Professionals

Name / Keyword Office Practice Industry Language Show All
Practices

Antitrust and Competition Law

Business and Corporate

Construction

Cross-Border Business

Data Protection, Privacy and Cybersecurity

Emerging Companies

Environment, Social and Governance (ESG)

Environmental, Sustainability, and Product Stewardship

Financial Services

Government Enforcement and Investigations

Government Relations and Public Policy

Health Law

Hospitality

Immigration

Intellectual Property

Labor & Employment

Litigation

Mergers and Acquisitions

Product Liability, Class Action and Mass Tort

Real Estate

Securities

Tax

Technology

Transportation and Logistics
Industries

Automotive

Aviation

Construction

Disaster Recovery and Government Services

Drug, Device and Life Sciences

Education

Energy

Financial Services

Gaming

Governmental Entities

Health Care

Hospitality

Long Term Care

Manufacturing

Real Estate

Retail

Technology

Telecommunications

Transportation and Logistics
Experience

Featured Case Study
Community Healthcare Trust Incorporated Community Healthcare Trust Incorporated More Case Studies

Search Experience
Keywords Practice Industry
News & Events

Professionals
Practices
Industries
Experience
News & Events
Other Pages

Quick Results

View More Results

Professionals

Layna Cook Rush, CIPP/US, CIPP/C

Shareholder

Baton Rouge
T: 225.381.7043
F: 225.382.0243

Layna Rush focuses her practice on representing clients in managed care, insurance-related regulatory and compliance, and privacy and security issues.

Professional Biography

Ms. Rush leads the Firm's Data Incident Response Team, which is a NetDiligence Authorized Breach Coach^® firm. She assists clients in the investigation of and response to privacy and security incidents. She is a U.S. and Canadian Certified Information Privacy Professional and member of the Firm's Data Protection, Privacy and Cybersecurity Team. Ms. Rush also assists clients with managed care and insurance regulatory issues.

Privacy and Security

Ms. Rush counsels clients on the investigation of, and response to, privacy and security incidents and data breaches. She represents clients in investigations by the Office for Civil Rights, state attorneys general and insurance departments, and in litigation involving privacy challenges. She routinely advises clients on state and federal laws related to privacy and security of personal information, including HIPAA, Part 2 Substance Abuse laws, the Genetic Information Nondiscrimination Act, the Telephone Consumer Protection Act, the CAN-SPAM Act and state laws related to privacy protections and breach notification requirements. She has assisted clients in the development of policies and procedures for compliance with HIPAA and state and federal laws related to privacy and security. Her privacy and security experience includes:

Assisting clients with response to security incidents, including phishing scams and ransomware attacks.
Advising clients on notification requirements under state and federal breach notification laws.
Representing clients in investigations by the Office for Civil Rights, state attorneys general and other state agencies that enforce privacy and security regulations.
Assisting with review and development of privacy and security compliance manuals.
Drafting and advising on business associate obligations and contracts.
Reviewing and drafting website privacy policies.
Assisting clients with development and testing of incident response plans.

Managed Care

Ms. Rush represents clients in regulatory, compliance, and operational issues related to managed care. She drafts agreements between health care entities including provider agreements for participation in IPAs, ACOs, TPAs, PPOs and Medicare Advantage and Medicaid managed care plans. She routinely counsels clients on state and federal legislation that impacts managed care contracting. Her managed care experience includes:

Drafting and editing managed care contracts including IPA Participating Provider Agreements, ACO Participation Agreements, Medicaid Managed Care Participating Provider Agreements, PPO/Network Agreements, Commercial Health Plan Provider Agreements, Value Based/Risk Based Participation Agreements and Pharmacy Benefit Manager Agreements.
Assisting providers with resolution of disputes with payers including disputes related to payment obligations and contract terminations.
Preparing payment-related documents and agreements including assignment of rights, patient agreements to pay contracts and negotiated rate agreements.
Advising clients on federal and state laws related to out-of-network payments and balance billing, including the No Surprises Act
Counseling clients on state laws related to network adequacy, prompt pay provisions, "any willing provider" requirements, Medicaid managed care and Association Plans/Multiple Employer Welfare Associations (MEWAs).
Advising clients on federal laws and regulations related to Medicare Advantage plans, Medicaid managed care plans, Affordable Care Act provisions related to plan benefit design and premium payment and coordination of Benefit provisions/Medicare Secondary Payer regulations.
Assisting clients with the formation, registration and/or licensing of Health Maintenance Organizations, insurance companies, Third-Party Administrators, Utilization Review Agents, Preferred Provider Organizations/Networks, and Independent Physician Associations.

