Jo-Ellyn Sakowitz Klein devotes much of her practice to regulatory, transactional and legislative matters affecting the health industry. She also advises clients outside the health care sector that are affected by health care or privacy law and regulation.

Ms. Klein leads the firm’s interdisciplinary privacy and data protection initiative. She devotes a substantial portion of her practice to assisting clients from across the spectrum with issues arising under state, federal and international privacy, security and data breach notification laws and regulations, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the American Recovery and Reinvestment Act of 2009 (ARRA), the FTC Red Flags Rule adopted under the Fair and Accurate Credit Transactions Act (FACTA) of 2003, and the Genetic Information Nondiscrimination Act (GINA). She has examined privacy and security issues arising in settings ranging from hospitals to pharmacy chains to clinical research to professional sports.

Representative engagements in this area include—

• assisting clients with regulatory compliance questions arising in the course of their day-to-day operations—under the federal HIPAA and GINA regulations as well as under state privacy provisions
• evaluating whether contemplated marketing activities comply with federal and state privacy laws
• tailoring software license agreements and related transactional documents to address privacy issues
• drafting and negotiating targeted business associate agreements that meet the individualized needs of clients—whether they are covered entities, business associates downstream agents or subcontractors
• assisting clients facing allegations raised by individuals in HIPAA complaints filed with federal regulators
• helping clients prepare for and respond to data breaches, including evaluating whether notice of data breach requirements have been triggered and drafting appropriate breach notification correspondence
• addressing health information privacy issues arising in the course of litigation and in bankruptcy proceedings
• working with clients to identify risks relating to potential FTC enforcement activity, including evaluating whether an entity needs to comply with the FTC’s Red Flags Rule.

Ms. Klein is a frequent speaker on topics relating to the health industry and data privacy issues. Recent speaking engagements include—

• “HIPAA Compliance in a HITECH Age,” National Constitution Conferences CLE webcast (October 6, 2010)
• “Comprehensive Privacy Legislation: Implications and Concerns for Business and Institutions,” West LegalEdcenter webcast (July 22, 2010)
• “Facebook and Health Care Providers: Reaping the Benefits, While Managing the Risks,” Progressive Healthcare Conferences (March 25, 2010)
• “New Red Flag Rules for Healthcare Providers: Are You Ready?” Panel convened by Strafford Publications (June 24, 2009 and October 7, 2009)
• “Social Networking and Healthcare Providers: Understanding the Risks,” Webinar convened by Strafford Publications (October 22, 2009)
• “From HIPAA to ARRA and Beyond: Making Sense of Health Information Privacy and Security Requirements for Community Health Centers,” Texas Association of Community Health Centers’ 26th Annual Conference, Dallas (November 2, 2009)

Ms. Klein also assists clients, such as hospital systems, health plans and pharmaceutical companies, with regulatory and policy issues arising under the Medicare and Medicaid programs. She has focused on issues concerning Medicaid programs across the nation.

Ms. Klein received her A.B. in public policy studies and a certificate in education from Duke University in 1994. Prior to entering law school, she worked as a policy analyst at the University of California, Office of the President. She received her J.D. in 1998 from the Georgetown University Law Center, where she was an articles editor of The Georgetown Law Journal. Ms. Klein is a member of the Virginia and District of Columbia bars and the American Health Lawyers Association.