Alisa L. Chestler, CIPP/US

Shareholder

Nashville
T: 615.726.5589
F: 615.744.5589

Washington, D.C.
T: 202.508.3400
F: 202.508.3402

Alisa Chestler concentrates her practice in privacy, security and information management issues; health care and insurance regulatory compliance; and corporate transactions matters.

Featured Videos

2021 Health Care Outlook February 16, 2021

Baker Donelson Women's Initiative Wrap it Up CLE Webinar December 15, 2020

Coronavirus: Privacy, Security and Telehealth for Long Term Care Providers March 31, 2020

Coronavirus (COVID-19): What Your Business Should Do Right Now March 11, 2020

Featured Experience

Assisted large hospital system in identifying cybersecurity issues and negotiation of asset purchase agreement and closing conditions.

Counseled emerging company on privacy and security issues prior to initial capital raise.

Represented an academic medical center in negotiating a $400 million electronic medical record software license and implementation services agreement with Epic Systems.

2016

Professional Biography

Ms. Chestler serves as the chair of the Data Protection, Privacy and Cybersecurity Team at Baker Donelson. She concentrates her practice in privacy, security and information management issues including compliance, contract negotiation and corporate transactions matters. She joined Baker Donelson after a distinguished career as in-house counsel and privacy officer to several large public and private companies.

Ms. Chestler routinely counsels clients on data privacy and security matters that arise from federal and state laws, including HIPAA, the California Consumer Privacy Act (CCPA), GLB, FCRA/FACTA, state data breach laws and the Payment Card Industry (PCI-DSS) requirements. Ms. Chestler also counsels clients on global data protection laws, including the General Data Protection Regulation (GDPR) and the Personal Information Protection and Electronic Documents Act (PIPEDA). She has significant experience assisting companies in developing comprehensive privacy and security programs and working with management to identify risk management issues, many times in anticipation of corporate transactions. She assists clients in identifying, evaluating and managing risks associated with privacy and information security practices of companies and third party service providers. Ms. Chestler also counsels clients regarding incident response programs including the development of the incident response plan, investigation and response.

Ms. Chestler assists clients with negotiating complex information technology and partnership agreements, including health information exchange (HIE) participation, EHR negotiation, blockchain, adoption and compliance with HITECH and meaningful use requirements, and audits. She has also assisted clients in analyzing and negotiating cloud computing issues and agreements. Follow her on Twitter @alchestler.

Assisted large hospital system in identifying cybersecurity issues and negotiation of asset purchase agreement and closing conditions.
Counseled emerging company on privacy and security issues prior to initial capital raise.
Represented an academic medical center in negotiating a $400 million electronic medical record software license and implementation services agreement with Epic Systems.

Listed in Washington, D.C. Super Lawyers in the area of Health Care (2012 – 2020)
Member – American Health Law Association
- Health Information and Technology Practice Group – Chair (2018 – Present)
- Health Information and Technology Practice Group – Vice Chair (2015 – 2018)
- Health Information and Technology Practice Group – Leadership Development (2014 – 2015)
Member – International Association of Privacy Professionals
Member – Health Care Compliance Association
Chair – Compliance Committee, The Care Continuum Alliance (2009 – 2013)
Member – American Health Information Management Association
- Practice Council on Health Information Exchange (2012 – 2014)

