Privacy, Security and Data Protection - Health Sciences

Pepper’s Privacy, Security and Data Protection practice is led by a core group of attorneys with in-house, regulatory, law enforcement, crisis management and litigation experience who have helped health sciences clients address their most complex privacy and security needs. This team helps health care providers, pharmaceutical and medical device manufacturers, members of the health care supply chain, and other health sciences clients comply with ever-shifting regulatory requirements and defend against multiple threats to personal data and to business operations.

Pepper has years of experience drafting policies, plans and procedures; reviewing and negotiating licensing and supply agreements; negotiating vendor agreements; counseling boards of directors; implementing employee training programs; and providing practical guidance on federal and state laws related to the collection, storage, processing and disposal of personal information. We regularly counsel clients on health sciences products, medical devices, telemedical solutions, electronic health records and other emerging technologies, including informatics and e-commerce, social media, data governance and analytics, and mobile medical applications.

We also provide day-to-day operational counseling to chief privacy and security officers on SOPs, policies and incident response; to business development personnel on mergers and acquisitions; to product development personnel on regulatory compliance relating to how a product gathers, uses, transfers, stores personal information; and to human resource personnel and outside vendors on privacy/security awareness training.

In addition, Pepper has helped clients address dozens of data breaches, ranging from sophisticated network attacks to employee negligence to criminal conduct. We help coordinate the response; communicate with federal regulators, state agencies and local law enforcement; prepare notifications; and work with forensic consultants to eliminate the threat and identify the root cause of the incident. We defend consumer class action complaints, breach-related class actions and individual lawsuits, and respond to federal and state regulatory inquiries and conduct internal investigations. We have a strong record of working closely with federal law enforcement to pursue appropriate remedies against wrongdoers who perpetrate data breaches.

Pepper also has advised corporate boards of directors on cyber security issues, including SEC reporting standards for data breaches and working with law enforcement, and on the board’s responsibility to ensure that management meets its duties of care and ensuring appropriate cybersecurity protections are in place. We also are experienced in aggressively representing clients in seeking TROs and preliminary injunctions to protect trade secrets and other valuable data. We also are experienced in counseling clients on securing, maintaining and enforcing cyber insurance policies. We offer a detailed analysis of a client’s exposure to data breach claims, as well as recommendations for policy, procedure, documentation and/or insurance enhancements.

Pepper lawyers are knowledgeable about developments in U.S. federal, state and industry-specific privacy, security and data protection laws, regulations and practices, as well as global laws and regulations in the European Union, Asia, Canada and other jurisdictions.

We have experience analyzing and applying privacy, security and consumer protection laws and regulations, including the Gramm-Leach-Bliley Act, the Electronic Communications Act, the Computer Fraud and Abuse Act, the Privacy Act of 1974, the Video Privacy Protection Act, the Fair Credit Reporting Act, the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), the Children’s Online Privacy Protection Act and the CAN-SPAM Act.  We also are experienced in analyzing and assisting with compliance with international laws, such as the EU Data Protection Directive and the General Data Protection Regulation.

Our Lawyers

Our lawyers have diverse backgrounds and practices, but a common goal:  helping health sciences businesses understand and comply with the complex and fast-moving area of privacy, security and data protection laws and regulations. The group includes experienced corporate and transactional lawyers, intellectual property counselors, health care lawyers, veteran trial lawyers and government contracts/regulatory and white collar attorneys.

Many of our lawyers have significant experience as in-house counsel for private corporations or the government, which offers a unique and valuable perspective when approaching privacy, security and data protection. In addition, our clients have immediate access to our more than 425 lawyers experienced in a wide range of related areas, such as intellectual property, health care, financial services, employment, international trade, technology and government contracts, to handle any legal issues as quickly and efficiently as possible.

Data protection laws have changed, so we have revised our Privacy Policy.