- Home
- >
- W. Reece Hirsch
W. Reece Hirsch
Partner
San Francisco Phone +1.415.442.1422 Fax +1.415.442.1001
One Market, Spear Street Tower//San Francisco, CA 94105-1596//United States
W. Reece Hirsch co-heads the firm’s privacy and cybersecurity practice and counsels clients on a wide range of US privacy issues, specializing in healthcare privacy and digital health. Reece counsels clients on development of privacy policies, procedures and compliance programs, security incident planning and response, and online, mobile app, and Internet of Things privacy. In a Chambers USA ranking, Reece was recognized by his peers as “a consummate expert in privacy matters.”
Reece has experience regarding the California Consumer Privacy Act and has written and spoken extensively on that subject. He edits and contributes to Bloomberg Law’s California Privacy Profile summarizing the state’s privacy and security laws.
Reece counsels clients in healthcare privacy and security matters, such as compliance with the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act, state medical privacy laws, and Federal Trade Commission standards applicable to digital health companies. He has represented clients from all sectors of the healthcare industry on privacy and security compliance, including health plans, insurers, hospitals, physician organizations, and healthcare information technology, digital health, pharmaceutical, and biotech companies. Reece also advises clients on privacy issues raised by the coronavirus (COVID-19) pandemic, including those relating to workplace testing, HIPAA waivers and enforcement discretion, contact tracing, telehealth, and work-from-home and return-to-work policies.
Reece is also an experienced healthcare regulatory and transactional attorney, advising healthcare providers and health plans on fraud and abuse, self-referral and licensing matters. He has served as lead transaction counsel on the sale and acquisition of hospitals, medical groups, clinics, and other healthcare organizations. Reece guides clients through corporate matters relating to the formation and ongoing representation of independent practice associations, medical groups, management services organizations, integrated delivery systems, and healthcare technology companies.
The International Association of Privacy Professionals has designated him a Certified Information Privacy Professional.
Reece also served on an advisory group to the California Department of Justice that developed a 2013 policy guide on the detection, prevention, and response to medical identity theft for providers implementing electronic health records systems. He previously served on a similar advisory group to the California Office of Privacy Protection that developed security breach response recommended practices.
Reece is a member of the editorial advisory boards of Healthcare Informatics and Briefings on HIPAA.
In 2009, Nightingale’s selected Reece as an Outstanding Healthcare Information Technology Lawyer.
On a volunteer basis, Reece serves on the board of directors of the Valentino Achak Deng Foundation, which has founded and operated the Marial Bai Secondary School and the Alok Girls’ Academy in South Sudan.
Awards and Affiliations
Ranked, Privacy & Data Security: Healthcare, Nationwide, Chambers USA (2020)
Ranked, Healthcare, California, Chambers USA (2005–2020)
Recommended, Media, technology and telecoms: Cyber law (including data privacy and data protection), The Legal 500 US (2018–2020)
Named, Modern Healthcare’s “Largest Healthcare Firm” (2016–2020)
Selected as an "Outstanding Healthcare Information Technology Lawyer" by Nightingale's (2009)
Member, American Health Lawyers Association
Member, California Society for Healthcare Attorneys
Member, International Association of Privacy Professionals
Admissions
California
Education
- Northwestern University, 1982, B.S.
- University of Southern California Law School, 1990, J.D.
Sectors
Services
Regions
Trending Topics
Events
9/8/2020 - Complying with the Newly Finalized CCPA Regulations
7/23/2020 - Argyle Digital Cybersecurity Leadership Forum
7/22/2020 - Fast Break: Global Healthcare Privacy during COVID-19
7/14/2020 - 2020 Japan-US Innovation Awards Program–Innovation Awards Symposium
5/18/2020 - CCPA - Latest Developments and Implementation in an Uncertain Time
5/5/2020 - Digital Health Privacy: From Apps to AI
4/14/2020 - COVID-19 Healthcare Provider Update Webinars
3/26/2020 - COVID-19 Healthcare Provider Updates: Workforce and Stimulus
2/10/2020 - 2020 Health Datapalooza
12/9/2019 - Practical Privacy and the CCPA: Bracing for January 1
11/5/2019 - Potential Pitfalls of the CCPA Exemptions: Ensuring Reasonable Security Measures
10/22/2019 - CCPA Update: New Amendments and Preparing for January 1
10/14/2019 - Privacy + Security Forum 2019
9/30/2019 - The New GDPR in California – Are You Ready for CCPA Compliance?