"OCR Issues Notice of Proposed Rulemaking Proposing Changes to HIPAA Privacy Rule" (December 2020)
"Cyber Criminals Now Have the Keys to Your "House"" (December 2020)
"HHS Releases Update to Security Risk Assessment Tool" (September 2020)
"Human Resources and Employment Counsel Beware: Increase in Malware Attacks Raising New Concerns for Employers" (June 29, 2020)
"No Time to Rest: HHS Marches Ahead with Interoperability and Information Blocking Updates" (April 28, 2020)
"Cybersecurity Concerns when Considering Furloughs" (April 6, 2020)
"Coronavirus: Significant HIPAA Relief in Telehealth Context Due to COVID-19 Response" (March 23, 2020)
"INSIGHT: New DoD Cybersecurity Certification Holds Key to Contracts," Bloomberg Law (March 23, 2020)
"Don't Forget About Cyber Hygiene During Coronavirus (COVID-19) Outbreak," republished in Corporate Counsel (March 3, 2020) and Beazley Academy (March 17, 2020)
"Coronavirus: HHS Announces Limited Waivers of HIPAA Penalties and Sanctions" (March 17, 2020)
"CMS and ONC Publish Final Interoperability and Information Blocking Rules," republished in Westlaw Journal Healthcare (March 2020)
"SEC Dispatches on Cybersecurity" (February 2020)
"DoD Issues Cybersecurity Maturity Model Certification v1.0 (CMMC)" (February 2020)
"Data Privacy Day 2020 – What Actions Businesses Can Take," (January 2020); republished in Corporate Counsel (February 2020)
Co-author – "INSIGHT: Health Care Providers, Think Before You Yelp … and Other HIPAA Concerns," Bloomberg Law: Privacy & Data Security Law News (January 2020)
"Privacy & Cybersecurity Due Diligence – No Longer Optional: Company Fined $124 Million for Pre-Merger Compromise" (July 2019)
"Department of Homeland Security Issues Report on Microsoft Office 365" (May 2019)
"FERC Imposes Cybersecurity Standards on Third-Party Utility Vendors" (February 2019)
"More Help for Health Care Organizations: HHS Releases Voluntary Cybersecurity Practices Developed with Industry Input" (January 2019)
"Required Reading for All Health Executives – Key Draft Report Released Regarding Health Information Technology" (November 2018)
"New Data Law Comes into Effect on January 1, 2019 – Does Your Business Have to Comply?" (November 2018)
"Changes to the Security Risk Assessment (SRA) Tool Require Attention" (October 2018)
"CMS Clarifies Text Messaging Prohibition" (January 2018)
"$325 Million Qui Tam Reveals Growing Focus on EHR Incentive Payments" (December 2017)
"Peer Review Not Protected: U.S. Supreme Court Will Not Disturb Florida Decision Limiting the Patient Safety and Quality Improvement Act" (November 2017)
"Maryland and Delaware to Roll Out Changes to Data Breach Laws in 2018" (August 2017)
"What You Need to Do Now: Responding to the Major Cybersecurity Attack Against Organizations" (May 2017)
"New York AG Puts Mobile Health App Developers on Notice" (March 2017)
"OCR Examines Hybrid Entity Designation in Latest HIPAA Settlement" (November 2016)
"Best Practices for Responding to the Threat of Ransomware" (June 2016)
"Have You Assessed Your Cyber-Preparedness Lately?," BankNews (May 2016)
Co-author – "Ransomware Attack on Hospital Highlights the Importance of Preparation for All Organizations," Bloomberg BNA (April 2015)
"Significant New EU Data Protection Privacy Framework Regulation Approved" (April 2016)
Co-author – "The Raising of a Privacy Shield," e-Commerce Law & Strategy Newsletter (March 2016)
"Cyber Security Takes Top Priority at Law Firms Nationwide," ALFN Angle, 2016 Winter Edition (February 2016)
Co-author – "HIPAA Settlement Underscores the Vulnerability of Unpatched and Unsupported Software," HR Professionals Magazine (February 2015)
"DOL Gives States More Control Over Self-Insured Health Plans" (November 2014)
"A Recent State Supreme Court Ruling Opens the Door for Breach of Privacy Claims Against Health Care Providers" (November 2014)
"$840 Million in Grants from Government Available to Providers" (October 2014)
"The Effect of California's New Privacy Laws on Your Company" (October 2014)
Co-author – "HIPAA/HITECH Resource Guide," American Health Law Association (2014)
Co-author – "Minimizing EHR-Related Serious Safety Events," AHLA Public Interest publication (2013)
"Federal Court Rules on Michigan Tax on Health Plan Claims: ERISA Does Not Preempt," American Health Law Association Email Alert for the Payors, Plans, and Managed Care Practice Group (September 2012)
"Potential Regulation of Proposed Premium Rate Increases for Association Plans?," American Health Law Association Email Alert for the Payors, Plans, and Managed Care Practice Group (May 2011)

