Privacy and security compliance and breach counsel

Rachel Weiss helps health care providers, health plans and other organizations of all sizes with data privacy and security issues, among other matters. In particular, she advises on the HIPAA Privacy and Security Rules; data breach prevention, response and investigations; state data privacy and confidentiality laws; privacy and security-related due diligence; and federal and state pharmaceutical laws and regulations.

Rachel encourages clients to take proactive risk management steps to avoid experiencing costly incidents in the future. She works hand-in-hand with clients to improve their privacy and security compliance while keeping in mind overall business goals, timelines and budgetary constraints, to secure optimal outcomes.

Rachel also serves as the firm’s associate privacy officer.

Bar Admissions

• Wisconsin

Education

• Marquette University Law School (J.D., cum laude, 2013)

• University of Wisconsin - Madison (B.A., with distinction, 2010)
  • Major: Legal Studies
  • Criminal Justice Certificate Program
  • University of Wisconsin Pre-Law Society (President)

• "Cameras and Patient Recordings: Maintaining Patient Privacy and Confidentiality"
• "Cyber Health Crisis: How to Manage the Risk"
• "Data Privacy and Security 2018 First Quarter Update"
• "FDA Issues Guidelines on Postmarket Management of Cybersecurity in Medical Devices"
• "FDA Issues Warning on Cybersecurity for Infusion Pump"
• "FDA Tries to Get Ahead of New Era of Cyber-Terrorism"
• "Health Information Technology, Privacy and Security 2018 First Quarter Update"
• "HHS Modifies HIPAA In An Attempt to Address Gun Violence"
• "Hospitals Experience an Alarming Rise in Ransomware Attacks This Year"
• "Hospital’s Network Held Hostage by Hackers"
• "Navigating a Provider's Ability to Charge Copy Fees and a Patient's Right to Access Records"
• "New Guidance Released by OCR on Ransomware"
• "OCR Launches Mobile App, Promises Access Guidance and Promises Audits Coming Soon"
• "OCR Will Increase Focus on Smaller Breaches"
• "One Is the Loneliest Number: Alabama Becomes the Final State to Pass Data Breach Notification Law"
• "PCI Council Retires Old Data Security Standard"
• "South Dakota Officially the 49th State to Pass Data Breach Notification Law"
• "The New FFIEC Cybersecurity Assessment Tool for Financial Institutions: Understanding its Use and Legal Implications"
• "The Past, Present and Future Of Texting Clinical Information"
• All Tricks, No Treats: Record-breaking HIPAA Settlement Announced
• CPRA is in Effect: What Health and Life Sciences Entities Need to Know
• Diving into the Washington My Health My Data Act
• Diving into the Washington My Health My Data Act
• Diving into the Washington My Health My Data Act
• Diving into the Washington My Health My Data Act
• Diving into the Washington My Health My Data Act  
• FDA Draft Guidance on Medical Device Accessories
• FDA OHPR Draft Joint Guidance on IRB Meeting Minutes
• Georgia's New Nonresident Pharmacy Permit - Proposed Rules Hearing Dec. 11, 2013
• Health Information Technology, Privacy and Security 2018 First Quarter Update
• HIPAA Flexibility for COVID-19 Testing Sites
• How Does HIPAA Prevent Using and Disclosing COVID-19 Vaccination Information? HHS OCR Issues Guidance
• Misleading Postcards Regarding Security Risk Assessments are NOT from OCR
• Ninth Circuit Affirms Dismissal of Complaint Against Facebook for Collection of Browsing Data
• OCR Is On Fire: OCR Launches Mobile App Platform, Promises Access Guidance and Indicates Audits Are Coming Soon
• OCR Provides HIPAA Research Clarifications: Remote Access and Authorization for Future Use of Protected Health Information
• One Is the Loneliest Number: Alabama Becomes the Final State to Pass Data Breach Notification Law
• Privacy Update: A Busy Second Quarter
• Recent Updates in Data Privacy & Security for Health Care Entities
• SEC Rules Impose New Four-Day Reporting Requirements for Cybersecurity Incidents
• South Dakota Officially the 49th State to Pass Data Breach Notification Law
• The Patient Who Cried “Data Breach”: Actual Data Breach Required, but End-of-Life Software Risk Remains
• Watch OUT! HIPAA: $2.4 Million Settlement
• Winter Blues Client Alert Series: Privacy Concerns in the Collection and Use of Biometric Data
• With CCPA in Effect, What Do Health and Life Sciences Entities Need to Know? And How Does the New Amendment Affect You?
• ““So, don’t ask me no questions and I won’t tell you no lies:” Physician Receives Criminal Conviction for HIPAA Violations and Obstructing a Criminal Health Care Investigation"

Seminar

• 2022 Fall Virtual HIPAA COW Conference
• Data Security and Incident Response for Employers
• Navigating the Post-PHE Landscape: Law and Policy Changes for the Healthcare Industry