Health Information Privacy & Data Security

Protecting sensitive health data and information

Our Health Information Privacy & Data Security Practice advises companies, organizations, nonprofits and state agencies whose cutting-edge work involves medical records, individually identifiable health information and other sensitive health data. With the proliferation of technology and B2C health products, we also understand how at-home DNA testing kits, fitness trackers and wearable devices and apps that monitor and assess your health are collecting and sharing health information not covered under HIPAA.

Our attorneys know the intricacies of this highly specialized subset of privacy and healthcare law. We regularly assist clients in establishing privacy and security policies, written information security plans, and incident response plans, and provide related training. We also advise clients on incident evaluation, data breach response procedures, and strategic planning to effectively navigate potential breaches, and related government investigations and litigation. All of these tasks can help you company safeguard its assets and execute remediation strategies in the event of compromised health information.

As digital health continues to evolve and companies look to protect voluminous amounts of sensitive data, Foley Hoag’s multi-disciplinary team is expertly positioned to help clients utilize and share that data, while complying with the myriad laws in this space (HIPAA, GDPR, CCPA and more); we do so while also seeking to mitigate risk and protect patient privacy and data security. 

Areas of Focus

Our deep experience in health information privacy and data security includes:
  • Incident evaluation
  • Data breach response 
  • Strategic planning
  • Government investigations
  • Litigation



  • We advised the Massachusetts Digital Health Council on legal issues regarding the creation of a distributed data network, the first of its kind, for robust healthcare data exchange. The network will serve as a foundation to build a dynamic digital health ecosystem in Massachusetts and as a model for other similar efforts across the country.
  • Our legal experts advised NextCode regarding its Icelandic countrywide DNA database, the world's first population genomic biobank.


  • A leader in FDA-cleared prescription digital therapeutics for severe psychiatric and neurologic conditions, Pear Therapeutics, relied on our advice on HIPAA compliance.

News & Insights

Explore All

Our attorneys share their points of view on health information privacy and data security matters.


Explore All

Get to know the attorneys in our Health Information Privacy & Data Security practice.