Jennifer J. Hennessy

Senior Counsel

Overview

Jennifer Hennessy is a cybersecurity attorney with Foley & Lardner LLP. Her practice includes advising organizations on all aspects of compliance with federal and state data privacy and security laws. This includes assisting covered entities and business associates in complying with Health Insurance Portability and Accountability Act (HIPAA) and advising organizations on compliance with federal law 42 C.F.R. Part 2, Confidentiality of Alcohol and Drug Abuse Treatment Records, the California Consumer Privacy Act (CCPA), the EU’s General Data Protection Regulation (GDPR), the Family Educational Rights and Privacy Act (FERPA), and the Gramm–Leach–Bliley Act (GLBA).

She also advises government contractors on compliance with confidentiality and security requirements for Covered Defense Information (CDI), including compliance with DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, and NIST SP 800-171.

Jennifer frequently guides clients through data incident management and the entire breach notification process, from the early stages of the investigation to the notification of affected individuals and state and federal government regulators. Her depth of experience in this area allows her to provide clients with practical and business-oriented solutions in the event of a data incident and in its aftermath.

Prior to joining Foley, Jennifer was a health law associate with a large U.S. law firm based in Milwaukee.

Representative Experience

  • Advises covered entities and business associates on compliance with the HIPAA Privacy, Security, and Breach Notification Rules
  • Counsels clients on compliance with state data privacy and breach notification laws, including the California Consumer Privacy Act (CCPA)
  • Provides guidance on compliance with federal law 42 C.F.R. Part 2, Confidentiality of Alcohol and Drug Abuse Treatment Records
  • Consults organizations on compliance with the European Union General Data Protection Regulation (GDPR)
  • Assists clients undergoing investigations and audits by the Office for Civil Rights (OCR) and other regulatory authorities
  • Advises on data de-identification in accordance with legal requirements
  • Counsels clients on data management considerations to ensure compliance with applicable laws, including in the development and implementation of health information exchanges
  • Assists in drafting and revising data privacy and security policies and procedures
  • Reviews and advises on the overall state of data privacy and security compliance during the due diligence or audit process
  • Negotiates data privacy issues in contracts, including HIPAA business associate agreements and GDPR data processing agreements
  • Advises on data privacy and security considerations involved in health plans disclosing health plan enrollee information
  • Reviews health care related data privacy and security issues in Website Privacy Policies and Terms of Use and advises on the interplay between health care and website privacy requirements
  • Assists health information exchange clients on navigating compliance with HIPAA, 42 C.F.R. Part 2, and state medical record confidentiality laws
  • Advises clients on confidentiality and security requirements for Covered Defense Information (CDI), including compliance with DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, and NIST SP 800-171

Selected Publications and Presentations

  • Co-presenter, “Ringing in the New Year…and the California Consumer Privacy Act,” Foley & Lardner Annual CLE Week (December 11, 2019)
  • Co-presenter, “Down to the Wire: Strategies for Compliance with the California Consumer Privacy Act (CCPA),” Foley & Lardner Women Lawyers’ Forum CLE Event (December 5, 2019)
  • Co-presenter, “The California Consumer Privacy Act (CCPA) – How it Will Apply to Wisconsin Businesses and Compliance Tips,” Foley & Lardner Fox Valley CLE Conference (November 21, 2019)
  • Co-presenter, “Preparing for a Cyberattack: What Every Texas In-House Counsel Should Know,” Foley & Lardner LLP Intellectual Property Lunch and Learn (September 20, 2019)
  • Co-presenter, “The California Consumer Privacy Act (CCPA) – Applicability, Requirements, and Practical Tips on Compliance,” Midwest Cybersecurity Alliance (September 12, 2019)
  • Co-presenter, “Cybersecurity: How to Prepare for and Respond to an Attack,” InfraGard Wisconsin: SuperCon 2019 (June 5, 2019)
  • Co-presenter, “Beyond HIPAA: What You Need to Know to Implement a Cybersecurity Program,” Long-Term Care CEO Roundtable (April 10, 2019)
  • Co-presenter, “Compliance with NIST SP 800-171 Security Framework: DoD Contractors and Beyond,” Midwest Cybersecurity Alliance (March 19, 2019)
  • Co-presenter, “Protecting the Confidentiality of CDI – DoD Data Crash Course," Client In-Service Presentation (January 7, 2019)
  • Co-presenter, “It’s the Most Wonderful Time of the Year – Your Cybersecurity Lawyers Are Here (To Update You on Cybersecurity Hot Topics),” Foley & Lardner Annual CLE Week (December 13, 2018)
  • Co-presenter, “The Ins and Outs of a HIPAA Investigation,” Health Management Academy (November 8, 2018)
  • Co-presenter, “Incident Response Readiness,” University of Wisconsin E-Business Consortium (October 17, 2018)
  • Co-presenter, “HIPAA – It’s Not Only About the Regulations: Lessons Learned from Recent OCR Guidance and Enforcement Actions,” Association of Corporate Counsel (September 26, 2018)
  • Co-presenter, "Health Care Cybersecurity Hot Topics: Ransomware, Cloud Storage, the Health Care Industry Cybersecurity Task Force Report, and Enforcement," Association of Corporate Counsel Health Law Committee Webinar (September 26, 2017)
  • Quoted, "Medical Device Cybersecurity: Staying Safe in the Midst of Change," Wolters Kluwer’s Health Law Daily Wrap Up (August 11, 2017)
  • Co-presenter, "Privacy & Security: Incident Response," ACC Legal Quick Hit: Health Law Committee Webinar (August 1, 2017)
  • Presenter, “Cybersecurity: A Long-Term Care Perspective,” The New England Alliance Regional Conference (January 2017)
  • Contributing author, "Cyber Health Crisis: How to Manage the Risk," West 2016 Health Law Handbook (June 2016)
  • Co-author, "Top 10 Health Law Issues 2016: Cybersecurity," AHLA Connections (February 2016)
  • Co-presenter, "HIPAA Privacy 101," HIPAA Collaborative of Wisconsin Webinar (July 9, 2015)
  • Co-author, "Think You're Not Subject to HIPAA? You Might Want to Think Again," Inside Counsel (January 7, 2015)
  • Co-presenter, "Disclosures to Law Enforcement," HIPAA Collaborative of Wisconsin Webinar (October 27, 2014)
  • Co-presenter, "Birds of a Feather Comply Together: An Analysis of the Relationship Between Covered Entities and Business Associates When Navigating the HIPAA Breach Notification Rules," HIPAA Collaborative of Wisconsin 2014 Fall Conference (October 17, 2014)
  • Co-author, “HIPAA/HITECH Resource Guide,” American Health Lawyers Association (AHLA) Manual (2014)
  • Co-presenter, “Hang on to your Breaches: The Compliance Date is Coming Soon!,” State Bar of Wisconsin Health, Labor, and Employment Law Institute (August 2013)
  • Co-author, “State Healthcare Privacy Laws Survey,” American Health Lawyers Association (June 2013)

Education

  • University of Iowa College of Law (J.D., with distinction, 2011)
    • Senior Note & Comment Editor, Iowa Law Review
  • University of Iowa Henry B. Tippie College of Business (MBA, 2011)
  • University of Iowa (B.S., highest distinction, 2007)

Admissions and Professional Memberships

  • Wisconsin
  • Massachusetts
  • Member of the International Association of Privacy Professionals
  • American Health Lawyers Association
  • The State Bar of Wisconsin Health Law Section