• vcard
D 314.622.6661
F 314.754.9968
  • Education
    • J.D., Northwestern University School of Law, 2001, National Moot Court Team, 2001
    • B.A., University of Notre Dame, 1997
  • Court Admissions
    • U.S. District Court, Northern District of Illinois, 2001
    • U.S. District Court, Middle District of Georgia, 2005
Erin Dunlap is proactive and quick to respond to clients' needs. She regularly advises health care clients on legal and regulatory compliance matters. She also has a litigation background that enables her to assist clients when things do not go as planned, such as when a laptop containing patient information is stolen, a patient threatens to sue for improper disclosure, or law enforcement demands the production of medical records. 

Erin focuses primarily on privacy and security issues arising under:
  • Health Insurance Portability and Accountability Act
  • Health Information Technology for Economic and Clinical Health Act
  • Federal Regulation 42 CFR Part 2
  • State privacy and breach notification laws 
Erin's experience positions her well to counsel clients with:
  • Developing privacy and security policies and procedures
  • Negotiating business associate agreements
  • Assisting clients through privacy and security audits and OCR investigations
  • Analyzing impermissible uses and disclosures
  • Preparing written risk assessments and breach notification letters
  • Working with de-identification experts
  • Performing due diligence on privacy and security matters in connection with health care transactions
Erin has represented clients in both federal and state courts, as well as before arbitrators, hospital medical staff hearing panels, federal and state agencies and state licensing boards. She is committed to understanding clients' privacy and security needs, identifying potential compliance issues and finding practical solutions. She can and will be an advocate for clients when the need arises.
  • Served as lead counsel in successfully closing out (without penalties) an investigation by the Department of Health and Human Services, Office of Civil Rights (OCR) involving a stolen desktop computer affecting thousands of individuals.
  • Advised a large health care client on privacy/security aspects of re-marketing campaign.
  • Assisted an academic medical center in responding to and successfully closing out (without penalties) an investigation by OCR involving a lost laptop.
  • Assisted home care/hospice client in remediation/mitigation efforts and preparing breach notices in connection with a hacking incident affecting thousands of patients.
  • Worked closely with a statistician in preparing expert determination of de-identification to allow a health care client to report data to a third-party.
  • Successfully closed-out an OCR investigation (without penalty) involving a national provider who had a coding error that exposed patient data.
  • Convinced the California Department of Public Health to withdraw a penalty notice and close investigation into provider client in connection with theft of patient information.
  • Successfully resolved an investigation by a state Attorney General (without penalty) in connection with the improper disposal of patient information.
Related News

Past Events