Professionals

Name / Keyword Office Practice Industry Language Show All
Practices

Antitrust

Business and Corporate

Construction

Cross-Border Business

Data Protection, Privacy and Cybersecurity

Emerging Companies

Environment, Social and Governance (ESG)

Financial Services

Government Enforcement and Investigations

Government Relations and Public Policy

Health Law

Hospitality

Immigration

Intellectual Property

Labor & Employment

Litigation

Mergers and Acquisitions

Product Liability, Class Action and Mass Tort

Real Estate

Securities

Tax

Technology

Transportation and Logistics
Industries

Automotive

Aviation

Construction

Disaster Recovery and Government Services

Drug, Device and Life Sciences

Education

Energy

Financial Services

Gaming

Governmental Entities

Health Care

Hospitality

Long Term Care

Manufacturing

Real Estate

Retail

Technology

Telecommunications

Transportation and Logistics
Experience

Featured Case Study
Community Healthcare Trust Incorporated Community Healthcare Trust Incorporated More Case Studies

Search Experience
Keywords Practice Industry
News & Events

Professionals
Practices
Industries
Experience
News & Events
Other Pages

Quick Results

View More Results

Professionals

Alisa L. Chestler, CIPP/US, QTE

Shareholder

Nashville
T: 615.726.5589
F: 615.744.5589

Washington, D.C.
T: 202.508.3475
F: 202.508.3402

Alisa Chestler concentrates her practice in privacy, security, and information management issues; health information and technology; health care and managed care regulatory issues; and corporate transactions matters.

Featured Experience

Assisted a large hospital system in identifying cybersecurity issues and negotiation of an asset purchase agreement and closing conditions.

Counseled an emerging company on privacy and security issues prior to its initial capital raise.

Represented an academic medical center in negotiating a $400 million electronic medical record software license and implementation services agreement with Epic Systems.

Professional Biography

Ms. Chestler serves as the chair of the Data Protection, Privacy and Cybersecurity Team at Baker Donelson. She concentrates her practice in privacy, security, and information management issues, including compliance, contract negotiation, and corporate transactions matters. She joined Baker Donelson after a distinguished career as in-house counsel and privacy officer to several large public and private companies, including several managed care organizations and health care companies. Ms. Chestler is a Certified Information Privacy Professional: United States (CIPP/US) and has also attained certification as a Qualified Technology Expert (QTE).

In her practice, Ms. Chestler serves as a trusted advisor to clients and routinely counsels them on their technology and data strategy with a strong base in digital health, life science, and general health care. She counsels clients on technology, data privacy, and security matters that arise from federal and state laws, including the Health Insurance Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CCPA), Gramm-Leach-Bliley Act (GLB), Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act, Family Educational Rights and Privacy Act (FERPA), state data breach laws, and the Payment Card Industry (PCI-DSS) requirements. Ms. Chestler also counsels clients on global data protection laws, including the General Data Protection Regulation (GDPR). She has significant experience assisting companies in developing comprehensive privacy and security programs and working with management to identify risk management issues, many times in anticipation of corporate transactions. She assists clients in identifying, evaluating, and managing risks associated with privacy and information security practices of companies and third-party service providers. Ms. Chestler also counsels clients regarding incident response programs, including the development of the incident response plan, investigation, and response.

In addition, Ms. Chestler drafts and negotiates technology agreements, including Master Services Agreements (MSAs), Software License Agreements, Software as a Service (SaaS) agreements, and Professional Services Agreements.

She routinely assists clients in complex health information and technology issues such as the negotiation of complex information technology and partnership agreements, including health information exchange (HIE) participation, electronic health record (EHR) negotiation, data use agreements, blockchain, artificial intelligence (AI), adoption of and compliance with Health Information Technology for Economic and Clinical Health Act (HITECH) and meaningful use requirements, and the interoperability and information blocking regulations. She assists digital health and consumer application companies in navigating the complexities of health care technology strategy, agreements, and compliance concerns.

Ms. Chestler worked as in-house counsel for more than 15 years for several managed care organizations, including CareFirst BlueCross Blue Shield.

Follow her on X @alchestler.

