Colin J. Zick

Co-Chair, Healthcare Practice, Privacy and Data Security Practice, and COVID-19 Taskforce

I am a “go-to” problem-solver for clients, with 30-plus years of experience unraveling regulatory and compliance problems.

Colin Zick’s practice is focused on healthcare and compliance issues, and often involves the intersection of those two subjects in investigations, administrative proceedings, or litigation. His work has had a particular emphasis on compliance issues related to life sciences, pharmaceutical and medical device companies, laboratories, hospitals, healthcare providers, and provider organizations.

This compliance work includes helping clients establish and maintain effective compliance programs. Colin also defends clients in disputes alleging kickbacks, overpayments, and billing and coding problems, and represents clients before state healthcare licensing and regulatory entities.

Colin also frequently counsels technology and consumer-facing clients on issues involving information privacy and security (including HIPAA and other federal and state data privacy and security laws, EU/GDPR privacy and security issues, and data breach response). Colin co-founded the firm's Data Security and Privacy Practice Group and regularly contributes to its "Security, Privacy and the Law" blog.

Colin’s practice also includes work on healthcare transactional matters. These projects include mergers, the establishment of joint ventures, the creation of new entities, drafting and negotiation of service and employment contracts, creation of patient assistance programs, and negotiating data use and clinical trial agreements. He also has successfully litigated commercial disputes, covenants not to compete, antitrust and unfair competition claims, and copyright infringement claims.


  • University of Michigan Law School, J.D., cum laude
  • University of Michigan, B.A., with highest distinction, Phi Beta Kappa

Bar and Court Admissions

  • Massachusetts
  • New Hampshire
  • U.S. District Court for the District of New Hampshire
  • U.S. District Court for the District of Massachusetts
  • U.S. Court of Appeals for the First Circuit
  • U.S. Court of Appeals for the Ninth Circuit


  • Advised genetic testing companies on fraud and abuse issues related to physician and patient interactions
  • Advised healthcare provider organization on response to federal grand jury subpoena
  • Served as special outside counsel for hospital investigation of Stark and Anti-Kickback issues
  • Represented the interstate specialty pharmacy in state False Claims Act investigation
  • Represented specialty health care provider in state False Claims Act litigation
  • Conducted review and analysis of health care compliance plan of publicly-held pharmaceutical company with over $2 billion in annual revenues and 8,500 employees
  • Successfully defended an independent physician association against claims under the federal anti-kickback statute
  • Represented a national health insurance company in responding to an investigation and lawsuit by a state attorney general’s office
  • Advised medical device and pharmaceutical manufacturers on federal and state "sunshine" laws regarding payments to physicians
  • Advised owner of world's largest collection of human genomes on E.U./U.S./international data privacy issues related to formation of partnership to discover and develop novel therapeutics and companion diagnostics 
  • Advised international consumer products company on compliance with the California Consumer Privacy Act 
  • Represented health insurer in data breach response and related indemnification claims against party responsible for breach, collecting seven-figure settlement
  • Advised Fortune 1000 companies on information security and health information practices and data breach response 
  • Advised social media company on breach response under GDPR
  • Secured a positive anti-kickback advisory opinion from the Department of Health and Human Services Office of Inspector General
  • Represented multi-specialty physician practice in creation of urgent care joint venture with teaching hospital
  • Advised multi-specialty physician practice in merger to create 1000+ physician practice with over $2 billion in annual revenue
  • Beck v. Boston Med. Ctr. Health Plan, Inc. (Mass. Super. June 4, 2020)
  • Hsu v. Barclays Bank plc, 2015 WL 2256861 (Mass. Probate and Family Court, May 11, 2015)
  • Dolan v. Chester, et al., 2011 WL 6982150 (Mass. Super. January 10, 2012)
  • Dolan v. Comm'r of Education, et al., 2011 WL 3216617 (Mass. Super. 2011) 
  • Community Infusion Services, Inc. v. The National Organization for Rare Disorders, Inc., 2011 WL 2420224 (C.D. Cal. June 14, 2011)
  • Massachusetts Association of Health Plans v. Murphy, 2010 WL 2102726 and 2010 WL 2010723 (Mass. Super. 2010)
  • Vranos v. Franklin Medical Center, 448 Mass. 425, 613 N.E.2d 82, 2007 WL 572122 (2007) (amicus)
  • In re: Young's Case, 64 Mass. App. Ct. 903, 833 N.E.2d 646 (2005) (amicus)
  • Keene v. Brigham and Women's Hospital, 439 Mass. 223, 786 N.E.2d 824 (2003) (amicus) 
  • Hudson v. DuBois, 50 Mass. App. Ct. 1114, 741 N.E.2d 492, 2001 WL 92991 (2001)
  • Landry v. Attorney General, 429 Mass. 336, 709 N.E.2d 1085 (1999) (amicus)
  • Newman v. City of Malden, 1998 WL 324201 (Mass. Super. 1998)
  • Mayfield v. Dalton, 109 F.3d 1423 (9th Cir. 1997) (amicus)
  • Hunneman Real Estate Corp. v. Eastern Middlesex Association of Realtors, Inc., 860 F.Supp. 906 (D.Mass. 1994)
  • Attorney General v. Dime Savings Bank of New York, FSB, 413 Mass. 284, 596 N.E.2d 1013 (1992)