5/30/2019 - 2019 Technology May-rathon: CCPA – What Should I Do Now?
5/30/2019 - California Consumer Privacy Act (CCPA) What Should I Do Now?
5/14/2019 - How Companies Can Address Emerging Compliance Risks in Privacy
5/9/2019 - HIPAA Privacy and Security In Emergencies and Disasters
5/7/2019 - 2019 Technology May-rathon: Digital Health Privacy: Avoiding The Landmines
2/13/2019 - California Privacy Law Update: The California Consumer Privacy Act and More
1/23/2019 - Morgan Lewis Hedge Fund University ™ Privacy & Cybersecurity for Fund Managers
10/17/2018 - 2018 MITX Data Summit
10/16/2018 - The California Consumer Privacy Act Amendments, Round 1
10/3/2018 - 2018 Privacy + Security Forum
9/17/2018 - Silicon Valley Association of General Counsel Monthly Luncheon
5/23/2018 - 2018 Technology May-rathon: Digital Health Privacy: When Old Laws Meet New Technologies
5/5/2018 - HITEQ Center Webinar: 42 CFR Part 2 Final Rule and Health Center Compliance
1/17/2018 - New Developments in HIPAA Regulation and Enforcement
11/15/2017 - Daily Journal Corporate Governance Forum 2017
10/4/2017 - 2017 Privacy + Security Forum
6/23/2017 - 9th Annual Predictive Modeling Web Summit
6/22/2017 - Fast Break: Security Breach Crisis Response
5/19/2017 - 2017 Technology May-rathon: Digital Health Privacy: There’s an App for That
5/3/2017 - Doing Business in the Golden State—Privacy and Cybersecurity
4/27/2017 - 2017 Health Datapalooza Conference
1/24/2017 - What Every General Counsel Needs to Know About Privacy and Cybersecurity
10/24/2016 - 2016 Privacy + Security Forum
6/1/2016 - Bloomberg BNA Webinar: Privacy and the Internet of Things
4/5/2016 - OCR Launches HIPAA Phase 2 Audits: Are you Prepared?
3/31/2016 - Healthcare industry in the crosshairs: Cybersecurity for Third Party Administrators
12/10/2015 - Privacy and the Internet of Things
8/18/2015 - Data Mining & Predictive Modeling for Health Plans
5/19/2015 - SEC Conference 2015: An Accounting & Reporting Update for Public Companies
News
7/1/2020 - Despite Confusion, AG Begins Privacy Act Enforcement, Daily Journal
6/25/2020 - Calif. Privacy Law Revision to Appear on Nov. Ballots, Law360
6/12/2020 - As Final Calif. Privacy Regs Drop, Enforcement Fights Loom, Law360
6/11/2020 - California Privacy Enforcement Gives Companies Rules 'Headache', Bloomberg Law
6/1/2020 - COVID-19 Changes HIPAA Compliance, but Caution Necessary, Healthcare Risk Management
1/27/2020 - Health Tech Boom in 2020s Will Test Fraud, Privacy Laws, Law360
1/17/2020 - California’s New Data Privacy Law Could Hit Mom-and-Pops Hard, The Epoch Times
1/14/2020 - IoT Security Laws Could Remain Privacy’s Plucky Understudy for a While, Legaltech News
1/2/2020 - The Fight for Tech Privacy in 2020, Bloomberg
1/1/2020 - Cybersecurity & Privacy Policy to Watch in 2020, Law360
12/31/2019 - No One Is Ready for California's New Consumer Privacy Law, The Verge
12/27/2019 - Will the US Get a Federal Privacy Law?, BankInfoSecurity.com
12/2/2019 - Do Calif. AG's New Regs Exceed Scope of Privacy Law?, Law360
11/19/2019 - 10 Things You Need to Know About CCPA Compliance, Compliance Week
9/13/2019 - PE Firms Brace for New Frontier in US Data Privacy Regulation, The Wall Street Journal
8/23/2019 - Morgan Lewis Partner Kicks Cyber Law Up a Notch In His Thrillers, Bloomberg Law
7/3/2019 - Privacy & Cybersecurity Policy To Watch In 2nd Half Of 2019, Law360
7/27/2018 - Privacy & Cybersecurity Policy to Watch for Rest of 2018, Law360
7/20/2017 - Morgan Lewis Represents athenahealth in Acquisition of Praxify Technologies
7/12/2017 - Cybersecurity Policy To Watch For The Rest Of 2017, Law360
