
- BlogsVideo: New HIPAA Final Rule - Key Changes to Reproductive Health Care Privacy – Thought Leaders in Health Law3 minute read
- Firm AnnouncementsLawdragon Again Names Adam S. Forman as a “Leading Corporate Employment Lawyer”2 minute read
- PublicationsUSA: Health Data Laws - Update and Impact on Organizations2 minute read
- BlogsPreparing for the Cybersecurity and Fraud Risks of Deepfakes: What Executive Teams Need to Know6 minute read
- BlogsWhy Executive Teams Should Prepare for the Cybersecurity and Fraud Risks of Deepfakes6 minute read
- BlogsUpcoming Consumer Privacy Laws: What Organizations Must Know for 2024 and 20257 minute read
- Media CoverageBBA Spotlight Series: Get to Know Emerging Leaders in Boston Law–Marylana Saadeh Helou8 minute read
- Media CoverageChristine Worthen Featured in “Beltway Moves”1 minute read
- Media CoverageEpstein Becker Green Adds Healthcare Attorney Christine Burke Worthen in Washington, DC2 minute read
- Firm AnnouncementsEpstein Becker Green Adds Health Care Regulatory Firepower with Attorney Christine Burke Worthen in Washington, DC ...2 minute read
- Media CoverageBrian Cesaratto Quoted in “New Jersey Legislation to Watch: A Midyear Report”3 minute read
- Firm Announcements
Adam S. Forman Named to the 2024 Michigan Super Lawyers List
7 minute read - PublicationsInsurers in the Crosshairs Over AI1 minute read
- Media CoverageDennis Sapien-Pangindian Quoted in “Info Blocking ‘Disincentives’ Rule Brings Penalties; Data-Sharing ...2 minute read
- Firm Announcements
Elizabeth Scarola Named to the 2024 Florida Rising Stars List
7 minute read - Media CoverageJeremy Avila Featured in “People on the Move”1 minute read
- Media Coverage
J.T. Wilson Discusses on CBS News Chicago: “Illinois Legislation Would Limit Damages Companies Must Pay for Biometric ...
3 minute read - PublicationsWho’s Reading Your Mind? Exploring the Intersection of Neural Data and Privacy Protections3 minute read
- PublicationsUSA: Children's Privacy Updates2 minute read
- Media CoverageLaw360’s Hottest Firms and Stories Features Epstein Becker Green Insight on False Claims Act Enforcement Trends ...1 minute read
- PublicationsMid-2024 FCA Enforcement and Litigation Trends to Watch3 minute read
- Firm AnnouncementsEpstein Becker Green Again Earns ISO 27001 and 27017 Certifications, Highest Accreditation for Data Security and Client ...3 minute read
- Firm AnnouncementsEpstein Becker Green Fuels West Coast Momentum with Six-Attorney Health Care Team6 minute read
- BlogsRevised OCR Guidance Provides New Examples, but Raises More Questions, Regarding Use of Online Tracking Technologies by ...8 minute read
- Media CoverageAdam Forman Joins NRF Summit to Discuss Risks of AI Misuse in Retail Industry2 minute read
- Blogs
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
42 minute read - BlogsNew Jersey Passes Comprehensive Consumer Privacy Law10 minute read
- BlogsNew Jersey Becomes Most Recent State to Sign a Comprehensive Consumer Privacy Law10 minute read
- Media CoverageAlaap Shah Quoted in “Don’t Worry, You (Probably) Won’t Have to Deal with ONC: Algorithm Transparency Rule May Have ...2 minute read
- BlogsVideo: California's Upcoming Cyber Audit and Automated Tech Rules - Employment Law This Week2 minute read
- Media CoverageAlaap Shah Quoted in “2024 Outlook: The Cybersecurity Trends Health System Leaders Need to Know”3 minute read
- PublicationsHHS Publishes Proposed “Disincentives Rule” to Prevent Information Blocking by Health Care Providers15 minute read
- PublicationsUSA: Future of Cybersecurity Law and Regulation2 minute read
- Firm AnnouncementsEpstein Becker Green Awards 2023 Annual Core Values Champions4 minute read
- Firm AnnouncementsEpstein Becker Green Announces 2024 Promotions6 minute read
- Media Coverage
Featured in The Legal Intelligencer: Epstein Becker Green Snags Employment Benefits Team to Launch Pittsburgh Office ...
2 minute read