Insurance Regulatory

Ms. Rush routinely assists clients with insurance regulatory matters and is familiar with all lines of insurance including property and casualty, title, life, and health. Her work on insurance matters includes:

Advising insurance companies on acquisitions, redomestications, mergers, formations and expansions, reinsurance, insolvency and holding company matters.
Counseling clients on compliance and operational issues.
Representing regulated clients before insurance departments around the country.
Assisting clients with response to cease and desist orders, civil investigation demands and related regulatory proceedings.
Assisting clients with preparation and filing of rate and form documents.
Advising clients on insurance premium tax matters and on the handling of unclaimed property laws and regulations.
Assisting insurance agents and brokers with obtaining licensure in all 50 states, advising agents and brokers on regulatory matters, and representing them in administrative actions.
Counseling clients on compliance with insurance data security laws, drafting information security programs and assisting with cyber breach reporting obligations.
Counseling clients on issues related to captive formation and operations.

American Bar Association
- Vice Chair – Health Lawyer Editorial Board (2018 – 2024)
American Health Law Association
Baton Rouge Bar Association
Executive Secretary – Louisiana Business Group on Health Board of Directors
Louisiana Hospital Association
Louisiana State Bar Association
Wex S. Malone Chapter of the American Inns of Court
Member – International Association of Privacy Professionals (CIPP/US, CIPP/C)
Fellow – American Bar Foundation
Listed in The Best Lawyers in America^® for Health Care Law (2022 – 2025)
Listed in Who's Who Legal in Healthcare (2020)
Recognized as a "Top Forty Under 40" by the Baton Rouge Business Report (2013)

Board of Directors – Environment and Health Council of Louisiana (2010 – present; President, 2013 – 2019)
Board of Directors – March of Dimes Capital Area (2010 – 2016)
Board of Directors – Charles W. Lamar YMCA (2011 – 2017)
Board of Directors – Girls on the Run of Greater Baton Rouge (2012 – 2022)
Board of Directors – Louisiana Business Group on Health (2012 – present)

"The Office for Civil Rights Recently Settled Two Ransomware Related Investigations" (October 2024)
"Best Practices for Protecting Operations from Vendor's Cyber Incidents" (October 2024)
"Coming Soon to a Health Care Provider Near You: Requirements of the New Final Rule for Section 1557," AHLA Post-Acute and Long Term Services Practice Group Briefing (May 2024)
"How to Comply with HHS' New Nondiscrimination Compliance Infrastructure Requirements in Your Facility" (May 2024)
"The New Law of the Land: HHS Finalizes Health Care Nondiscrimination Provisions in Section 1557 Final Regulation" (May 2024)
"HIPAA Updates: The Obligations Continue to Unfold" (February 2024)
"Baker's Dozen: What Are Your Best "Balance" Tips?," Women's Initiative Newsletter (June 2023)
"MOVEit Transfer Zero-Day Vulnerability: What Companies Need to Know," republished in CPO Magazine (June 2023)
"U.S. Health Care Sector Should Take Immediate Mitigating Actions Due to Targeted Attacks by Pro-Russia Hacktivist Group" (February 2023)
"Cultivating Good Relationships with Insurance Regulators," Law360 (January 2023)
"Beware of Cyber Attacks During the Holiday Season – Royal Ransomware Group Highlighted as Threats to the Health and Public Health Sectors" (December 2022)
"Creating and Maintaining Good Relationships between Regulators and Insurers," LexisNexis (December 2022)
"Office For Civil Rights Seeks Input on Implementation of HITECH Amendments" (April 2022)
"Imminent Deadline for Submitting Annual Notice of HIPAA Breach" (January 2022)
"Baker's Dozen: Honoring Moms Everywhere," Women's Initiative Newsletter (May 2021)
"FBI Warns Hospital and Health Care Providers are Under Attack" (October 2020)
"Health Info Authorization Ruling Is A Mixed Bag For Providers," Law360 (February 2020)
"District Court Ruling Impacts HIPAA Access Request Permissible Charges" (February 2020)
"Proposed Part 2 Rule Addressing Rehab Data Confidentiality Has Significant Gaps," Bloomberg BNA Health IT Law & Industry Report (April 2016)
"A Recent State Supreme Court Ruling Opens the Door for Breach of Privacy Claims Against Health Care Providers" (November 2014)
"Conditional Class Certification Granted on Plan's Recoupment Practices as Applied to Out-of-Network Health Care Providers," American Health Law Association alert (September 2014)

