Aaron Maguregui is a health care lawyer and member of the firm’s Privacy, Security & Information Management Practice, and national Telemedicine & Digital Health Industry Team. He advises innovative health care and technology companies to solve complex compliance, cybersecurity, data governance, data privacy, and risk management matters. Working with leading health care insurers, government-sponsored managed care organizations, health care providers, and technology companies, he delivers pragmatic legal advice and action-oriented solutions guidance to help clients reach their goals and objectives. Aaron is a Certified Information Systems Security Professional (CISSP), a global standard and essential industry credential accredited by (ISC).
Real-World Industry Knowledge
Prior to joining Foley, Aaron was in-house counsel at one of the country’s largest publicly-traded managed health care insurance organizations, helping lead the company’s Privacy & Information Security Department and build its security incident response team. Aaron has managed dozens of privacy and security incidents, successfully resolved multiple publicly-reported data breaches, and led responses to inquiries, complaints, and investigations from various federal and state government agencies including, the Office of Civil Rights (OCR), the Department of Justice (DOJ), the Centers for Medicare & Medicaid Services (CMS), the Department of Health & Human Services Office of the Inspector General (HHS-OIG), state Medicaid agencies, and state attorney generals offices. Aaron also counseled the company in obtaining HITRUST certification, a highly coveted certification that provides assurances to all stakeholders of the company’s security practices.
Cybersecurity, Data Governance, Privacy Counseling and Contracting
Aaron provides advice and counsel in all phases of cybersecurity attacks and data breach events. He works closely with CISO’s, compliance officers, general counsels, and incident response teams to prepare them for cyber-attacks and data loss events. By using preventative and anticipatory strategies, he advises and prepares health care companies to appropriately, efficiently, and successfully communicate, respond, and recover from all types of security incidents. Aaron has developed and implemented best-in-class cyber practices including, for example:
"Foley is the premier firm for telehealth counsel."
"A market leader in telemedicine issues." "This is the Dream Team."
- Chambers USA: America's Leading Business Lawyers (2020, 2021)
Aaron advises health insurers, providers, digital health entrepreneurs, and technology companies on regulatory issues and contract negotiations related to compliance, cybersecurity, data privacy, and data governance. He routinely advises companies on HIPAA, text messaging and the Telephone Consumer Protection Act (TCPA), the EU’s General Data Protection Regulation (GDPR), the California Consumer Protection Act, and other federal, international, and state privacy and security laws, regulations, and directives. He helps health companies refine their big data business strategy, realistically assess risk, and achieve their goals.
Education, Professional Memberships and Community Involvement
Aaron is a graduate of the University of South Florida and received his law degree from Indiana University Maurer School of Law. He is a member of the International Association of Privacy Professionals (IAPP), the American Health Lawyers Association and the Health Law Section of the Florida Bar. Aaron is admitted to practice in Florida and Washington, D.C.
Aaron is active in the community and serves on the Board of Directors of the Jason Ackerman Foundation/ Because of Jason, an organization focused on improving the lives of youth who survived a health-related or tragic, life-altering circumstance out of their control, helping give them the strength to survive and thrive.