Data Privacy & Security

AEL are trusted advisors to organizations with data concerns. We help HIPAA covered entities and their business associates ensure that protected health information (PHI) is managed, handled, and disseminated in compliance with federal and state data privacy and security laws. We also advise clients on cyber-security policies, practices, and breach responses.

Representative Matters

  • Represented hospital in U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) investigation and settlement of alleged HIPAA violations stemming from improper disclosure of patient PHI, and implementation of corrective action plan (CAP).
  • Counseled CIN and ACO entities on PHI management and data sharing issues associated with new and innovative care management models.
  • Advised health care system on IT and cyber-security policies, protections, risk mitigation, and cyber-incident and breach responses. 
  • Designed and drafted standard terms and conditions (T&Cs) for purchase and lease agreements regarding biomedical device cybersecurity and safety.
  • Prepared and conducted workforce trainings on cybersecurity, HIPAA-compliance, social engineering, and identity theft. 
  • As an Assistant U.S. Attorney, investigated and prosecuted one of the largest hacking-and-trading cases in U.S. history. As a member of the Computer Hacking & Intellectual Property Section, routinely investigated and prosecuted cyber criminals involved in, among other things, conspiracies to breach secured network systems and steal confidential business information, trade secrets, and identify information.