Leads a team of attorneys in the negotiation of technology agreements for a global company in the life sciences industry, averaging nearly 100 negotiations per year.
Assisted a large hospital system in identifying cybersecurity issues and negotiation of an asset purchase agreement and closing conditions.
Counseled an emerging company on privacy and security issues prior to its initial capital raise.
Represented an academic medical center in negotiating a $400 million electronic medical record software license and implementation services agreement with Epic Systems.
Provided strategic and legal counseling for an international consumer application's entrance into the health market.

Listed in Washington, D.C. Super Lawyers in the area of Health Care (2012 – 2024); Technology Transactions (2023)
Member – Leadership Health Care (LHC) Leadership Cohort, Nashville Health Care Council (2024)
Member – American Health Law Association
- Health Information and Technology Practice Group – Chair (2018 – 2021)
- Health Information and Technology Practice Group – Vice Chair (2015 – 2018)
- Health Information and Technology Practice Group – Leadership Development (2014 – 2015)
Member – International Association of Privacy Professionals
Member – Health Care Compliance Association
Member – Tulane Family Leadership Council (2022 – present)
Chair – Compliance Committee, The Care Continuum Alliance (2009 – 2013)
Member – American Health Information Management Association
- Practice Council on Health Information Exchange (2012 – 2014)

"HIPAA Updates: The Obligations Continue to Unfold" (February 2024)
"OCR Enforcement Action Likely: Reminder of Steps to Take Now" (October 2023)
"New SEC Rules: Public Companies Must Report Material Cybersecurity Incidents Within Four Business Days," republished August 1, 2023, in Corporate Compliance Insights (July 2023)
"MOVEit Transfer Zero-Day Vulnerability: What Companies Need to Know," republished in CPO Magazine (June 2023)
"FTC Proposes Rulemaking to the Health Breach Notification Rule to Include Information Disclosures by Health Apps and Other Technologies" (May 2023)
"A Baker's Dozen: Top Questions In-House Legal Counsel Should Consider Asking to Better Understand AI including ChatGPT" (April 2023)
"Reproductive Privacy Rights: Changes Coming for Health Care Organizations" (April 2023)
"Initiative to Modernize National Organ Transplant System" (March 2023)
"The LastPass Lesson: Why Your Company Needs to Care About Password Manager Breaches," republished April 2023, in Washington Business Journal (March 2023)
"U.S. Department of Veterans Affairs Overhauls Cybersecurity Rules for Government Contractors" (February 2023)
"Privacy in 2023: Management and Officer Liability for Privacy and Data Security Programs," republished February 1, 2023, in Corporate Compliance Insights (January 2023)
"Privacy Reset in 2023: Effective January 1: What Employers Need to Know About Additional Rights in the California Privacy Rights Act," republished January 10, 2023, in the Los Angeles Daily Journal (January 2023)
"New Executive Order Aims to Restore U.S.-EU Data Privacy Agreement," republished in Law360 (October 2022)
"Software Developers With Federal Government Customers Must Provide Confirmation of NIST Standards," republished November 16, 2022, in Federal News Network (September 2022)
"Mitigating Cyber Vulnerabilities in Medical Devices" (September 2022)
