Brett Shrader

Email Brett  | 757-807-8470
*Affiliated with Coppersmith Brockelman PLC on designated matters; admitted in Virginia

Brett supports Coppersmith Brockelman’s health care practice, focusing primarily on data privacy and security matters.  Brett has extensive experience advising health care entities on a wide range of privacy and information security matters involving HIPAA, 42 CFR Part 2, and state medical and consumer privacy laws. He assists with drafting and reviewing business associate agreements, health information-related contracts, privacy and security policies, and data breach analysis and response.

Before coming to Coppersmith Brockelman, Brett spent over ten years as Assistant General Counsel and Privacy Officer for Beacon Health Options, a managed care company, where he directed a nationwide privacy program centered on sensitive information related to behavioral health.  As the corporation’s leading subject matter expert on privacy, Brett provided privacy and security guidance in support of projects for an extensive list of health plan clients, including ERISA plans, state Medicaid plans, and Employee Assistance Programs (EAP).  He also worked closely with industry groups and think tanks to advocate for legislative changes to 42 CFR Part 2, to encourage a closer alignment between Part 2 and the HIPAA rules.

Before moving to Beacon Health Options, Brett spent 13 years at Augusta Health, in western Virginia, as the hospital’s Privacy Officer, Compliance Officer, and In-house Counsel.  He led the formation of the hospital’s Compliance and Privacy programs and advised the organization’s leaders and staff on a wide range of operational issues.  In these roles, Brett worked extensively with HIPAA and various fraud, waste, and abuse laws and regulations, such as the False Claims Act, Anti-Kickback Statute, and Stark Law.

Representative Matters

  • Drafted and negotiated business associate agreements, confidentiality agreements, and data use agreements
  • Counseled healthcare professionals and business leaders on strategies for using and disclosing protected health information to achieve organizational and client goals, while remaining compliant with regulatory and legal requirements
  • Analyzed suspected information breaches and led responses and remediation efforts
  • Drafted and revised privacy-related policies and procedures, to reflect changes to applicable laws and regulations, and to provide clarity to front-line staff
  • Created educational programs on privacy and compliance, tailored for healthcare audiences of all types


  • Panelist for session, “Protecting Patient Privacy in an Integrated Care Environment – Modernizing 42 CFR Part 2, National Council for Behavioral Health (2016)

Activities & Memberships

  • Member, American Health Law Association
  • Member, Health Care Compliance Association

Education & Admissions

  • J.D., Washington and Lee University School of Law, 1993
  • B.S., Virginia Tech, 1979
  • Admitted in Virginia (1993)