"The Law & Cyber Security: What Those in Trucking Need to Know," American Trucking Association (July 2020)
"Unblocking Information - Industry Collaboration on Interoperability Model Contract Terms," AHLA Annual Meeting (July 2020)
"Corporate Counsel 2020: How to Cyber-Proof Your Transaction - Privacy and Security Considerations," Tennessee Bar Association (May 2020)
"Avoiding Cyber-Collisions- Don't Let Cyber Issues Wreck Your Transaction," AHLA Transactions Meeting (April 2020)
"The CFO Leadership Council – Nashville Chapter" (January 2020)
"Crafting a Company's Privacy Regime to Meet Global Requirements," Georgetown Law 16th Annual Advanced eDiscovery Institute, Washington, D.C. (November 2019)
"How the C-Suite, Board, & CISO Can Communicate Better," Cybercon 2019 (September 2019)
"Cyberproof Your Transaction – Avoid Letting Cyber Issues Derail Your Transaction," 2019 AHLA Transactions Conference (May 2019)
"AHLA Physicians and Hospitals Law Institute" (February 2019)
"Wrap It Up" (December 2018)
Moderator – "Whose Document Is It Anyway? – Possession of Documents in the Digital Age," 2018 Long Term Care Symposium (November 2018)
"Cyber Security," 68th Annual Southeastern Association of Tax Administrators Conference, Nashville, Tennessee (July 2018)
"Get the 411– Keeping the Information Technology Elements of Your Transactions Online," AHLA Health Care Transactions Conference, Nashville, Tennessee (May 2018)
Panelist – "Code Talkers and Cyber Security – What Do They Have in Common?," Tennessee HIMSS Cybersecurity Breakfast, Nashville, Tennessee (October 2017)
"Cybercon 2017" (October 2017)
Panelist – "The Role of Lawyers in Cybersecurity," Homeland Security Law Institute, George Washington University, Washington, D.C. (September 2017)
"What's Now and What's Next in the Telehealth Industry: Utilize Technological Advances to Minimize Risk," Bloomberg BNA, Washington, D.C. (September 2017)
"Cybersecurity for the C-Suite and Management" (August 2017)
"Blockchain, IoT. . . Around the World in Health Information Technology," AHLA Annual Meeting, San Francisco, California (June 2017)
Panelist – "Business Case for Cybersecurity | Managing the Risk of Insecurity," Nashville Cybersecurity Conference (June 2017)
"Beyond the Water Cooler: Social Media Best Practices for Your Workplace" (January 2017)
"Welcome to the Future: Telemedicine and HIPAA HITECH ," 2016 Long Term Care Symposium (November 2016)
"Cyber & Information Security Consortium Fall Meeting" (October 2016)
"Cyber Threats to Your Business" (October 2016)
"Cybercon 2016" (September 2016)
Moderator – "Healthcare & Interoperability: What does interoperability mean to health care? Why is it so crucial to the next level of providing safe and effective health care?," 2016 SEUS-CP Conference, Nashville, Tennessee (May 2016)
Panelist – "Why U.S. – Turkey Partnerships? Opportunities and Challenges," U.S. – Turkey Investment Partnership Summit (February 2016)
"Commercial and Government Procurement/RFP Process," Israel Defense Cybersecurity Conference (January 2016)
"HIT or Miss? Legal and Ethical Concerns for Implementation of Health IT," Nashville Council of Health Care Attorneys CLE Program (November 2015)
"The Rise of Health Care Technology: ERM Implications for the New Normal," American Health Law Association, Enterprise Risk Management Task Force Educational Webinar (October 2015)
Panelist – "Under Disruption: Why Health IT is Out of Control," Summit of the Southeast, Tennessee HIMSS Annual Meeting (September 2016)
"EHR Standards: HIE, Meaningful Use, and Patient Portals: What Your Lawyers Are Worried About," American Health Information Management Association National Convention (September 2015)
Moderator – "U.S. Federal Policy and Cyber Legislation and Regulation: What It Means for Your Business," and "Cybersecurity: Business Challenges and the Future," Securing Your Future: Staying Ahead of Developments in Cybersecurity and Its Impact on Technology, Advanced Manufacturing, Logistics, Health Care and Energy, Atlanta, Georgia (August 2015)
Moderator – "The Role of State Governments in Cybersecurity," Securing Your Future: Staying Ahead of Developments in Cybersecurity and its Impact on Technology, Advanced Manufacturing, Logistics, Health Care and Energy, Atlanta, Georgia (August 2015)
Panelist – "Fighting Hack Attacks and Data Breaches: A Booming Climate for Investors," Securing Your Future: Staying Ahead of Developments in Cybersecurity and Its Impact on Technology, Advanced Manufacturing, Logistics, Health Care and Energy, Atlanta, Georgia (August 2015)
Panelist – "Defending the Grid: Latest Threats and How They Can Be Avoided," Securing Your Future: Staying Ahead of Developments in Cybersecurity and Its Impact on Technology, Advanced Manufacturing, Logistics, Health Care and Energy, Atlanta, Georgia (August 2015)
Moderator – "Cyber Liability Coverage and Insurance," Securing Your Future: Staying Ahead of Developments in Cybersecurity and Its Impact on Technology, Advanced Manufacturing, Logistics, Health Care and Energy, Atlanta, Georgia (August 2015)
Panelist – "The Background Singers: How Other Industries Affect Hotels," 2015 Hotel Data Conference (August 2015)
"Health Care Technology: New Regulations and Impact of HIPAA," Nashville Bar Association CLE Program (August 2015)
"Data Security and Privacy Essentials for an Unsecure World" (October 2014)
Moderator – "Part III: HIT and Data Sharing Issues for the ACO," Accountable Care Organization Bootcamp Webinar Series (March 2013)
Panelist – "The Future of Exchanges," Mississippi Insurance Department's Health Care Reform Symposium (December 2012)