3/27/2017 - Morgan Lewis Advises New Vista Behavioral Health in Acquisition of Avalon Malibu
3/8/2017 - Morgan Lewis Advises MeetMe in Acquisition of If(we)
6/27/2016 - Morgan Lewis Advises MeetMe in Skout Acquisition
12/30/2014 - Move Over Grisham, More Lawyers Moonlight in Fiction, The Recorder
10/1/2014 - California Governor Signs Privacy Bill to Block Drone Snooping, Law360
1/24/2014 - California's Smart-Meter Data Law Hints At Privacy Bills To Come, Law360
11/6/2013 - Security Flaws Land ACA Contractors In Legal Crosshairs, Law360
1/22/2013 - HIPAA Update Ushers In Broad Security, Reporting Regime, Law360
1/7/2013 - Privacy Cases To Watch In 2013, Law360
12/7/2012 - California Attorney General's Delta Privacy Suit Puts Other Companies On Notice, Law360
2/29/2012 - Morgan Lewis Partner Appointed to California Office of Privacy Protection Advisory Group
Publications
9/10/2020 - Complying with Newly Finalized CCPA Regulations
6/4/2020 - CCPA: What Companies Need to Do Ahead of July 1 Enforcement
4/2/2020 - California Privacy Law Considerations for Private Funds, Law360
3/25/2020 - Amidst COVID-19, CA Attorney General Issues Second Modified CCPA Regulation
3/3/2020 - 2020 Health Datapalooza Highlights Continued Innovation in the Industry
2/27/2020 - THE CCPA AND SIMILAR STATE LAWS – CONSIDERATIONS FOR PRIVATE INVESTMENT FUNDS
2/18/2020 - California Attorney General Releases Modifications to Proposed CCPA Regulations
1/7/2020 - Preparing for CCPA Enforcement by the California Attorney General
1/6/2020 - Preparing for the CCPA Private Right of Action for Certain Security Incidents
12/5/2019 - The CCPA Impacts Non-US Companies. Are You Prepared?
12/2/2019 - Employee and Other Notices by January 1, 2020, and Related Issues for Employers
11/22/2019 - Responding to Requests to Opt Out
11/20/2019 - Responding to Requests to Delete
11/15/2019 - Responding to Requests to Know
11/13/2019 - Privacy Policy Requirements
11/8/2019 - Verifying Consumer Requests
11/6/2019 - Receiving Requests
10/18/2019 - The Proposed CCPA Regulations Are Here: An Overview
10/2/2019 - CCPA Amendments to Watch as Effective Date Draws Closer, Bloomberg Law
9/23/2019 - California Legislature Proposes CCPA Amendments as Effective Date Draws Closer
2019 - Big Data, Privacy, and Competition Law
4/12/2019 - Trailer: Responding to and Preventing Healthcare Data Breaches, Lawdition
10/12/2018 - California Governor Signs First Internet of Things Law
7/17/2018 - Blockchain in Healthcare Technology Could Boost Patient-Provider Information Exchange
7/10/2018 - California Enacts Sweeping GDPR-Like Privacy Law
6/6/2018 - California Consumer Privacy Act Could Spell a Sea Change in US Privacy Law
5/1/2018 - Delaware Launches Website to Help Compliance with Data Breach Law
12/12/2017 - UK High Court: Employers May Be Vicariously Liable for Employee Data Breaches
October 2017 - Domestic Privacy Profile: California, Bloomberg Law
11/15/2017 - Voice-Activated Devices May Collect Audio from Children
8/1/2017 - FTC and FBI Issue Compliance Reminder on Children’s Online Privacy Protection Act
6/19/2017 - Does HIPAA Permit Sharing Medical Information to Develop Clinical Protocols?
5/3/2017 - OCR Announces First HIPAA Settlement with Wireless Health Services Provider
3/22/2017 - How the General Data Protection Regulation Will Apply to and Affect the UK
2/2/2017 - HIPAA Turns 20: Looking Back at 2016 and Challenges Ahead, Bloomberg Law
12/7/2016 - Investigatory Powers Act Becomes UK Law
11/11/2016 - CRTC Issues First Compliance and Enforcement Decision on Canada’s Anti-Spam Legislation
7/18/2016 - OCR Begins HIPAA Phase 2 Audits