Anna Spencer

Anna Spencer

Partner
About

Anna Spencer focuses on the privacy, security and exchange of health information. She brings nearly twenty years of experience to bear when helping companies in the health care sector craft practical solutions to complex regulatory, public policy and enforcement matters that involve the processing of personal information. She counsels a diverse group of companies, including health plans, pharmaceutical and medical device manufacturers, healthcare providers, health information technology companies, digital health companies, pharmacies, electronic health record vendors, private equity companies, financial institutions and employers that sponsor group health plans.

She helps companies leverage data assets, respond to data breaches and advocate for simplified, common sense rules for the electronic exchange of health information. Anna regularly advises companies with respect to HIPAA, HITECH, Part 2 protections for substance abuse treatment records, GINA, the privacy and security rules promulgated by the Centers for Medicare & Medicaid Services (CMS), the Food and Drug Administration's cybersecurity guidance for medical device companies and privacy requirements under the Common Rule. She also defends covered entities and business associates in investigations by the Office for Civil Rights, US Department of Health and Human Services (OCR). She lobbies Congress and federal agencies for changes to federal and state laws that govern the processing of health information.

Anna regularly assists clients on privacy and security compliance issues related to cloud computing, big data, health information technology, mobile applications, digital health, clinical trials, processing of bio-specimens and de-identification of data sets. She works closely with consultants that perform security risk assessments and compromise assessments. She also has extensive knowledge of state information privacy and security laws, including CMIA and CCPA. Anna co-authored a treatise on health information privacy and security for Bloomberg Law. She is a frequent speaker on a broad range of health care data privacy and security topics.

Bar admissionsAlabamaDistrict of ColumbiaGeorgia
Education
  • J.D., Vanderbilt University
  • B.A., Sewanee
    Phi Beta Kappa

Awards

  • The Legal 500 United States
    • Recommended, Cyber Law (including Data Privacy and Data Protection) (2018, 2020-2021)
    • Recommended, Data Privacy and Data Protection (2018, 2020)
    • Recommended, Healthcare: Service Providers (2018)

Pro Bono

Anna serves pro bono on the Board of Directors of University of the South (Sewanee)

Seminars

  • Presenter, "How the Dobbs Decision Transformed Health Information Privacy," DLA Piper CLE, September 29, 2023
  • Panelist, "The Impact on Privacy Rights from the Dobbs Decision," State Bar of Georgia, March 1, 2023
  • Panelist, "FPF Health Working Group Call," Future of Privacy Forum, December 13, 2022
  • Presenter, "The Current State of Healthcare Privacy," State Bar of Georgia, October 20, 2022
  • Presenter, "Major Developments in Data Privacy in the Health Care Sector," Philadelphia Regional Healthcare Compliance Conference, August 5, 2022
  • Presenter, "Topics in U.S. Privacy and Data Protection: Pharmaceutical and Biotech Considerations," Seton Hall University of Law, Virtual Event, June 13, 2022
  • Panelist, "Virtual Atlanta KnowledgeNet: Women In Privacy Roundtable: B2B vs B2C Privacy," IAPP Webinar Event, March 21, 2022
  • Panelist, "International Corporations & Cybersecurity," International Law Society, Emory Law School, Conference, February 14, 2022
  • Presenter, "U.S. Privacy and Data Protection: Issues Facing the Pharmaceutical and Biotech Industry," Seton Hall University of Law, Virtual Event, October 11, 2021
  • Presenter, "Topics in U.S. Privacy and Data Protection: Pharmaceutical and Biotech Considerations," Seton Hall University of Law, Virtual Event, June 14, 2021
  • Presenter, "Topics in U.S. Privacy and Data Protection: Pharmaceutical and Biotech Considerations," Seton Hall University of Law, Virtual Event, October 12, 2020
  • Presenter, "5th Annual Medical Device Cybersecurity Risk Mitigation Conference – Case Study One: IMDRF Principles and Practices," Virtual Event, September 30, 2020
  • Presenter, "The Ransomware Threat is Changing – Sectoral Implications" a DLA Piper CLE Webinar, June 17, 2020
  • Presenter, "US Privacy and Data Protection: Issues Facing the Pharmaceutical and Biotech Industry," Seton Hall University of Law, October 14, 2019
  • Presenter, "Lost, Stolen or Damaged Medical Records: Organized a Nightmare," Lorman Education Services, Webinar, September 30, 2019
  • Presenter, "Managing Data Privacy Compliance at the Crossroads of HIPAA, GDPR and CCPA: Guidance for Attorneys on Managing Operational Issues," Blue Cross Blue Shields 2019 National Summit, Grapevine, Texas, April 29, 2019
  • Presenter, "California Consumer Privacy Act and Its Impact on Healthcare Companies," Webinar, April 25, 2019
  • Presenter, "Data Risk: The CCPA, GDPR and California Action Risk," GDPR Edge, October 29, 2018
  • Panelist, "What Life Sciences Companies Should Know About Data Privacy, Integrity and Security," BIOCOM, September 14, 2017
  • Panelist, "Innovative Multi-Stakeholder Collaborations to Improve Medical Device Cybersecurity," Medical Device Cybersecurity Risk Mitigation, July 17, 2017
  • Presenter, "Privacy and Data Protection: Issues Facing the Pharmaceutical and Biotech Industry," Healthcare Compliance Certification Program, June 12, 2017
  • Panelist, "Opting out of Privacy: Emerging Trends and Issues," AHIP's 2017 Institute & Expo, June 9, 2017
  • Panelist, "The EU's General Data Protection Regulations and its Impact on the US," Health Privacy Summit 2017, June 1, 2017

Memberships And Affiliations

  • Certified Information Privacy Professional (CIPP) by International Association of Privacy Professionals

Connect