Iliana L. Peters believes good data privacy and security is fundamental to ensuring consumer participation in new technologies, employee-employer relationships, patients’ trust in the health care system, students’ confidence in their education, and to helping all clients succeed in an ever-changing landscape of threats to data security. She is recognized by the health care industry as a preeminent thinker and speaker on data privacy and security, particularly with regard to HIPAA, the HITECH Act, the 21st Century Cures Act, the Genetic Information Nondiscrimination Act (GINA), FERPA, the Privacy Act, state law data privacy and security requirements, and emerging cyber threats to data.
For many years, she both developed information privacy and security policy, including on emerging technologies and cyber threats, for the Department of Health and Human Services, while coordinating with the Department of Justice, Department of Education, other federal agencies, State Attorneys General, and the White House. She enforced HIPAA regulations through spearheading multi-million dollar settlement agreements and civil money penalties pursuant to HIPAA. Iliana also focused then on training individuals in both the private and public sector, including compliance investigators, auditors, and State Attorneys General, on federal and state regulations and policy, and on good data privacy and security practices. Now, she works closely with her clients on complicated compliance questions, incident response, investigations, and training to protect data and avoid legal risk and legal liability, both at the state and federal level.
As a CISSP, Iliana works hard to bridge the gap between legal requirements for the security of health data and security industry best practices, so that clients can better understand data security issues and jargon. She enjoys using her extensive experience drafting, implementing, and enforcing health privacy and security regulations and guidance in a practice that focuses on helping clients develop and implement good data privacy and security practices to avoid risk, and helping clients prepare for and recover from emerging cyber threats.