• vcard
312.463.6230
  • Education
    • J.D., Saint Louis University School of Law, 2010, Certificate in Health Law
    • B.S., Fontbonne University, 2005

Abby Bonjean brings a unique perspective to HIPAA Privacy and Security compliance. As a former investigator for the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), Abby understands the steps that covered entities and business associates need to take to be in the best possible position to respond to an OCR investigation or audit. While at OCR, Abby concentrated on investigating large breaches, evaluating organizations’ responses to breach incidents, and their overall HIPAA compliance, as well as providing technical assistance to help entities come into compliance. Abby also served as the lead investigator for several high profile investigations, including one of OCR’s largest settlements to date. Abby applies her experience at OCR to help organizations implement measures to avoid breaches and other HIPAA compliance issues, while achieving their business objectives.

Abby regularly assists our M&A and transactions teams with diligence, transactional documentation and considerations, transition services agreements, and post-closing compliance considerations and tasks. Her experience is deep across the spectrum of types of health care providers, which includes hospitals. These efforts include:

  • Reviewed HIPAA privacy and security diligence and interviewed target’s subject matter experts to assess HIPAA compliance and quantify risk associated with any non-compliance. 
  • Coordinated with representations and warranties insurers to evaluate risk related to privacy and security compliance issues. 
  • In at least one instance, successfully negotiated terms of a purchase agreement related to indemnification after target’s non-compliance with HIPAA almost prevented transaction from closing. 
  • Assist clients with negotiating and operationalizing post-closing transitional services agreements, which in one instance involved addressing integrated electronic health record issues where certain aspects of the records were considered excluded assets.
  • Assist clients with implementing HIPAA compliance programs post-closing.