Anna Spencer focuses on the privacy, security and exchange of health information. She brings nearly twenty years of experience to bear when helping companies in the health care sector craft practical solutions to complex regulatory, public policy and enforcement matters that involve the processing of personal information. She counsels a diverse group of companies, including health plans, pharmaceutical and medical device manufacturers, healthcare providers, health information technology companies, digital health companies, pharmacies, electronic health record vendors, private equity companies, financial institutions and employers that sponsor group health plans.

She helps companies leverage data assets, respond to data breaches and advocate for simplified, common sense rules for the electronic exchange of health information. Anna regularly advises companies with respect to HIPAA, HITECH, Part 2 protections for substance abuse treatment records, GINA, the privacy and security rules promulgated by the Centers for Medicare & Medicaid Services (CMS), the Food and Drug Administration's cybersecurity guidance for medical device companies and privacy requirements under the Common Rule. She also defends covered entities and business associates in investigations by the Office for Civil Rights, US Department of Health and Human Services (OCR). She lobbies Congress and federal agencies for changes to federal and state laws that govern the processing of health information.

Anna regularly assists clients on privacy and security compliance issues related to cloud computing, big data, health information technology, mobile applications, digital health, clinical trials, processing of bio-specimens and de-identification of data sets. She works closely with consultants that perform security risk assessments and compromise assessments. She also has extensive knowledge of state information privacy and security laws, including CMIA and CCPA. Anna co-authored a treatise on health information privacy and security for Bloomberg Law. She is a frequent speaker on a broad range of health care data privacy and security topics.