• vcard
312.463.6322
  • Education
    • J.D., With Honors, DePaul University College of Law, 1995, Order of the Coif; DePaul University Law Review; Certificate in Health Law; Case-Note Editor for Journal of Health and Hospital Law; Article and Note Editor for DePaul Business Law Journal
    • B.S., Loyola University-Chicago, 1992
Lisa Acevedo brings nearly two decades of deep experience in HIPAA and health information privacy and security to provide clients with business-focused compliance strategies to maximize the benefits of health data while minimizing and responding to ever-changing threats and risks. As the Chair of Polsinelli’s Health Information Privacy and Security team, Lisa provides strategic counsel in the areas of federal health privacy laws and regulations, including HIPAA, FERPA, the Confidentiality of Alcohol and Drug Abuse Treatment Records (42 CFR Part 2), as well as state laws governing the confidentiality of health information, mental health records, and records containing other highly sensitive information. She also advises multi-national health care companies with international data protection laws that impact their use and transfer of health data, including the EU Privacy Directive, the soon-to-be-effective General Data Protection Regulation, and Privacy Shield compliance.

Lisa assists clients in developing, implementing, and updating their privacy and security compliance programs. She also guides clients through the regulatory hurdles of data use and sharing for research, quality of care, marketing, and other purposes. Lisa provides guidance and counsel on structuring complex strategic alliances and other arrangements related to health information exchanges, clinically integrated networks, and other integrated medical record arrangements. She has also assisted clients with “Big Data” strategies, including creation and implementation of data warehouses. 

Lisa counsels clients through data security incidents and breaches. She has assisted clients in responding to breaches, including those involving phishing attacks and other malware, theft and vendor breaches, involving hundreds of thousands of affected patients. She has also successfully guided clients through resulting OCR and state agency investigations resulting in closure of those investigations with no fines or penalties.

Lisa earned the designation of Certified Information Privacy Professional-U.S. (CIPP/US) through the International Association of Privacy Professionals (IAPP).  She also earned the designation of Certified Information Privacy Professional-Europe (CIPP/E) through IAPP in 2017 under the certification examination updated to include GDPR.  Lisa has previously served as the vice chair of the Healthcare Technology Committee within the American Bar Association’s Section of Science and Technology Law. She has also previously served as the Chair of the Latina Lawyers Committee of the Hispanic Lawyers Association of Illinois.