Lisa Acevedo brings nearly two decades of deep experience in health information privacy and security to provide clients with business-focused compliance strategies to maximize the benefits of health data while minimizing and responding to ever-changing threats and risks. As the Chair of Polsinelli’s Health Information Privacy and Security team, Lisa provides strategic counsel in the areas of federal health privacy laws and regulations, including HIPAA, the Confidentiality of Alcohol and Drug Abuse Treatment Records (42 CFR Part 2), as well as state laws governing the confidentiality of health information, mental health records, and records containing other highly sensitive information. She also advises multi-national health care companies with international data protection laws that impact their use and transfer of health and other personal data, including the EU General Data Protection Regulation and privacy laws and regulations in Canada, the Asia Pacific and Latin America regions.
Lisa assists clients in developing, implementing, and updating their privacy and security compliance programs. She advises clients on a range of issues including compliance with the various federal and international data protection laws that arise as part of developing their “Digital Transformation” strategies. She guides clients through data protection issues implicated by data sharing arrangements, including for research and quality of care purposes and guides them through critical transactions, such as structuring complex strategic alliances involving data.
Lisa counsels clients through data security incidents and breaches. She has assisted clients in responding to breaches, including those involving phishing attacks and other malware, theft and vendor breaches, involving hundreds of thousands of affected patients. She has also successfully guided clients through resulting OCR and state agency investigations resulting in closure of those investigations with no fines or penalties.
Lisa earned the designation of Certified Information Privacy Professional-U.S. (CIPP/US) through the International Association of Privacy Professionals (IAPP). She also earned the designation of Certified Information Privacy Professional-Europe (CIPP/E) through IAPP. Lisa is currently a member of the DePaul University College of Law Dean’s Advisory Council. She was a 2019 recipient of the DePaul University College of Law, DePaul Law Review Sapientia Award, which is presented each year to a deserving distinguished alumni of the DePaul Law Review. Lisa has previously served as the vice chair of the Healthcare Technology Committee within the American Bar Association’s Section of Science and Technology Law. She has also previously served as the Chair of the Latina Lawyers Committee of the Hispanic Lawyers Association of Illinois.