(JD, LLM, CISSP)
Iliana believes good data privacy and security are fundamental to ensuring consumer participation in new technologies, employee-employer relationships, patients’ trust in the health care system, students’ confidence in their education, and helping all clients succeed in an ever-changing landscape of threats to data security. She is recognized by the health care industry as a preeminent thinker and speaker on data privacy and security, particularly with regard to HIPAA, the HITECH Act, the 21st Century Cures Act, the Genetic Information Nondiscrimination Act (GINA), FERPA, the Privacy Act, state law data privacy and security requirements, and emerging cyber threats to data.
For many years, Iliana both developed information privacy and security policy, including on emerging technologies and cyber threats, for the Department of Health and Human Services, while coordinating with the Department of Justice, Department of Education, other federal agencies, State Attorneys General and the White House. She enforced HIPAA regulations through spearheading multimillion-dollar settlement agreements and civil money penalties pursuant to HIPAA.
She also focused then on training individuals in both the private and public sector, including compliance investigators, auditors, and State Attorneys General, on federal and state regulations and policy, and on good data privacy and security practices. Now, Iliana works closely with her clients on complicated compliance questions, incident response, investigations, and training to protect data and avoid legal risk and legal liability, both at the state and federal levels. ILIANA also supports clients’ defense of individual and class action litigation related to all types of data privacy, security and breach claims.
As a CISSP, she works hard to bridge the gap between legal requirements for the security of health data and security industry best practices, so that clients can better understand data security issues and jargon. ILIANA enjoys using her extensive experience drafting, implementing, and enforcing health privacy and security regulations and guidance in a practice that focuses on helping clients develop and implement good data privacy and security practices to avoid risk, and helping clients prepare for and recover from emerging cyber threats.