Panelist – "Healthcare Compliance Emerging Trends and Best Practices for Managing Risk (CYBER)," National Symposium for Healthcare Executives, University of Alabama at Birmingham (October 2024)
Co-presenter – "Trends in Data Privacy Enforcement and Litigation," American Health Law Association (May 2024)
Co-presenter – "Privacy Dos and Don'ts and Social Media Risks," North Carolina Assisted Living Association (December 2022)
Panelist – "Cyber Extortion and Ransomware – Your Business is at Risk: Third Party Liability, Data Exfiltration and Information Disclosure Issues," ISACA North America Conference, New Orleans, Louisiana (May 2022)
Panelist – "Cyber: Business Interruption and Vendor Risk," WSIA 2022 Insurtech Conference, New Orleans, Louisiana (March 2022)
Panelist – "Regulatory Roulette: Leveraging and Navigating State Insurance Departments," ABA 2022 Insurance Coverage Litigation Seminar, Tucson, Arizona (March 2022)
Co-presenter – "Overview of Cyber and Automation Risks in the Oilfield," 20th Annual Energy Litigation Conference (November 2021)
Co-presenter – "Enterprise Risk in Cyber Extortion and Ransomware," RIMS Canada 2021 Virtual Conference (October 2021)
"A Ransomware Tale," Mississippi Society of CPAs' Health Care Services Conference (September 2021)
Co-presenter – "Cyber Security and Privacy Practices to Protect Patient Data and Mitigate Litigation and Regulatory Risk," ACI Managed Care Disputes and Litigation (June 9, 2021)
"Local Perspective: How Louisiana is Addressing Cyber Attacks and What Businesses Can Do to Protect Themselves" (November 2019)
Panelist – "Cybersecurity – Risks, Trends, Resources, and Legal Requirements," WEN 2019 National Conference, Denver, Colorado (March 2019)
"Professionalism," 2018 Louisiana Association of Health Plans' Annual Meeting CLE, "Issues in Health Law" (December 2018)
"Negotiating Effective Payer-Provider Contracts," ABA Physicians Legal Issues Conference, Chicago, Illinois (June 2018)
"HIPAA Compliance in the Current Healthcare Landscape," American Portable Diagnostic Association's Mid-Year Meeting, Louisville, Kentucky (May 2018)
"Cybersecurity for the C-Suite and Management," 31st Annual MSU Insurance Day, Starkville, Mississippi (April 2018)
"Surprise! You've Been Billed: Emerging Trends in Balance Billing Disputes," ABA Emerging Issues in Healthcare Law (February 2018)
"Ethics and E-Discovery," 2017 Louisiana Association of Health Plans' Annual Meeting CLE—Issues in Health Law (December 2017)
"Section 1557: Unfunded Federal Mandate or Landmark Civil Rights Healthcare Law? Understanding Healthcare Provider Responsibilities Under the ACA's Anti-Discrimination Rule," HBA Health Law Section CLE (January 2017)
Co-presenter – "Section 1557 – Are You Ready?," webinar, LeadingAge Texas (August 2016)
"Cyber Security: What Should be on Your Radar," Southern Gaming Summit/BingoWorld 2016 conference (May 2016)
"Legislation Affecting Our Industry," Louisiana Association of Health Plans Health Care at the Capitol conference (March 2014)
"Health Insurance Exchange Challenges and Solutions, Part II: Enrollment Assistance and Privacy and Security," American Health Law Association webinar (August 2013)
"The Health Care Reform Act: A Look at Key Health Coverage Provisions," VenueConnect (July 2013)
"The Impact of Health Reform's State Exchanges," Spring Managed Care Forum (May 2013)
"Making the Grade: Compliance in the Exchange Market," National Association of Specialty Health Organizations Webinar (November 2012)
"Explaining Health Care Reform: Exchanges And The Impact On Employers," Louisiana Business Group on Health's Webinar Series (October 2012)
"Explaining Health Care Reform: Wrap Up for 2011 and What to Expect in 2012," Louisiana Business Group on Health's Webinar Series (December 2011)
"The Impact of Healthcare Reform Law," New Orleans Regional Leadership Institute (February 2011)

An Overview of HIPAA Issues for Financial Institutions and Best Practices for Your Vendor Management Program (June 2021)
Incident Response: What You Need to Know (April 2021)

