Professionals
Experience
Services
News & Insights

Privacy & Data Security

Data breach, breach response, cyberliability, drones, and encryption are just a few of the terms that have worked their way into our vocabulary as businesses use evolving technologies to collect and maintain increasing amounts of electronic data. Competitive pressures require companies to take advantage of these efficiencies, but raise a host of new and ever-changing security risks, privacy considerations, compliance concerns, and legal requirements.

Our interdisciplinary team has significant experience in advising legal departments, boards, executive leadership, and compliance and IT teams on sophisticated and practical data management, data security and privacy matters, including proactive data security and privacy strategic planning, breach preparation and cybersecurity risk management, security breach response, national and global privacy and security program design and implementation. We provide practical advice to clients on how they can collect, use, and share data and still meet their operational and organizational goals while complying with the ever-changing privacy laws, regulations, and industry standards, including: Health Insurance Portability and Accountability Act (HIPAA); Health Information Technology for Economic and Clinical Health Act (HITECH); California Consumer Privacy Act (CCPA) (as amended by the California Privacy Rights Act (CPRA)); Virginia Consumer Data Protection Act (CDPA); Colorado Privacy Act (CPA); Utah Consumer Privacy Act (UCPA); Connecticut Data Privacy Act (CTDPA); Iowa Consumer Data Protection Act (ICDPA); Indiana Consumer Data Protection Act (INCDPA); Tennessee Information Protection Act (TIPA); Montana Consumer Data Privacy Act (MCDPA); EU General Data Protection Regulation and similar UK law (GDPR); EU ePrivacy Directive; National Institute of Standards and Technology (NIST); Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA); China’s Personal Information Protection Law (PIPL); Fair Credit Reporting Act (FCRA); Gramm-Leach-Bliley Act (GLBA); Telephone Consumer Protection Act (TCPA); CAN-SPAM; Electronic Communication Privacy Act (ECPA); Children’s Online Privacy Protection Act (COPPA); U.S. state breach notification and similar laws; Federal Trade Commission (FTC) Guidance; Payment Card Industry Data Security Standards (PCI-DSS); International Organization for Standardization (ISO) certifications; and the Network Advertising Initiative’s Code of Conduct. Our attorneys closely track developments at the state, federal and international levels to ensure that our clients always are fully informed of and compliant with changes in the legal and regulatory environment.

With regard to HIPAA/HITECH specifically, we counsel hospital companies and healthcare providers on the increasingly stringent federal laws and regulations related to HIPAA compliance and the privacy and security of personal health information, including federal and state security standards, business associate standards and breach reporting requirements. We navigate state and other requirements related to the responding to data breaches and preventing identity theft, implementing necessary policies and training employees. As providers are incorporating information security and electronic health records (EHR) into their compliance plan and patient experience, we counsel them with respect to the use of mobile devices, including physician use of mobile devices to transmit and access electronic patient records.

Our attorneys assist clients with:

Data Security Graphic

  • Data security and privacy policies and procedures
  • Incident response plans
  • Employee training
  • Negotiation of vendor and other business partner contracts
  • Investigation of data security incidents
  • Data breach responses and customer notifications
  • Cybercrime investigations and reporting
  • Interacting with law enforcement and regulators
  • Pursuit of claims against responsible parties
  • Defense of claims from customers, business partners and regulators
Information Blocking

The information blocking regulations issued by the Office of the National Coordinator of Health Information Technology (ONC) pursuant to the 21st Century Cures Act (Information Blocking Rules) present complex operational, compliance and security challenges for a variety of entities across the healthcare landscape. Healthcare providers, health IT developers of certified IT, and health information exchanges and networks (HIEs/HINs) must take proactive steps to comply with the new regulatory structure that upsets traditional methods for addressing requests for electronic health information (EHI).

Drawing from our extensive knowledge of healthcare regulatory and data privacy matters, our multidisciplinary team provides practical solutions to the commercial and regulatory issues that come with navigating the intersection of Information Blocking Rules, Health Insurance Portability and Accountability Act (HIPAA), other federal and state laws and operational concerns. We assist a wide range of healthcare companies with compliance and implementation of the Information Blocking Rules, including operationalizing these rules in alignment with existing processes. We advise healthcare providers, health IT developers and HIEs/HINs on the following:

  • Interpreting the Information Blocking Rules and how to maintain HIPAA and 42 CFR Part 2 compliant programs
  • Developing compliance plans, including revising existing policies and drafting new polices and advising on how to support new workflows
  • Conducting a gap analysis, identifying which requirements are being satisfied and fulfilled by existing technology tools and processes
  • Identifying and implementing new tools and processes necessary to remain compliant with the Information Blocking Rules
  • Creating information blocking monitoring systems
  • Developing internal education and communication materials

Experience

Professionals

Ryan R. Baker
Ryan R. Baker
Member
(901) 543-5705
Michael A. Brady
Michael A. Brady
Member
(901) 543-5703
Robert L. Brewer
Robert L. Brewer
Member
(615) 742-7760
Emily A. Burrows
Emily A. Burrows
Member
(615) 742-7848
Stefanie P. Carter
Stefanie P. Carter
Healthcare Attorney
(615) 742-7841
Stefanie Colletier
Stefanie Colletier
Associate
(615) 742-7806
Alexandria Wood Davenport
Alexandria Wood Davenport
Associate
(615) 742-7786
Colton Driver
Colton Driver
Associate
(615) 742-6203
Jeff H. Gibson
Jeff H. Gibson
Member
(615) 742-7749
Chelsea L. Harrison
Chelsea L. Harrison
Associate
(615) 742-7904
Johnathan D. Holbrook
Johnathan D. Holbrook
Member
(615) 742-7868
Joelle L. Hupp
Joelle L. Hupp
Associate
(615) 742-7870
Ashleigh Karnell
Ashleigh Karnell
Associate
(615) 742-7914
Samantha Ross Liskey
Samantha Ross Liskey
Associate
(615) 742-7957
Wesley McCulloch
Wesley McCulloch
Associate
(615) 742-7822
Paige Waldrop Mills
Paige Waldrop Mills
Member
(615) 742-7770
Ethan M. Riley
Ethan M. Riley
Associate
(615) 742-7955
Lisa S. Rivera
Lisa S. Rivera
Member
(615) 742-7707
Taylor M. Sample
Taylor M. Sample
Associate
(615) 742-7909
Emily C. Snyder
Emily C. Snyder
Associate
(615) 742-7949
Masie Taylor
Masie Taylor
Associate
(615) 742-7875
T. Stephen C. Taylor
T. Stephen C. Taylor
Member
(615) 742-7758
Shelley R. Thomas
Shelley R. Thomas
Member
(615) 742-7900
Nesrin Garan Tift
Nesrin Garan Tift
Member
(615) 742-7861
Janelle D. Waack
Janelle D. Waack
Member
(202) 827-7971
Kathryn Hannen Walker
Kathryn Hannen Walker
Member
(615) 742-7855
Elizabeth S. Warren
Elizabeth S. Warren
Member
(615) 742-7719
Roy Wyman
Roy Wyman
Member
(615) 742-6220

Publications

Past Events

Media Mentions & Firm News

Related Services

To learn more, contact:

Robert L. Brewer
Member
(615) 742-7760
Elizabeth S. Warren
Member
(615) 742-7719