Erin F. Dunlap

*Admitted in Missouri and Illinois

Email Erin |  314-255-5988 | V-Card

Erin regularly advises clients working in the health care industry on compliance with data privacy, security and patient access laws, including HIPAA, 42 CFR Part 2, the ONC’s Information Blocking Rule and CMS’ Interoperability and Patient Access Rule; and state privacy and breach notification laws.

As a former litigator who successfully represented clients in federal and state courts and before arbitrators, government agencies and licensing boards, Erin is particularly well-equipped to lead clients through privacy and security-related investigations.  She regularly works with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), state Attorneys General and state agencies in resolving privacy and security-related investigations (without penalty or payment) following data breaches, patient complaints and whistleblower claims.

Erin also has extensive experience developing privacy and security policies and forms, negotiating business associate agreements, analyzing uses and disclosures of health information, preparing risk assessments, advising clients through all aspects of breach notification, advising on how to de-identify data and working with de-identification experts, responding to subpoenas and other types of requests for health information, drafting notices of privacy practices, reviewing/revising website privacy policies, advising health information exchanges (HIEs), and performing data privacy and security due diligence in connection with small and large health care transactions.

Erin also advises clients working in the health care industry on communicating with patients/consumers and marketing campaigns under state and federal laws, including HIPAA, the Telephone Consumer Protection Act (TCPA), Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) and Section 5 of the Federal Trade Commission Act (FTC Act).

Representative Matters

  • Working with HIEs and health care providers on compliance with the ONC’s Information Blocking Rule and the CMS Interoperability and Patient Access Rule
  • Advised HIE on expanded data sharing arrangements and proposed draft legislation aimed at increasing HIE participation
  • Convinced OCR to close investigations against non-covered entities based on lack of jurisdiction
  • Advised private university on HIPAA compliance, including developing HIPAA policies and other documents for the university-sponsored group health plan
  • Helped to close several OCR investigations (without penalty or payment) against large health system
  • Advised physician office on responding to ransomware attack, including hiring/working with forensic analyst
  • Served as lead counsel in responding to (and successfully closing without penalty or payment) OCR investigation involving stolen desktop computer affecting thousands of individuals
  • Advised national health care client on privacy/security aspects of re-marketing and geo-fencing campaigns
  • Assisted academic medical center in responding to OCR investigation triggered by lost laptop; the investigation was closed without penalty or payment
  • Assisted home care/hospice client in responding to phishing attacks affecting thousands of patients, including remediation/mitigation, notification obligations and subsequent OCR investigation
  • Worked closely with statistician in preparing expert determination of de-identification to allow national health care client to report data to drug/device manufacturers
  • Served as lead counsel in responding to an OCR investigation into a national provider who experienced a coding error exposing patient data; the investigation was closed without penalty or payment
  • Advised numerous client on the use of automated telephone/texting services for appointment reminders and other care coordination activities
  • Convinced the California Department of Public Health to withdraw penalty notice and close investigation into national health care provider following theft of patient information
  • Successfully resolved investigation by state Attorney General (without penalty/payment) following the improper disposal of patient information

