Lynn Sessions

With over 29 years of experience working with healthcare industry clients, I lead the Healthcare Privacy and Compliance team as part of BakerHostetler’s Digital Assets and Data Management group. I am also the National Co- Leader of BakerHostetler’s Healthcare Industry team. I focus my practice on healthcare privacy and data security, breach response, regulatory defense, and HIPAA compliance. Having previously served as in-house counsel and director of several departments at Texas Children’s Hospital, I collaborate closely with my clients and approach my legal representation from a client’s perspective.

In the area of Privacy and Data Security, I have handled over 900 healthcare data breaches, including several of the largest breaches reported to date. In my representation, I provide counsel to healthcare providers and other covered entities, as well as business associates, on breach analysis, breach response, crisis management with patients, media and employees, and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general. I have responded to over 600 investigations from the OCR and state attorneys general arising from large and small data breaches reported by covered entities. I have successfully defended healthcare organizations in these investigations resulting in no regulatory action taken. I also advise clients on HIPAA compliance work outside of a data breach to strengthen safeguards under HIPAA and implementation of post-breach corrective action plans.