Jo-Ellyn Sakowitz Klein devotes much of her practice to regulatory, transactional and legislative matters affecting the health industry. She also advises clients outside the health care sector that are affected by health care or privacy law and regulation, and she leads the firm’s interdisciplinary privacy and data protection initiative.

Practice & Background

Ms. Klein devotes a substantial portion of her practice to assisting clients from across the spectrum with issues arising under state, federal and international privacy, security and data breach notification laws and regulations, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Clinical and Economic Health Act of 2009 (HITECH), the Gramm-Leach-Bliley Act (GLB), the FTC Red Flags Rule adopted under the Fair and Accurate Credit Transactions Act (FACTA) of 2003, and the Genetic Information Nondiscrimination Act (GINA). She has examined privacy and security issues arising in settings ranging from hospitals to pharmacy chains to clinical research to professional sports.

Ms. Klein also assists clients, such as hospital systems, health plans and pharmaceutical companies, with regulatory and policy issues arising under the Medicare and Medicaid programs. She has focused on issues concerning Medicaid programs across the nation.

Representative Matters

Ms. Klein’s engagements include:

  • assisting clients with regulatory compliance questions arising in the course of their day-to-day operations—under the federal regulations such as HIPAA and HITECH as well as under state privacy provisions
  • evaluating whether contemplated marketing activities comply with federal and state privacy laws
  • tailoring software license agreements and related transactional documents to address privacy issues
  • drafting and negotiating targeted business associate agreements that meet the individualized needs of clients—whether they are covered entities, business associates, downstream agents or subcontractors
  • assisting clients facing allegations raised by individuals in HIPAA complaints filed with federal regulators
  • helping clients prepare for and respond to data breaches, including evaluating whether notice of data breach requirements have been triggered and drafting appropriate breach notification correspondence
  • addressing health information privacy issues arising in the course of litigation and in bankruptcy proceedings
  • working with clients to identify risks relating to potential FTC enforcement activity, including evaluating whether an entity needs to comply with the FTC’s Red Flags Rule.

Awards & Accolades

  • Certified Information Privacy Professional / United States (CIPP/US), International Association of Privacy Professionals, 2014

Speaking Engagements

  • “Responding to a Cybersecurity Breach” at Akin Gump’s “The Cybersecurity Pandemic” (November 5, 2014)
  • “Business Associates Under the Final Rule: Definitions, Contracts, Obligations and Liabilities” American Conference Institute’s 3rd Annual Health Care Privacy and Security Forum (May 22, 2013)
  • “Business Associates Under HIPAA and HITECH: Present and Anticipated Definitions, Contracts, Obligations and Liabilities” American Conference Institute’s 2nd Annual Health Care Privacy and Security Forum (December 6, 2012)
  • “Privacy and Data Protection Requirements: What You Need to Know” Akin Gump Fort Worth CLE Program (April 26, 2012)
  • “(Re)Insurance Industry Outlook 2012: Data Privacy, Cyber Policies and Regulatory Confidentiality” HB Litigation Conferences (March 28, 2012)
  • “Privacy and Data Protection Legislation: the Risks and What Corporate Counsel Need to Know” Akin Gump CLE Program (October 5, 2011)
  • “From the FTC to HHS: Making Sense of Recent Enforcement Activity” International Association of Privacy Professionals KnowledgeNet (September 27, 2011)
  • “Critical Developments in Social Media Law” Northern Virginia Technology Institute (May 26, 2011)
  • “Comprehensive Federal Privacy Legislation: Implications and Concerns for Business and Institutions,” West LegalEdcenter webcast (July 22, 2010)
  • “HIPAA in a HITECH World/Keys to Compliance in the New Era” National Constitution Conferences CLE webcast (October 6, 2010)
  • “Facebook and Twitter: Legal Liabilities and HIPAA Compliance in Healthcare” Progressive (February 23, 2011 and March 25, 2010)
  • “From HIPAA to ARRA and Beyond: Making Sense of Health Information Privacy and Security Requirements for Community Health Centers,” Texas Association of Community Health Centers’ 26th Annual Conference, Dallas (November 2, 2009)
  • “Social Networking and Healthcare Providers: Understanding the Risks,” Webinar convened by Strafford Publications (October 22, 2009)
  • “New Red Flags Rules for Healthcare Providers: Are You Ready?” Panel convened by Strafford Publications (June 24, 2009 and October 7, 2009)
  • “FTC Red Flags Rule/Compliance Tips for Healthcare Providers” – Strafford Publications (October 7, 2009).