• vcard
  • Education
    • J.D., Saint Louis University School of Law, 2010, Certificate in Health Law; Journal of Health Law and Policy, Staff Editor and Lead Editor/ National Health Law Moot Court, quarterfinalist, 2008, 2009
    • B.A., University of Notre Dame, 2005, Sigma Tau Delta (National English Honor Society)

Katie Kenney specializes in data privacy and cybersecurity matters.  Katie regularly advises domestic and multinational clients on matters arising under privacy and security laws, including HIPAA, GDPR, TCPA, CCPA, CAN-SPAM, the FTC Act, and various other federal and state confidentiality and breach laws.  Katie focuses her practice on the health care industry and regularly represents a broad spectrum of the industry, including, hospitals and health systems, life science companies, medical product manufacturers, pharmacies, startup technology companies, and IT vendors. Prior to joining the firm, Katie worked for the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) in Washington, D.C., where, among other duties, she served as a subject matter expert for breach notification; actively participated on the agency's audit team; and drafted preamble language and guidance for the Omnibus Final Rule implementing HITECH modifications to HIPAA. Katie regularly speaks on privacy and security topics and is the author of the Wolters Kluwer’s publication A Guide to Health Care Privacy and Security Law.  

  • Advised multinational healthcare companies on GDPR compliance issues, including data mapping and Article 30 record of processing requirements, assessing lawful bases for processing personal data, updating privacy notices, and implementing EU Model Clauses to validate cross-border data transfers;
  • Assisted multiple clients with responding to security incidents and data breaches of varying sizes, including analyzing reporting obligations under HIPAA and state breach notification laws; media notification; preparing incident notification letters; and responding to OCR data requests; 
  • Assisted academic medical center client in responding to and successfully closing out (without penalties) OCR investigation involving lost laptop containing PHI of thousands of patients;
  • Advised Fortune 50 healthcare company assessing the privacy and data security risks in a multi-million dollar acquisition of a healthcare technology company
Related News

Past Events