"NCCoE Mitigating Risk to Telehealth" (September 2022)
"HHS Issues Post-Dobbs HIPAA Privacy Guidance for Employer Health Plans, Other Covered Entities" (July 2022)
"Cybersecurity: A Whistleblower's Paradise," republished in FEDweek (April 2022)
"SEC Proposal: New Cybersecurity Risk Management Rules for Investment Advisers and Funds," republished in Corporate Compliance Insights (February 2022)
"Biden Administration Signals Dramatic Shift in Focus to Confront Cyber Concerns In Government Contracting," republished June 18, 2021, in CPO Magazine (May 2021)
"OCR Issues Notice of Proposed Rulemaking Proposing Changes to HIPAA Privacy Rule" (December 2020)
"Cyber Criminals Now Have the Keys to Your "House"" (December 2020)
"HHS Releases Update to Security Risk Assessment Tool" (September 2020)
"Human Resources and Employment Counsel Beware: Increase in Malware Attacks Raising New Concerns for Employers" (June 29, 2020)
"No Time to Rest: HHS Marches Ahead with Interoperability and Information Blocking Updates" (April 28, 2020)
"Cybersecurity Concerns when Considering Furloughs" (April 6, 2020)
"Coronavirus: Significant HIPAA Relief in Telehealth Context Due to COVID-19 Response" (March 23, 2020)
"INSIGHT: New DoD Cybersecurity Certification Holds Key to Contracts," Bloomberg Law (March 23, 2020)
"Coronavirus: HHS Announces Limited Waivers of HIPAA Penalties and Sanctions" (March 17, 2020)
"Don't Forget About Cyber Hygiene During Coronavirus (COVID-19) Outbreak," republished in Corporate Counsel (March 3, 2020) and Beazley Academy (March 17, 2020)
"CMS and ONC Publish Final Interoperability and Information Blocking Rules," republished in Westlaw Journal Healthcare (March 2020)
"SEC Dispatches on Cybersecurity" (February 2020)
"DoD Issues Cybersecurity Maturity Model Certification v1.0 (CMMC)" (February 2020)
"Data Privacy Day 2020 – What Actions Businesses Can Take," (January 2020); republished in Corporate Counsel (February 2020)
Co-author – "INSIGHT: Health Care Providers, Think Before You Yelp … and Other HIPAA Concerns," Bloomberg Law: Privacy & Data Security Law News (January 2020)
"Privacy & Cybersecurity Due Diligence – No Longer Optional: Company Fined $124 Million for Pre-Merger Compromise" (July 2019)
"Department of Homeland Security Issues Report on Microsoft Office 365" (May 2019)
"Have You Assessed Your Cyber-Preparedness Lately?," BankNews (May 2016)
"Significant New EU Data Protection Privacy Framework Regulation Approved" (April 2016)
Co-author – "The Raising of a Privacy Shield," e-Commerce Law & Strategy Newsletter (March 2016)
"Cyber Security Takes Top Priority at Law Firms Nationwide," ALFN Angle, 2016 Winter Edition (February 2016)
Co-author – "Ransomware Attack on Hospital Highlights the Importance of Preparation for All Organizations," Bloomberg BNA (April 2015)
Co-author – "HIPAA Settlement Underscores the Vulnerability of Unpatched and Unsupported Software," HR Professionals Magazine (February 2015)
"DOL Gives States More Control Over Self-Insured Health Plans" (November 2014)
"A Recent State Supreme Court Ruling Opens the Door for Breach of Privacy Claims Against Health Care Providers" (November 2014)
"The Effect of California's New Privacy Laws on Your Company" (October 2014)
Co-author – "HIPAA/HITECH Resource Guide," American Health Law Association (2014)
Co-author – "Minimizing EHR-Related Serious Safety Events," AHLA Public Interest publication (2013)

