Lynn Sessions

Partner, BakerHostetler

With more than 25 years of working with healthcare industry clients, Lynn Sessions leads the Healthcare Privacy and Compliance team and serves as the Texas Digital Assets and Data Management Leader. She focuses her practice on healthcare privacy and data security, breach response, regulatory defense, and Health Insurance Portability and Accountability Act (HIPAA) compliance. Having previously served as in-house counsel and director of several departments at Texas Children’s Hospital, Lynn collaborates closely with healthcare clients and approaches her legal representation from a client’s perspective.

Lynn is a frequent speaker on a range of topics affecting health industry clients, including HIPAA compliance, data breach response, Office for Civil Rights investigations, cyberliability, and enterprise risk management. She is also the co-leader of the firm's Healthcare industry team and is a regular contributor to the firm’s Data Counsel blog, as well as the Health Law Update.

Select Experience

Privacy and Data Security

Has handled more than 600 healthcare data breaches, including several of the largest breaches reported to date. In her representation, provides counsel to healthcare providers and other covered entities on breach analysis; breach response; crisis management with patients, media and employees; and regulatory notification obligations to the Office for Civil Rights (OCR) and state attorneys general.
Has responded to more than 350 post-breach investigations from the OCR and state attorneys general arising from large and small data breaches reported by covered entities and has successfully defended healthcare organizations in these investigations.
Advises clients on HIPAA compliance, including preparation of policies and procedures, notice of privacy practices, business associate agreements, and incident response plans. Works with healthcare organizations post-data breach to strengthen safeguards under HIPAA and implement corrective action plans.