31st Annual National Virtual HIPAA Summit: State Consumer Data Privacy Laws and the FTC Breach Notification Law & Responding to OCR Document Request

Speaking Engagement | March.01.2022

Virtual Conference

Thora Johnson, a partner in Orrick's Cyber, Privacy & Data Innovation Group, will be leading two panels at the 31st Annual National Health Insurance Portability and Accountability Act (HIPAA) Summit.

The HIPAA Summit will bring private sector professionals and current and former regulators from the Office for Civil Rights, the Centers for Medicare & Medicaid Services, the Federal Trade Commission, the Office of the National Coordinator for Health Information Technology, and the Substance Abuse and Mental Health Services Administration. The HIPAA Summit will include sessions on HIPAA enforcement initiatives, new cyber security threats, opportunities to hear privacy and security officers share best practices, and lessons on what challenges are to come and how to tackle them.

Orrick's Panels

It Is Not Just HIPAA Anymore: The Implication of State Consumer Data Privacy Laws and the FTC Breach Notification Law for Health Data

2:45 pm EST

Thora A. Johnson, Partner, Orrick, Herrington & Sutcliffe

Dave Sclar, MSc, JD, Healthcare Compliance and Privacy Officer, WW International; Former Vice President, Business Affairs and Legal and Chief Privacy Officer, Rally Health, Washington, DC

I got an OCR Document Request! Now, What Do I Do?

3:15 pm EST

Thora A. Johnson, Partner, Orrick, Herrington & Sutcliffe

Mark J. Fox, CHC, CHPC, CHRC, Privacy and Research Compliance Officer, American College of Cardiology Foundation, Washington, DC

412855

Practice:

  • Technology & Innovation Sector
  • Life Sciences & HealthTech
  • Cyber, Privacy & Data Innovation
  • Strategic Advisory & Government Enforcement (SAGE)

Thora Johnson Partner

Washington, D.C.

Thora works with medical device, pharmaceutical, biotech and digital health companies, helping them navigate the increasingly complex patchwork of state and federal health privacy laws. One client described her to the Legal 500 as a “very practical” advisor providing “exceptional guidance” on health information privacy and HIPAA compliance matters.

Her breadth and depth of experience enable Thora to assist clients in harnessing the power of artificial intelligence and executing data-sharing arrangements, all while protecting health data. As a result, Thora spends much of her time counseling pioneering startups and high-growth companies on responsible innovation in healthcare and life sciences.

Thora brings extensive experience counseling clients, including Fortune 500 companies and brick and mortar providers, on the Health Insurance Portability and Accountability Act (HIPAA) and other state and federal health privacy and regulatory compliance regimes including:

  • Office of the National Coordinator for Health Information Technology’s interoperability and information blocking regulations
  • Centers for Medicare & Medicaid Service’s (CMS’s) interoperability and patient access regulations
  • Part 2 confidentiality requirements applicable to substance abuse records
  • State health information privacy laws
  • State consumer privacy laws with special controls for health data
  • Medicare/Medicaid compliance
  • Mental Health Parity and Addiction Equity Act (MHPAEA)
  • Genetic Information Nondiscrimination Act (GINA)
  • Affordable Care Act (ACA) compliance
  • Regulatory requirements of the Employer Retirement Income Security Act (ERISA), the Internal Revenue Code, HIPAA, and the ACA as they apply to employer health and wellness plans

Thora routinely helps companies and large employers prepare for and respond to privacy and security incidents involving health information. She also defends clients in government investigations initiated by the OCR, OIG, DOJ, FTC and State AGs, among others.