Katie Dillon Kenney specializes in HIPAA Privacy and Security Rules and regularly counsels health care systems, technology companies, vendors, and group health plans offering wellness programs on compliance with the HIPAA privacy, security, and breach notification requirements. Prior to joining Polsinelli, Ms. Kenney worked for the U.S. Department of Health & Human Services (HHS), Office for Civil Rights (OCR), in Washington, DC. At OCR, she handled breach notification intake, including responding to legal and policy issues relating to breach notification reports, helped draft the 2009 Interim Final Rule for Breach Notification, drafted preamble language and supplemental guidance for the 2013 HIPAA regulations implementing HITECH modifications, drafted Congressional reports, and actively participated on OCR’s audit team.
Ms. Kenney’s time at OCR equipped her with a strong understanding of the policy behind the HIPAA regulations and a deep knowledge of the inner workings of the enforcement process. This perspective allows her to provide practical advice to health care clients on complex data sharing arrangements, arrangements, responding to breach issues of all sizes and variations, and implementing best practices geared toward creating a culture of privacy and security compliance. Her primary goal for her clients is to make HIPAA compliance approachable and part of the organization’s day-today work activities so that it does not serve as a roadblock to innovation.
Ms. Kenney holds a Bachelor’s degree from the University of Notre Dame and a J.D. from Saint Louis University School of Law where she specialized in health care law. She has written numerous articles on HIPAA compliance issues and is a frequent speaker on the subject nationwide. She also serves as the Vice Chair of Education for the HIT Practice Group of the American Health Lawyers Association.