Andrew J. Droke, CIPP/US

Shareholder

Nashville
T: 615.726.7365
F: 615.744.7365

Andrew leads the Firm's Artificial Intelligence (AI) and GDPR Teams, and he counsels clients in a broad range of data protection, privacy, and cybersecurity matters.

Professional Biography

As a member of the Firm's Health Law group and Data Protection, Privacy, and Cybersecurity Team, Andrew advises clients regarding complex data use and sharing arrangements, digital health strategies, technology agreements, and information privacy and security compliance considerations.

Andrew routinely counsels clients with respect to their privacy, cybersecurity, and information practices, including the compliance obligations imposed by the Health Insurance Portability and Accountability Act (HIPAA), 42 CFR Part 2, the ONC and CMS interoperability and information blocking regulations, state privacy and security laws, and global data protection laws such as the General Data Protection Regulation (GDPR). Andrew also helps clients in negotiating key technology agreements, data processing agreements, data use agreements, and clinical trial agreements, as well as addressing risks through diligence counseling and negotiations in mergers and acquisitions.

In leading the Firm's AI Team, Andrew also advises clients regarding the contracting and compliance considerations associated with AI-based technologies, including with respect to data use. As leader of the Firm's GDPR Team, Andrew assists U.S.-based and global organizations with issues involving international data transfers and navigating conflicts between foreign privacy laws and U.S. compliance obligations with respect to data use and processing.

During law school, Andrew served as a judicial extern for the Honorable Bernice B. Donald on the United States Court of Appeals for the Sixth Circuit.

Worked with health IT companies, data analytics companies, and health care providers to analyze and establish complex data use and sharing relationships.
Negotiated multimillion dollar technology agreements for critical IT systems for health care providers, a multinational medical device manufacturer, and technology companies.
Advised an international technology company regarding AI governance and the policies and procedures applicable to its AI products, systems, and services.
Negotiated clinical trial agreements and related data sharing arrangements for technology providers, academic medical centers, and national retailers.
Counseled a regional health system on the implementation of interoperability and information blocking requirements.
Assisted a health care provider in deployment of AI-enabled chatbot.
Worked with large not-for-profit hospital systems, behavioral health systems, and health IT companies to develop and implement comprehensive information privacy and security programs addressing HIPAA, 42 CFR Part 2, and applicable state laws.
Advised health systems regarding compliance with OCR's guidance regarding online tracking technologies.
Assisted in structuring, drafting, and negotiating technology, digital health, interface, software, vendor, and other service provider agreements and business associate agreements.
Negotiated professional services agreements and telehealth arrangements for health care providers.
Assisted national retailers and data analytics companies in strategic planning with respect to data collection, use, and intra-organization sharing.
Created privacy notices for retailers, distributors, health care providers, health care technology companies, mobile applications, non-profit organizations, and professional sports organizations.
Advised numerous clients across industries regarding compliance with U.S. state privacy law requirements.
Coordinated information privacy and security aspects of a $450M acquisition of a hotel data and analytics company.
Helped an electronic medical record vendor analyze its obligations under the GDPR and revise its website terms of use and privacy notices.
Assisted a regional health system with Promoting Interoperability program participation requirements.
Worked with clients to develop external notices and internal policies to facilitate compliant data collection and handling, including privacy notices, data privacy policies and privacy risk assessments.
Assisted with sales and acquisitions of health systems, physician groups, and technology companies, including information privacy and security diligence.
Represented a Fortune 100 client in its negotiations with a vendor of AI-enabled clinical trial recruitment services.
Serving as outside general counsel for a provider of AI-enabled patient engagement and symptom management services.
Advised a provider of computer-vision security services regarding the deployment of its service offerings and applicable data privacy and security requirements.
Advised a higher education institution regarding the regulatory considerations for its use of AI-enabled services for student engagement.
Developed policies and procedures regarding the use of AI tools and services for a national non-profit organization.

Listed in Best Lawyers: Ones to Watch^® in America for Health Care Law and Technology Law (2021 – 2025)
Selected to Mid-South Rising Stars in Health Care (2020 – 2024)
Member – International Association of Privacy Professionals (CIPP/US)
Member – American Health Law Association
Member – International Association of Privacy Professionals
Member – American Bar Association
Member – Tennessee Bar Association, Health Law Section
Member – Nashville Bar Association

Past Chair – IAPP Nashville KnowledgeNet

"IA's Role in AI Governance: Fill Your Critical Role in Ethical, Compliant AI Adoption," New Perspectives (November 2024)
"President Biden's AI Executive Order: What Private Sector Organizations Need to Consider" (November 2023)
"AI in the Classroom – New Guidance From the Department of Education," republished July 14, 2023, in Texas Lawyer (June 2023)
"Trusted Exchange Framework and the Common Agreement" (January 2022)
"Risks and Advantages of Using Offshore Vendors," Today's General Counsel (June 2021)
"Transitioning of Behavioral Health Data Sharing and Information Exchange: A Structured Approach to Decision Making," American Health Law Association (April 2021)
"Data Privacy Day: Top Considerations for 2021," republished in CPO Magazine (January 2021)
"Interoperability and Information Blocking," AHLA Health Law Watch (May 2020)
"California's New Privacy Act," Nashville Post (March 2020)
Contributing Author – "Health Care Fraud and Abuse – CY2017," Health Law Handbook (2018 Ed.)