Baker Donelson Attorneys Recognized in The Best Lawyers in America® 2025 Listing (August 15, 2024)
Baker Donelson Represents S&S Health in Growth Investment from Lovell Minnick Partners (October 16, 2023)
Baker Donelson Attorneys Recognized in The Best Lawyers in America^® 2024 Listing (August 17, 2023)
Baker Donelson Authorized as Top Tier Firm by NetDiligence^® for Data Security, Privacy, and Incident Response (December 5, 2022)
Baker Donelson Attorneys Earn Recognition in The Best Lawyers in America® 2023 Listing (August 18, 2022)
Baker Donelson Attorneys Earn Recognition in The Best Lawyers in America® 2022 Listing (August 19, 2021)
Layna Cook Rush Named Chair of Baker Donelson's Data Incident Response Team (March 5, 2021)
Baker Donelson's Layna Cook Rush Earns Additional Information Privacy Certification (November 10, 2020)
23 Baker Donelson Attorneys Recognized in 2020 Who's Who Legal (October 8, 2020)

Layna Rush Shares Best Practices for Responding to HIPAA Complaints in Healthcare Risk Management (September 1, 2024)
Layna Rush Addresses Question of Sending Patient Records Via Unsecure Email in Part B News (August 12, 2024)
Layna Rush Quoted in Healthcare Risk Management on Resumption of HITECH Audits (July 1, 2024)
Layna Rush Discusses HIPAA-Compliant Texting in Healthcare Risk Management (July 1, 2024)
Layna Rush Comments in The Daily Upside on the Increasing Frequency and Costs of Hacks on Health Care Systems (June 23, 2024)
Layna Rush Discusses What to Expect After a HIPAA Violation in Healthcare Risk Management (December 1, 2023)
Layna Rush Comments on OCR's Security Risk Assessment Tool in Healthcare Risk Management (December 1, 2023)
Layna Rush Quoted in Healthcare Risk Management on How a Hospital Cyberattack Can Critically Affect Other Hospitals in the Community (September 1, 2023)
Layna Rush Discusses Cyber Liability Insurance vs. Data Breach Insurance in CSO Magazine (June 14, 2023)
Layna Rush Shares Best Practices for Cyberattack Response Planning in Healthcare Risk Management (April 1, 2023)
Layna Rush Comments in Tech Target on Impact of Potential Litigation and Regulatory Action from Data Breaches (January 20, 2022)
Layna Rush Quoted in Commercial Risk on Data Breach Response for the Vaccine Supply Chain (October 12, 2021)
Layna Rush Discusses Whistleblower Exception That Allows Reporting HIPAA Violations with PHI in Healthcare Risk Management (May 14, 2021)
Layna Cook Rush Quoted in PlanSponsor on Importance of Cybersecurity Incident Response Planning (March 22, 2021)
Layna Cook Rush Comments in CityBusiness on Privacy Issues Related to Businesses Gathering Customer Information for Contact Tracing (May 6, 2020)
Layna Cook Rush Discusses Top Challenges Facing Healthcare Executives During 2020 in Managed Healthcare Executive (January 4, 2020)

An Overview of HIPAA Issues for Financial Institutions and Best Practices for Your Vendor Management Program (June 16, 2021)
Incident Response: What You Need to Know (April 30, 2021)

Practices

Industries

Education

Louisiana State University Paul M. Hebert Law Center, J.D., 1999
- Law Review
Louisiana State University, B.S., 1996, magna cum laude
- Phi Kappa Phi

Admissions

Louisiana, 1999
United States District Court for the Eastern District of Louisiana
United States District Court for the Middle District of Louisiana
United States District Court for the Western District of Louisiana
United States Court of Appeals for the Fifth Circuit

Featured Media

The Office for Civil Rights Recently Settled Two Ransomware Related Investigations

Publication / October 10, 2024

Best Practices for Protecting Operations from Vendor's Cyber Incidents

Publication / October 7, 2024

Layna Rush Shares Best Practices for Responding to HIPAA Complaints in Healthcare Risk Management

News / September 1, 2024

Search By Last Name

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Baker Donelson is a national law firm with more than 650 attorneys and public policy advisors representing more than 30 practice areas to serve a wide range of legal needs. Clients receive knowledgeable guidance from experienced, multi-disciplined industry and client service teams, all seamlessly connected across 23 offices in Alabama, Florida, Georgia, Louisiana, Maryland, Mississippi, North Carolina, South Carolina, Tennessee, Texas, Virginia, and Washington, D.C.