  • Contributor, Opioid Prescribing - An AHLA 50 State Survey, American Health Lawyers Association (February 2020) 
  • No Harm, No Foul? Private and Public Litigation in Cybersecurity Law, INSIDE COUNSEL (July 7, 2016)
  • Summary of Fraud and Abuse Statues & Regulations - New Hampshire, AMERICAN HEALTH LAWYERS ASSOCIATION (September 2008-present)
  • The Massachusetts eHealth Collaborative and Its Efforts to Bring Electronic Health Records to Massachusetts (with Micky Tripathi), 1 THE BOSTON HEALTH LAW REPORTER 18 (Spring 2006) 
  • Editor, THE MEDICOLEGAL GUIDE TO HEALTH RECORD INFORMATION (Massachusetts Health Information Management Association) (1997 and 2005 editions) 
  • HIPAA: The New Federal Privacy Rules and Their Implications, BOSTON BAR JOURNAL (September/October 2002) 
  • The Continuing Dilemma of Compliance with Requests for Health Information, BOSTON BAR JOURNAL (May/June 1999) 
  • Compensation for Telemedicine Services, 2 JOURNAL OF MEDICINE AND LAW 117 (Spring 1998)

Foley Hoag Publications

Honors & Involvement

  • Named a Top Lawyer in the area of Health Care Law by Boston Magazine (2022)
  • Named a 2022 “Go To Lawyer” for Cybersecurity & Data Privacy by Massachusetts Lawyers Weekly
  • Selected by his peers for inclusion in THE BEST LAWYERS IN AMERICA in the field of Healthcare Law (2015-2023) and Privacy and Data Security Law (2019-2023)
  • Ranked by CHAMBERS USA: AMERICA'S LEADING LAWYERS FOR BUSINESS as one of Massachusetts' leading Healthcare attorneys (2010-2022)
  • Listed in MASSACHUSETTS SUPER LAWYERS (2004-2021)
  • High Honor, Massachusetts Supreme Judicial Court, 2019 and 2020 Pro Bono Honor Roll
  • Martindale-Hubbell AV Preeminent (R) rating
  • Massachusetts Health Information Management Association HIM Advocacy Award recipient (2014)
  • Campbell Moot Court Competition semi-finalist, University of Michigan School of Law (1990)
  • Boston Bar Association, Co-Chair, Health Law Section (2010 - 2012) and Steering Committee member (2010 - 2017)
  • Lex Mundi
  • Chair - Health Care Industries Practice Group (September 2011 - May 2015)
  • North America Regional Vice-Chair, Health Care Industries Practice Group (October 2009 - August 2011)
  • American Health Lawyers Association, Member (Participant, Fraud and Abuse Enforcement Panel)
  • Health Care Compliance Association, Member
  • The Alumni Association of the University of Michigan, Director (2000 - 2008)
  • Board Member, Beacon Hill Civic Association (2007 - present)
  • Board Member, Friends of the Public Garden (2007 - 2013), Vice Chair (2013 - present)
  • Board Member and Clerk, Trinity Boston Foundation (2010 - 2017), Board of Visitors (2018 - present)

