Meghan O'Connor

Innovative, practical counsel for privacy and strategic goals

Meghan O'Connor provides strategic counsel in the areas of data privacy and cybersecurity, regulatory compliance, information governance, commercial contracting and transactions, with particular attention to companies managing health and other personal data. She advises on:

• Innovative arrangements to leverage data and achieve strategic goals while managing risk
• Compliance program development with operationally feasible practices in light of ever-evolving privacy and security laws
• Implementing emerging technologies, including artificial intelligence (AI), as well as developing commercialization strategies
• Transaction support, including diligence, risk management, and data and IT integration
• Privacy and security incident preparedness and response through all phases of recovery, including business continuity, breach notification and government investigation

Meghan believes good privacy and security can drive market growth, consumer trust and strategic opportunities for companies at all stages of development. She leverages over a decade of experience to help her clients navigate complex regulatory requirements.

Meghan is a Certified Information Privacy Professional (CIPP/US) by the International Association of Privacy Professionals. She is chair of the Data Privacy & Security team and serves as Milwaukee office chair of the Health & Life Sciences Practice Group.

• Advises clients on the development and negotiation of novel and disruptive arrangements and partnerships, complex data sharing initiatives, innovative health and IT solutions, and new technologies.
• Structures and reviews information privacy and security compliance programs to support clients’ business goals while remaining competitive, proactive in managing vendor and workforce risk, and prepared for data incidents.
• Provides strategic advice to clients ranging from startups to Fortune 10 companies on the patchwork of federal and state privacy laws and industry standards, particularly HIPAA, the HITECH Act, the 21st Century Cures Act, FERPA, the Privacy Act, 42 CFR Part 2, biometric and other sensitive data laws, and state breach and comprehensive privacy laws.
• Manages all aspects of data breach and cybersecurity incident response. Meghan helps with investigation, notification, recovery, mitigation, government investigation (e.g., federal regulators such as the HHS Office for Civil Rights and state attorneys general) and successfully resolving and avoiding enforcement actions.
• Advises clients on the development of health care business transactions, effective uses of clinical and claims data to support value-based reimbursement arrangements and negotiation of managed care contracts.

• Assisted with development and implementation of privacy and security programs for artificial intelligence (AI), cloud services, technology startups, vertically integrated health systems, self-funded health plans, payers, telehealth and connected platforms, and professional sports teams.
• Advised a multi-national company on big data strategy, including de-identification and data use cases to bridge the gap between legal requirements and opportunities to maximize value.
• Structured complex data sharing arrangements for health information exchanges, technology companies, pharmaceutical industry, and health care providers, including analyzing the patchwork of applicable laws and consumer notice and consent models, and preparing corresponding agreements and operating policies.
• Conducted privacy and security diligence, negotiated transaction documents to manage risk and coordinated remediation on behalf of buyers, sellers and investors in health care and commercial transactions.
• Managed incident response and recovery for a wide range of clients, including health care providers, universities, information technology companies, health plans and employers, including successfully responding to federal and state government investigations without penalty.