"Tech Talks: Critical Incident Response Considerations" (April 2024)
Panelist – "Cybersecurity: Pre-Breach Preparedness," LeadingAge webinar (October 2023)
"North Alabama International Trade Association Roundtable: Weaponizing Cyber: How China, Russia and other Nation States Are Undermining Our Democracy and National Security" (August 2023)
"Health Care Strategy: Data and Cyber Considerations," AHLA Long Term Care Meeting (March 2023)
Moderator – "Privacy and Security Risk Management: Securing Your Enterprise and Beyond," 2022 Baker Donelson Long Term Care Symposium (November 2022)
"Don't Let a Cyber Quarantine Wreck Your Transaction/Reps and Warranties and Risk Analysis: A Growing Trend," AHLA Health Law Transactions Meeting (April 2022)
"The Law & Cyber Security: What Those in Trucking Need to Know," American Trucking Association (July 2020)
"Unblocking Information - Industry Collaboration on Interoperability Model Contract Terms," AHLA Annual Meeting (July 2020)
"Corporate Counsel 2020: How to Cyber-Proof Your Transaction - Privacy and Security Considerations," Tennessee Bar Association (May 2020)
"Avoiding Cyber-Collisions- Don't Let Cyber Issues Wreck Your Transaction," AHLA Transactions Meeting (April 2020)
"Crafting a Company's Privacy Regime to Meet Global Requirements," Georgetown Law 16th Annual Advanced eDiscovery Institute, Washington, D.C. (November 2019)
"How the C-Suite, Board, & CISO Can Communicate Better," Cybercon 2019 (September 2019)
"Cyberproof Your Transaction – Avoid Letting Cyber Issues Derail Your Transaction," 2019 AHLA Transactions Conference (May 2019)
"Cyber Security," 68th Annual Southeastern Association of Tax Administrators Conference, Nashville, Tennessee (July 2018)
"Get the 411– Keeping the Information Technology Elements of Your Transactions Online," AHLA Health Care Transactions Conference, Nashville, Tennessee (May 2018)
Panelist – "Code Talkers and Cyber Security – What Do They Have in Common?," Tennessee HIMSS Cybersecurity Breakfast, Nashville, Tennessee (October 2017)
"What's Now and What's Next in the Telehealth Industry: Utilize Technological Advances to Minimize Risk," Bloomberg BNA, Washington, D.C. (September 2017)
"Blockchain, IoT. . . Around the World in Health Information Technology," AHLA Annual Meeting, San Francisco, California (June 2017)
Panelist – "Business Case for Cybersecurity | Managing the Risk of Insecurity," Nashville Cybersecurity Conference (June 2017)
"Welcome to the Future: Telemedicine and HIPAA HITECH," 2016 Long Term Care Symposium (November 2016)
Panelist – "Under Disruption: Why Health IT is Out of Control," Summit of the Southeast, Tennessee HIMSS Annual Meeting (September 2016)
Moderator – "Healthcare & Interoperability: What does interoperability mean to health care? Why is it so crucial to the next level of providing safe and effective health care?," 2016 SEUS-CP Conference, Nashville, Tennessee (May 2016)
"Commercial and Government Procurement/RFP Process," Israel Defense Cybersecurity Conference (January 2016)
"HIT or Miss? Legal and Ethical Concerns for Implementation of Health IT," Nashville Council of Health Care Attorneys CLE Program (November 2015)
"The Rise of Health Care Technology: ERM Implications for the New Normal," American Health Law Association, Enterprise Risk Management Task Force Educational Webinar (October 2015)
"EHR Standards: HIE, Meaningful Use, and Patient Portals: What Your Lawyers Are Worried About," American Health Information Management Association National Convention (September 2015)
Moderator – "U.S. Federal Policy and Cyber Legislation and Regulation: What It Means for Your Business," and "Cybersecurity: Business Challenges and the Future," Securing Your Future: Staying Ahead of Developments in Cybersecurity and Its Impact on Technology, Advanced Manufacturing, Logistics, Health Care and Energy, Atlanta, Georgia (August 2015)
Moderator – "The Role of State Governments in Cybersecurity," Securing Your Future: Staying Ahead of Developments in Cybersecurity and its Impact on Technology, Advanced Manufacturing, Logistics, Health Care and Energy, Atlanta, Georgia (August 2015)
Panelist – "Fighting Hack Attacks and Data Breaches: A Booming Climate for Investors," Securing Your Future: Staying Ahead of Developments in Cybersecurity and Its Impact on Technology, Advanced Manufacturing, Logistics, Health Care and Energy, Atlanta, Georgia (August 2015)
Panelist – "Defending the Grid: Latest Threats and How They Can Be Avoided," Securing Your Future: Staying Ahead of Developments in Cybersecurity and Its Impact on Technology, Advanced Manufacturing, Logistics, Health Care and Energy, Atlanta, Georgia (August 2015)
Moderator – "Cyber Liability Coverage and Insurance," Securing Your Future: Staying Ahead of Developments in Cybersecurity and Its Impact on Technology, Advanced Manufacturing, Logistics, Health Care and Energy, Atlanta, Georgia (August 2015)
"Health Care Technology: New Regulations and Impact of HIPAA," Nashville Bar Association CLE Program (August 2015)
Moderator – "Part III: HIT and Data Sharing Issues for the ACO," Accountable Care Organization Bootcamp Webinar Series (March 2013)