"Artificial Intelligence: Coming To A Classroom Near You," Alliance of Public Charter School Attorneys (May 2024)
"Beyond the Hype of AI and Tracking with a Focus on Ensuring Data Protection," Health Care Compliance Association's 28th Annual Compliance Institute (April 2024)
"Key Issues Surrounding AI Governance in Health Care," AHLA's Speaking of Health Law (December 2023)
"U.S. Data Privacy and Security," National Association for the Support of Long-Term Care National Conference (October 2022)
"Data Privacy Liability in the 2020s: Installing Blinds on the Fishbowl," American Bar Association (January 2021)
"Data Incident Virtual Tabletop Exercise," International Association of Privacy Professionals, Nashville Chapter (December 2020)
"The California Consumer Privacy Act," International Association of Privacy Professionals, Nashville Chapter (June 2019)

What to Do in 2022 – Privacy and Data Protection for the New Year (January 2022)
Ninth Annual Tennessee Hospitality & Tourism Association Law Symposium (July 2020)

38 Baker Donelson Attorneys Named to 2024 Mid-South Super Lawyers; 40 Named to Mid-South Rising Stars (November 22, 2024)
Baker Donelson Attorneys Recognized in The Best Lawyers in America® 2025 Listing (August 15, 2024)
44 Baker Donelson Attorneys Named to 2023 Mid-South Super Lawyers; 32 Named to Mid-South Rising Stars (November 28, 2023)
Baker Donelson Attorneys Recognized in The Best Lawyers in America^® 2024 Listing (August 17, 2023)
Baker Donelson Launches Multidisciplinary AI Team (July 20, 2023)
55 Baker Donelson Attorneys Named to 2022 Mid-South Super Lawyers; 30 Named to Mid-South Rising Stars (November 29, 2022)
Baker Donelson Attorneys Earn Recognition in The Best Lawyers in America® 2023 Listing (August 18, 2022)
Baker Donelson Announces 11 Newly Elected Shareholders (April 13, 2022)
61 Baker Donelson Attorneys Named to 2021 Mid-South Super Lawyers; 34 Named to Mid-South Rising Stars (November 30, 2021)
Baker Donelson Attorneys Earn Recognition in The Best Lawyers in America® 2022 Listing (August 19, 2021)
69 Baker Donelson Attorneys Named to 2020 Mid-South Super Lawyers; 38 Named to Mid-South Rising Stars (November 30, 2020)
Baker Donelson Top-Listed in the Nation in Six Practice Areas in The Best Lawyers in America^® 2021 Listing (August 20, 2020)
Baker Donelson's Andrew J. Droke Earns Information Privacy Certification (July 16, 2020)

Andy Droke Featured in Legaltech News Q&A on Launch of Firm's AI Team (July 27, 2023)
Andy Droke Discusses Multidisciplinary Approach of Baker Donelson's AI Team in Daily Report (July 20, 2023)
Andy Droke Comments on Passage of Tennessee Privacy Legislation in IAPP (April 24, 2023)
Newly Elected Nashville Shareholders Bert Chollet, Andy Droke and Ryan Richards Featured in Nashville Post (April 18, 2022)

What to Do in 2022 – Privacy and Data Protection for the New Year (January 28, 2022)

Practices

Industries

Education

University of Memphis Cecil C. Humphreys School of Law, J.D., 2013, magna cum laude
- Notes Editor – University of Memphis Law Review
University of Memphis, B.Mus., 2009, summa cum laude

Admissions

Tennessee, 2013

Featured Media

38 Baker Donelson Attorneys Named to 2024 Mid-South Super Lawyers; 40 Named to Mid-South Rising Stars

Press Release / November 22, 2024

Baker Donelson Attorneys Recognized in The Best Lawyers in America® 2025 Listing

Press Release / August 15, 2024

44 Baker Donelson Attorneys Named to 2023 Mid-South Super Lawyers; 32 Named to Mid-South Rising Stars

Press Release / November 28, 2023

Search By Last Name

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Baker Donelson is a national law firm with more than 700 attorneys and public policy advisors representing more than 30 practice areas to serve a wide range of legal needs. Clients receive knowledgeable guidance from experienced, multi-disciplined industry and client service teams, all seamlessly connected across more than 20 offices in Alabama, Florida, Georgia, Louisiana, Maryland, Mississippi, New Jersey, North Carolina, South Carolina, Tennessee, Texas, Virginia, and Washington, D.C.