Meghan C. O’Connor, Partner / Milwaukee Health & Life Sciences Practice Group Office Chair

Data Privacy & Security

Meghan helps clients effectively and practically prepare for and respond to consistently evolving privacy and security threats, risks, and opportunities in a fast-paced, ever-changing landscape. She works with clients to develop, strengthen, and effectively operationalize their privacy and security compliance programs and contracting efforts, including:

Compliance

  • Working with clients to structure information privacy and security compliance programs and risk management activities, including coordinating privacy and security audits and workforce training initiatives
  • Drafting and reviewing practical, enterprise-wide policies and procedures related to privacy and security (as well as HIPAA and other health care business activities), including record retention and destruction, safeguards, encryption, de-identification, mobile devices/BYOD, and responding to individual rights among others
  • Counseling clients on privacy and information security best practices and industry standards
  • Advising clients regarding applicability of and compliance with state laws governing the confidentiality of personal information, including the California Consumer Privacy Act and Massachusetts’ Standards for the Protection of Personal Information of Residents of the Commonwealth
  • Counseling clients regarding the interplay of HIPAA, the Confidentiality of Alcohol and Drug Abuse Treatment Records (42 C.F.R. Part 2), and state laws governing confidentiality of health information, including mental health records, HIV test results, genetic information, and other sensitive health information
  • Assisting with special issues facing managed care organizations, including insurance company licensing, provider contracting, and pharmacy benefits manager (PBM) and third-party administrator (TPA) agreements

Vendor Management and Contracting

  • Structuring complex data sharing arrangements in compliance with use and disclosure restrictions in order to realize business objectives, including for purposes of clinically integrated networks
  • Advising clients on various stages of information technology migration, from acquiring to implementing and transitioning between IT software and services, including electronic health record platforms as well as structuring arrangements to enable care coordination with community health care partners
  • Drafting and negotiating data privacy and security terms and service level agreements used in a broad variety of contracts to protect client data and ensure vendor reliability and accountability
  • Negotiating and advising on potential vulnerabilities in a wide array of commercial agreements, including professional services, provider, cloud services, mobile app, and other emerging technology agreements

Incident Preparedness and Response

  • Helping clients develop and implement practical measures to limit data security incidents and other compliance issues without inhibiting business operations
  • Assisting clients, large and small, with responding to suspected and actual security incidents and breaches, including facilitating incident response, forensic analysis, risk assessment, and breach reporting for all types of breaches, including ransomware, malware, employee theft, unintentional human error, and vendor liability in breaches ranging from one to multiple thousands of affected individuals in all 50 states and Washington, DC
  • Preparing clients to advise leadership and other stakeholders on incident response progress and risks in understandable language
  • Counseling clients through OCR, Attorney General, and other government compliance inquiries and investigations, including successful resolution