The Cyber Risk Allocation Paradigm is Changing: Cyber Insurance's Evolving Issues (September 2021)
Cyber Threats: Key Considerations for Employers (July 2021)
Incident Response: What You Need to Know (April 2021)
2021 Health Care Outlook (February 2021)
Baker Donelson Women's Initiative Wrap it Up CLE Webinar (December 2020)
Coronavirus: Privacy, Security and Telehealth for Long Term Care Providers (March 2020)
Coronavirus (COVID-19): What Your Business Should Do Right Now (March 11, 2020)

Five Baker Donelson Attorneys Named to 2023 Edition of Washington, D.C. Super Lawyers (April 22, 2024)
Baker Donelson Adds Renowned Biometric Privacy Thought Leader David J. Oberly in D.C. (November 8, 2023)
Four Baker Donelson Attorneys Named to 2023 Edition of Washington, D.C. Super Lawyers (April 24, 2023)
Four Baker Donelson Attorneys Named to 2022 Edition of Washington, D.C. Super Lawyers (April 28, 2022)
7 Baker Donelson Attorneys Named to 2021 Edition of Washington, D.C. Super Lawyers (April 27, 2021)
11 Baker Donelson Attorneys Named to 2020 Edition of Washington, D.C. Super Lawyers (April 21, 2020)
Baker Donelson Expands Coronavirus Task Force (March 9, 2020)
Baker Donelson Represents STR in $450 Million Deal to Be Acquired by CoStar Group, Inc. (October 3, 2019)

Alisa Chestler Featured in MedTech Intelligence Q&A on Overcoming Barriers to EHR Adoption in Behavioral Health (November 8, 2023)
Alisa Chestler Featured on Healthcare IT News' HIMSS TV Discussing Behavioral Health Data Interoperability (October 18, 2023)
Alisa Chestler Discusses SEC Rules Regulating Cybersecurity in Nashville Post Q&A (September 5, 2023)
Alisa Chestler Quoted in Part B News on Cybersecurity Challenges Facing Providers in the Wake of MOVEit Data Breach (August 21, 2023)
Alisa Chestler Comments on New SEC Cybersecurity Incident Disclosure Rule in VentureBeat (August 7, 2023)
Alisa Chestler Talks with Healthcare Risk Management About Impact of Proposed OCR Rule Involving Reproductive Privacy Rights on HIPAA Policies and Procedures (July 1, 2023)
Alisa Chestler Discusses Protecting Enterprise Assets Against Cybersecurity Failures in InformationWeek (June 21, 2023)
Alisa Chestler Quoted in Behavioral Health Business on Future of EHRs in Behavioral Health Care (August 18, 2022)
Alisa Chestler Comments on Recent OCR Right of Access Settlements in Hospital Access Management (November 10, 2020)
Alisa Chestler Featured on AUA Inside Tract Podcast on Understanding COVID-19 HIPAA Relief Provisions for Telehealth (March 31, 2020)
Alisa Chestler Discusses Continued Emphasis on Cybersecurity and Data Privacy Law During 2020 in Law360 (January 1, 2020)
Alisa Chestler Featured on HealthcareInfoSecurity Discussing Data Privacy and Security Trends (November 13, 2019)
Alisa Chestler Discusses Best Practices for Health Care Providers to Prevent Ransomware Attacks in Bloomberg Law (July 31, 2019)

The Cyber Risk Allocation Paradigm is Changing: Cyber Insurance's Evolving Issues (September 23, 2021)
Cyber Threats: Key Considerations for Employers (July 27, 2021)
Incident Response: What You Need to Know (April 30, 2021)
2021 Health Care Outlook (February 16, 2021)
Baker Donelson Women's Initiative Wrap it Up CLE Webinar (December 15, 2020)
Coronavirus: Privacy, Security and Telehealth for Long Term Care Providers (March 31, 2020)

Practices

Industries

Education

Hofstra University School of Law, J.D., 1994
Ithaca College, B.A., 1991

Admissions

Connecticut, 1994
District of Columbia, 1996
Tennessee, 2017

Featured Media

Five Baker Donelson Attorneys Named to 2023 Edition of Washington, D.C. Super Lawyers

Press Release / April 22, 2024

Tech Talks: Critical Incident Response Considerations

Event / April 15, 2024

HIPAA Updates: The Obligations Continue to Unfold

Publication / February 19, 2024

Search By Last Name

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Baker Donelson is a national law firm with more than 650 attorneys and public policy advisors representing more than 30 practice areas to serve a wide range of legal needs. Clients receive knowledgeable guidance from experienced, multi-disciplined industry and client service teams, all seamlessly connected across 23 offices in Alabama, Florida, Georgia, Louisiana, Maryland, Mississippi, North Carolina, South Carolina, Tennessee, Texas, Virginia, and Washington, D.C.