Jennifer Hennessy is a cybersecurity attorney with Foley & Lardner LLP. Her practice includes advising organizations on all aspects of compliance with federal and state data privacy and security laws. This includes assisting covered entities and business associates in complying with HIPAA and advising organizations on compliance with federal law 42 C.F.R. Part 2, Confidentiality of Alcohol and Drug Abuse Treatment Records, the California Consumer Privacy Act (CCPA), the Family Educational Rights and Privacy Act (FERPA), the Gramm–Leach–Bliley Act (GLBA), and EU’s General Data Protection Regulation (GDPR). She also advises government contractors on compliance with confidentiality and security requirements for Covered Defense Information (CDI), including compliance with DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, and NIST SP 800-171.
She frequently guides clients through data incident management and the entire breach notification process, from the early stages of the investigation to the notification of affected individuals and state and federal government regulators. Her depth of experience in this area allows her to provide clients with practical and business-oriented solutions in the event of a data incident and in its aftermath.
Prior to joining Foley, Jennifer was a health law associate with a large U.S. law firm based in Milwaukee.
- Advises covered entities and business associates on compliance with the HIPAA Privacy, Security, and Breach Notification Rules
- Assists clients undergoing investigations and audits by the Office for Civil Rights (OCR)
- Counsels clients on compliance with state data privacy and breach notification laws
- Provides guidance on compliance with federal law 42 C.F.R. Part 2, Confidentiality of Alcohol and Drug Abuse Treatment Records
- Advises on data de-identification in accordance with HIPAA's requirements
- Counsels clients on data management considerations to ensure compliance with applicable laws, including in the development and implementation of health information exchanges
- Assists in drafting and revising data privacy and security policies and procedures
- Reviews and advises on the overall state of data privacy and security compliance during the due diligence or audit process
- Negotiates data privacy issues in contracts, including business associate agreements
- Advises on data privacy and security considerations involved in health plans disclosing health plan enrollee information
- Assists health information exchange clients on navigating compliance with HIPAA, 42 C.F.R. Part 2, and state medical record confidentiality laws
- Advises clients on confidentiality and security requirements for Covered Defense Information (CDI), including compliance with DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, and NIST SP 800-171
- Co-Presenter, “Beyond HIPAA: What You Need to Know to Implement a Cybersecurity Program,” Long-Term Care CEO Roundtable (April 10, 2019)
- Co-Presenter, “Compliance with NIST SP 800-171 Security Framework: DoD Contractors and Beyond,” Midwest Cybersecurity Alliance (March 19, 2019)
- Co-presenter, “Protecting the Confidentiality of CDI – DoD Data Crash Course," Client In-Service Presentation (January 7, 2019)
- Co-presenter, “It’s the Most Wonderful Time of the Year – Your Cybersecurity Lawyers Are Here (To Update You on Cybersecurity Hot Topics),” Foley & Lardner Annual CLE Week (December 13, 2018)
- Co-presenter, “The Ins and Outs of a HIPAA Investigation,” Health Management Academy (November 8, 2018)
- Co-presenter, “Incident Response Readiness,” University of Wisconsin E-Business Consortium (October 17, 2018)
- Co-presenter, “HIPAA – It’s Not Only About the Regulations: Lessons Learned from Recent OCR Guidance and Enforcement Actions,” Association of Corporate Counsel (September 26, 2018)
- Co-presenter, "Health Care Cybersecurity Hot Topics: Ransomware, Cloud Storage, the Health Care Industry Cybersecurity Task Force Report, and Enforcement," Association of Corporate Counsel Health Law Committee Webinar (September 26, 2017)
- Quoted, "Medical Device Cybersecurity: Staying Safe in the Midst of Change," Wolters Kluwer’s Health Law Daily Wrap Up (August 11, 2017)
- Co-presenter, "Privacy & Security: Incident Response," ACC Legal Quick Hit: Health Law Committee Webinar (August 1, 2017)
- Presenter, “Cybersecurity: A Long-Term Care Perspective,” The New England Alliance Regional Conference (January 2017)
- Contributing author, "Cyber Health Crisis: How to Manage the Risk," West 2016 Health Law Handbook (June 2016)
- Co-presenter, "Navigating Compliance with EMTALA and State Laws During Mental Health Emergencies," Wisconsin Division of Quality Assurance Hospital Conference (May 12, 2016)
- Presenter, "Document Like You'll Appear in Court, Hope You Never Will: Tips for Medical Record Documentation," Wisconsin Association of Perinatal Care Annual Statewide Conference (April 25, 2016)
- Co-presenter, "2016 Updates to the Stark Physician Self-Referral Law," State Bar of Wisconsin (March 16, 2016)
- Co-author, "Top 10 Health Law Issues 2016: Cybersecurity," AHLA Connections (February 2016)
- Co-presenter, "HIPAA Privacy 101," HIPAA Collaborative of Wisconsin Webinar (July 9, 2015)Co-author, "Think You're Not Subject to HIPAA? You Might Want to Think Again," Inside Counsel (January 7, 2015)
- Co-presenter, "Disclosures to Law Enforcement," HIPAA Collaborative of Wisconsin Webinar (October 27, 2014)
- Co-presenter, "Birds of a Feather Comply Together: An Analysis of the Relationship Between Covered Entities and Business Associates When Navigating the HIPAA Breach Notification Rules," HIPAA Collaborative of Wisconsin 2014 Fall Conference (October 17, 2014)
- Co-author, “HIPAA/HITECH Resource Guide,” American Health Lawyers Association (AHLA) Manual (2014)
- Co-presenter, “Hang on to your Breaches: The Compliance Date is Coming Soon!,” State Bar of Wisconsin Health, Labor, and Employment Law Institute (August 2013)
- Co-author, “State Healthcare Privacy Laws Survey,” American Health Lawyers Association (June 2013)
Jennifer earned her law degree from the University of Iowa College of Law (J.D., with distinction, 2011), where she was the senior note & comment editor for the Iowa Law Review. She earned an MBA from the University of Iowa Henry B. Tippie College of Business (2011), and a bachelor’s degree in political science from the University of Iowa (B.S., highest distinction, 2007).
Jennifer is admitted to practice in Wisconsin and Massachusetts. She is a member of the International Association of Privacy Professionals, American Health Lawyers Association, and the State Bar of Wisconsin Health Law Section.