Data Privacy & Security

David M. Eskew

Scott R. Landau

AEL provides expert data use, privacy, and security counsel to clients in the healthcare industry and beyond.

We are trusted advisors to organizations with complex data-related issues and interests. We counsel clients on sophisticated data sharing and data use arrangements involving highly regulated healthcare and consumer data. We structure data privacy and security policies, programs, and procedures designed to ensure the safety and integrity of sensitive information. We help HIPAA-covered entities and their business associates ensure that protected health information (PHI) is managed, handled, and disseminated in compliance with federal and state data privacy and security laws. And we perform compliance evaluations and risk assessments and assist clients with data and cyber breach responses.

Representative Matters

  • Counseled CIN and ACO entities on PHI management and data sharing issues associated with new and innovative care management models.
  • Counseling healthcare focused data consortium on data use, privacy, and security issues associated with data aggregation venture with academic medical institutions to facilitate machine learning and artificial intelligence algorithm training.
  • Advising large health and benefit solution management organization on unique and complicated data sharing and maintenance arrangements and regarding dissemination and use of third-party proprietary data, PHI, and PII.
  • Counseling innovative medicine and genomic sequencing laboratory in connection with data use, aggregation, deidentification, and monetization questions and concerns.
  • Represented hospital in U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) investigation and settlement of alleged HIPAA violations stemming from improper disclosure of patient PHI, and implementation of corrective action plan (CAP).
  • Defended medical imaging centers located in New Jersey in connection with U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) investigation of reporting obligations arising from alleged cyber breach incident and related incident response.
  • Advised health care system on IT and cyber-security policies, protections, risk mitigation, and cyber-incident and breach responses. 
  • Designed and drafted standard terms and conditions (T&Cs) for purchase and lease agreements regarding biomedical device cybersecurity and safety.
  • Prepared and conducted workforce trainings on cybersecurity, HIPAA-compliance, social engineering, and identity theft. 
  • As an Assistant U.S. Attorney, investigated and prosecuted one of the largest hacking-and-trading cases in U.S. history. As a member of the Computer Hacking & Intellectual Property Section, routinely investigated and prosecuted cyber criminals involved in, among other things, conspiracies to breach secured network systems and steal confidential business information, trade secrets, and identify information.