• vcard
  • Education
    • J.D., Saint Louis University School of Law, 2010, Certificate in Health Law; Journal of Health Law and Policy, Staff Editor and Lead Editor/ National Health Law Moot Court, quarterfinalist, 2008, 2009
    • B.A., University of Notre Dame, 2005, Sigma Tau Delta (National English Honor Society)

Katie Kenney specializes in data privacy and cybersecurity matters.  Katie regularly advises domestic and multinational clients on matters arising under privacy and security laws, including HIPAA, GDPR, TCPA, CCPA, CAN-SPAM, the FTC Act, and various other federal and state confidentiality and breach laws.  Katie focuses her practice on the health care industry and regularly represents a broad spectrum of the industry, including, hospitals and health systems, life science companies, medical product manufacturers, pharmacies, startup technology companies, and IT vendors. Prior to joining the firm, Katie worked for the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) in Washington, D.C., where, among other duties, she served as a subject matter expert for breach notification; actively participated on the agency's audit team; and drafted preamble language and guidance for the Omnibus Final Rule implementing HITECH modifications to HIPAA. Katie regularly speaks on privacy and security topics and is the author of the Wolters Kluwer’s publication A Guide to Health Care Privacy and Security Law.  

  • Advised clients in various industries on CCPA and create roadmap and tools to guide client through compliance plan.
  • Advised multinational company on GDPR compliance issues, including data mapping and Article 30 record of processing requirements, assessing lawful bases for processing personal data, updating privacy notices, and implementing EU Model Clauses to validate cross-border data transfers.
  • Advised global client on data localization requirements in Russia and work with IT and business leads to create strategy for global contracts that complies with data localization requirements in Russia and other countries.
  • Worked with IT Security team of global company to create privacy documents related to DLP and present such materials to German work council.
  • Drafted Global Privacy Policy and related governance documents for multinational clients in wide range of industries.
  • Assisted multiple clients with responding to security incidents and data breaches of varying sizes, including analyzing reporting obligations under GDPR, HIPAA and state breach notification laws.
  • Advised clients on TCPA compliance issues related to marketing campaigns and customer outreach .
  • Advised Fortune 20 global company on the data protection and cybersecurity risks in a multi-million dollar acquisition of a healthcare technology company.
  • Negotiated a resolution agreement and corrective action plan with OCR on behalf of a large health system arising out of a breach involving thousands of patients; successfully negotiated the settlement amount down to a more favorable amount than OCR initially proposed and obtained favorable corrective action plan terms for the client.
  • Advised large health care client on privacy/security requirements when responding to subpoenas and law enforcement requests.
  • Assisted academic medical center in responding to and successfully closing out (without penalties) an investigation by OCR involving a lost laptop.
  • Assisted home care / hospice client in remediation/mitigation efforts and preparing breach notices in connection with a hacking incident affecting thousands of patients.
  • Served as lead counsel and successfully closed out breach incident involving complex question regarding jurisdictional issues related to HIPAA definition of covered entity.
  • Advised professional football team as to status under HIPAA  as a covered entity and helped develop comprehensive work plan to ensure the team complied with any federal, state, or National Football League requirements.
  • Successfully closed-out an OCR investigation (without penalty) involving improper disposal of protected health information affecting thousands of patients.
  • Advised provider client in investigating ransomware attack; advised client on HIPAA issues including potential breach notification requirements.
  • Assisted in successfully resolving an investigation by a state Attorney General (without penalty) in connection with the improper disposal of patient information.
eAlerts Updates
July 2, 2020
eAlerts Updates
June 15, 2020
text icon Publications & Presentations
Chicago Daily Law Bulletin
October 2019
eAlerts Updates
July 2019
text icon Publications & Presentations
Author, Wolters Kluwer
November 2018
text icon Publications & Presentations
Privacy and Security Considerations for New Technologies and Virtual Care Delivery System
Speaker, Vizient Legal Forum
November 2018
text icon Publications & Presentations
Practical Guidance on Privacy and Cybersecurity
Author, Bloomberg Law
October 2018
text icon Publications & Presentations
What Healthcare Organizations and Their Attorneys Need to Know About GDPR Implementation
Speaker, Wolters Kluwer
October 2018
text icon Publications & Presentations
HIPAA Regulation and Enforcement: 2017 in Review and Predictions for 2018
Speaker, Wolters Kluwer
February 2018
text icon Publications & Presentations
November 2017
Related News

Past Events