Publications & Presentations

  • Commenter, “HIPAA Safe Harbor Offers Limited But Important Protection,” Healthcare Risk Management (Mar. 1, 2022)
  • Commenter, “HIPAA Changes Coming in 2022 Might Require Policy Revisions,” Healthcare Risk Management (Dec. 1, 2021)
  • Commenter, “Lessons Learned from Overturned $4.3 Million HIPAA Penalty,” Healthcare Risk Management (Mar. 1, 2021)
  • Contributor, “Year in Review Developments,” American Health Law Association, AHLA Physicians and Hospital Law Institute Feb. 2021; AHLA Annual Meeting June 2021
  • Co-author (with Kristen Rosati and Melissa Soliz), “Proposed Changes to the HIPAA Privacy Rule: The Good, The Bad and The Ugly — an Operational Perspective,” Coppersmith Briefs (Jan. 26, 2021)
  • Commenter, “Ongoing Noncompliance Leads to Serious Settlement for Small Clinic,” Healthcare Risk Management (Dec. 1, 2020)
  • Co-presenter (with Melissa Soliz), “Breaking it Down: Information Blocking and CMS CoP Alerts for Hospitals,” Webinar Co-hosted by LACIE, MHC, Tiger Institute (Aug. 2020)
  • Co-author (with Melissa Soliz), “COVID-19 TCPA Emergency Exception for Robocalls and Texts from Health Care Providers and Government Officials,” Coppersmith Briefs (Apr. 16, 2020)
  • Co-author (with Melissa Soliz), “OCR Waives HIPAA BAA Requirements to Participate in Public Health and Health Oversight Activities,” Coppersmith Briefs (Apr. 2, 2020)
  • Co-author (with Kristen Rosati and Melissa Soliz), “Communicating with First Responders about Patient COVID-19 Status,” Coppersmith Briefs (Mar. 31, 2020)
  • Co-author (with Kristen Rosati and Melissa Soliz), “Communicating with Health Care Employees about Patient COVID-19 Status,” Coppersmith Briefs (Mar. 30, 2020)
  • Co-presenter (with Melissa Soliz), “Access to Health Care Records for Workers Compensation Purposes,” State Bar of Arizona (Sept. 2019)
  • Co-panelist (with Jill Chasson, Ryan Flannagan and Samir Mehta, M.D.), “How to Use Social Media and Not Get into Trouble,” Orthopaedic Trauma Association webinar (Feb. 2019)
  • Co-presenter (with Scott Bennett, Melissa Soliz, and Dave Kinsey), “Health Care Data for Lawyers,” State Bar of Arizona (Sept. 2018)
  • Co-panelist (with Melissa Soliz & Chase Millea), “Substance Use Treatment: Revised Part 2 Regulations Compliance,” Strafford Publications webinar (Oct. 2017)
  • Co-author, “The Power of a Transparent and Broad Privacy Policy,” Polsinelli on Privacy, Privacy and Data Security Blog (May 2017)
  • Co-presenter, “How to Navigate and Survive a Mega Breach,” HCCA’s 21st Annual Compliance Institute (National Harbor, MD, Mar. 2017)
  • Co-presenter, “Cybersecurity and HIPAA Compliance,” LockPath Ready Summit (Oct. 2016)
  • Co-presenter, “HIPAA Audits are Here to Stay-Key Preparation Strategies,” Polsinelli PC 2016 Health Care Webinar Series (Aug. 2016)
  • Co-author, “Recent Enforcement Action: Business Associates Not Off the Hook for HIPAA Violations,” Polsinelli PC, Health Care E-Alert (Jul. 2016)
  • Commenter, “Disclosure Management in a Risky World,” For the Record Magazine, Vol. 28, No. 4, P. 22 (Apr. 2016)
  • Co-presenter, “Navigating a Breach Incident at the Business Associate Level: Reporting, Investigation and Mitigation Strategies,” American Health Lawyers Association, 2016 Webinar Series (Feb. 2016)
  • Co-author, “Data Privacy and Security Update, 2016 Health Law and Compliance Update,” Wolters Kluwer (2016)
  • Co-presenter, “Preparing for a Data Breach and the Need for Cyber Liability Insurance,” Polsinelli PC 2015 Health Care Webinar Series (Aug. 2015)
  • Co-author, “Don’t Fumble Your HIPAA Obligations: Ensure Your HIPAA Playbook Implements Appropriate Protections for Patients,” Polsinelli PC, Health Care E-Alert (Jul. 2015)

Activities & Memberships

  • Member, American Health Lawyers Association (AHLA) (2011 – present)
  • Member, Health Care Information and Technology Practice Group, AHLA
  • Member, Privacy and Security Compliance and Enforcement Affinity Group, AHLA

Clerkships

  • Geraldine Soat Brown, U.S. District Court for the Northern District of Illinois

Education & Admissions

  • J.D., Northwestern University School of Law, 2001
  • B.A., University of Notre Dame, 1997
  • Admitted in Illinois (2001)
  • Admitted in Missouri (2007)

Dunlap, Erin
Logo Footer

About Coppersmith Brockelman

At Coppersmith Brockelman, we believe that law firms have too many rules. Here are ours: Work at the highest level of our profession. Think creatively and find practical solutions. Do the right thing. Maintain our sense of humor. Build community – with clients, with other lawyers, and with each other. And if anyone forgets these few rules, remind them. As it turns out, you can build and maintain a terrific law firm like this.

Stay in the Know


Contact Us

LinkedIn
Facebook
Twitter

2800 N. Central Ave.
Ste. 1900
Phoenix, Arizona 85004

P: (602) 224-0999 | F: (602) 224-6020
©2023 Coppersmith Brockelman All Rights Reserved
Privacy Policy | Disclaimer | Legal Notices