Speaking Engagements

  • Speaker, “As the Experts: MaHIMA Dot Wagg Legislative Seminar,” with Linda Sanches, Senior Advisor for HIT and Privacy Policy, Office for Civil Rights · U.S. Department of Health and Human Services, November 4, 2022
  • Speaker, "Real Life Health Information Compliance Issues," HIPAA, the Pandemic, and More MaHIMA Annual Conference, June 6, 2022
  • Speaker, "Adjusting COVID-19 Protocols Amid the Rise of the Delta Variant," Foley Hoag Webinar, August 12, 2021
  • Speaker, “U.S. Legal Developments: California and Beyond,” Boston Bar Association, Virtual Privacy and Cybersecurity Conference, Dec 3, 2020
  • Speaker, "New Developments in HIPAA and Related Issues in Health Information Law," MaHIMA Dot Wagg Memorial Legislative Seminar, October 28, 2020
  • Moderator, "MEDTECH Cybersecurity: Elusive but Possible," New England Healthcare Executive Network, October 5, 2020 
  • Speaker, “Returning to Work in the COVID-19 Era,” Webinar, May 26, 2020 
  • Speaker, “Sustaining Your Early Stage Life Science Company During the COVID-19 Pandemic Crisis,” ENET and MDG Joint Webinar, May 5, 2020
  • Speaker, “CCPA: What you need to know now and what to expect in the future,” Webinar, MassTLC, April 28, 2020
  • Speaker, “Essential COVID-19 Questions and the Answers You Need," Webinar, TiE Boston, March 30, 2020
  • Guest, “In It Together,” “How you can better protect your personal information while working from home and while taking advantage of telemedicine,” WGBH News, March 23, 2020  
  • Speaker, “Market Access Programs: A Legal Perspective.” DxConference - Advancing Market Access for Diagnostics, October 24, 2019
  • "GDPR, CCPA, and All That Jazz," Mass Technology Leadership Council,  September 12, 2019
  • "The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability," MedInnovation Boston, June 25, 2018 
  • "Setting Security Strategies and Getting Real About GDPR," MassTechnology Leadership Council CISO Roundtable, February 6, 2018
  • "Privacy and Data Breach Issues for Pharmaceutical/Medical Device Manufacturers and Other Life Sciences Companies," Lex Mundi Health Care and Life Sciences Practice Group Meeting, January 27, 2017
  • "HIPAA, Industry-Provider Interactions, and Related Compliance Matters," MichBIO Bioscience Regulatory Compliance Workshop, January 17, 2017
  • "Legal, Regulatory and Compliance Issues for Labs," American Clinical Laboratory Association Annual Meeting, May 5, 2015
  • "Connecting Medical Products to the Internet of Things:  Legal and Related Challenges for Connected and Mobile Medical Devices," Medical Development Group Seminar, April 29, 2015
  • "Cyber Risk and the Boardroom: The Role of Cyber Insurance," New York Stock Exchange Governance Series, April 21, 2015
  • "In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response," ACC International Legal Affairs Committee (with Gant Redmon, Co3 Systems), May 8, 2014
  • "The Final CMS Sunshine Rule: Analysis, Interpretation and Implementation," American Conference Institute Webinar, March 6, 2013
  • "HIPAA Compliance: Understanding the New Federal Omnibus Rules and Preparing to Respond to a State/Federal Audit," Massachusetts Hospital Association, February 6, 2013 (with Kevin C. Conroy)
  • "Protecting Health Information: Health Data Security Training," Attorney General Martha Coakley and Massachusetts Medical Society, October 25, 2012  
  • "Patient Access Programs: A Legal Perspective," The Diagnostic Conference (DXCON14), October 23, 2012
  • "Understanding the New U.S. Sunshine Act and Its Impact on Health Care Providers and Industry," Lex Mundi Webinar, January 18, 2012 
  • "Good Governance Practices for Health Care, Educational & Other Non-Profit Organizations," Boston Bar Association, October 25, 2011 
  • "What Every In-House Counsel Needs to Know About Data Security and Privacy," Association of Corporate Counsel and Lex Mundi, with Ed Palmieri, Privacy Counsel, Facebook, September 7, 2011 
  • "What Law Applies in the Cloud," CloudCamp, June 2, 2011