Jeff Drummond

Practice Areas

Healthcare & Life Sciences; Cybersecurity, Data Protection, & Privacy

Career

Jeff Drummond’s represents hospitals, physicians, laboratories, surgery centers, and other healthcare providers in transactional and regulatory matters. He is best known for his experience in HIPAA and medical record privacy, as well as other data privacy and security issues. He is a Certified Information Privacy Professional (CIPP/US) and a Certified HIPAA Professional (CHP).

Jeff primarily serves clients in the health industry, specifically nonprofit, for-profit, and public hospitals; surgery centers, imaging centers, dialysis centers, and other ancillary providers; drug, device, and durable medical equipment developers and suppliers; single-specialty and multi-specialty physician practices of all sizes; and technology companies and app developers in the health industry. He provides a wide variety of services to his clients in the corporate, transactional, and regulatory areas, including advising clients regarding:

- Entity formation, dissolution, and operations

- Stark, Anti-Kickback, and other federal regulatory matters

- Licensure and certification issues

- Other healthcare regulatory compliance matters

- HIPAA, HITECH, and GINA compliance matters

- Data privacy risk analysis, policy development, implementation, and training

- Medical record retention, protection, and destruction issues

- Medical record and other data breach investigation and reporting

Outside of his practice, Jeff is an adjunct professor in the Naveen Jindal School of Management at the University of Texas at Dallas, teaching a course on Healthcare Law, Policy and Regulation.

Professional Memberships

American Health Lawyers Association; National Association of Bond Counsel; State Bar of Texas – Health Law Section; Dallas Bar Association – Health Law Section

Experience

Jeff has successfully represented numerous healthcare providers who have suffered data breaches, including direct negotiations with the Office for Civil Rights relating to potential HIPAA breaches. Jeff has also assisted companies in other industries with addressing potential data breach incidents involving the Gramm Leach Bliley Act and other data protection laws and regulations. In addition to federal regulatory issues, these incidents included potential notification requirements in multiple states and foreign jurisdictions.

- Represented a hospital system and a dental practice in investigating, addressing, and remediating possible ransomware attacks.

- Represented a medical school in investigating and responding to a potential breach of patient information.

- Represented two large public hospitals in the formation of private-public service organizations to serve as Section 1115 Waiver organizations.

- Represented multiple large single-specialty physician groups in mergers and consolidations.

- Represented an oncology team in transitioning their existing practice to form a new practice entity.

Education