Bio Filter Option
Morgan Lewis
  • Home
  • >
  • W. Reece Hirsch

W. Reece Hirsch

Partner

reece.hirsch@morganlewis.com

San Francisco Phone +1.415.442.1422 Fax +1.415.442.1001

One Market, Spear Street Tower\\San Francisco, CA 94105-1596\\United States

W. Reece Hirsch counsels clients on healthcare regulatory and transactional matters and co-heads the firm’s privacy and cybersecurity practice. Representing healthcare organizations such as hospitals, health plans, insurers, physician organizations, healthcare information technology companies, and pharmaceutical and biotech companies, Reece advises clients on issues such as privacy, fraud and abuse, and self-referral issues. This includes healthcare-specific data privacy and security matters, such as compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act.

Reece represents clients in almost all sectors of the healthcare industry on privacy and security compliance matters. He helps them develop policies and procedures, structures healthcare information technology ventures, addresses Big Data issues, and responds to security breaches. Reece also works with clients to develop and implement corporate compliance programs. Healthcare companies turn to Reece for guidance on conforming their operations—including recruitment, marketing, and data transmissions—to US federal and state healthcare regulatory requirements.

Described by Chambers USA as “a terrific healthcare attorney,” Reece has served as lead transaction counsel on the sale and acquisition of hospitals, medical groups, clinics, and other healthcare organizations. He also counsels clients on the regulatory implications of joint venture arrangements. Reece guides clients through corporate matters relating to the formation and ongoing representation of independent practice associations, medical groups, management services organizations, integrated delivery systems, and healthcare technology companies.

In addition to his healthcare industry work, Reece counsels companies outside of the healthcare industry on general privacy and security matters. These include online privacy, financial privacy, and mobile app issues. The International Association of Privacy Professionals has designated him a Certified Information Privacy Professional.

Reece also served on an advisory group to the California Department of Justice that developed a 2013 policy guide on the detection, prevention, and response to medical identity theft for providers implementing electronic health records systems. He previously served on a similar advisory group to the California Office of Privacy Protection that developed security breach response recommended practices.

Reece is a member of the editorial advisory boards of Bloomberg Health Law News, Healthcare Informatics and Briefings on HIPAA.

In 2009, Nightingale’s selected Reece as an Outstanding Healthcare Information Technology Lawyer. He frequently writes on privacy and healthcare topics.

On a volunteer basis, Reece serves on the board of directors of the Valentino Achak Deng Foundation, which is dedicated to rebuilding the village of Marial Bai in southern Sudan.

Awards and Affiliations

Recommended, Media, technology and telecoms: Cyber law (including data privacy and data protection), The Legal 500 US (2018, 2019)

Named, Modern Healthcare’s “Largest Healthcare Firm” (2016–2019)

Ranked, Healthcare, California, Chambers USA (2005–2019)

Selected as an "Outstanding Healthcare Information Technology Lawyer" by Nightingale's (2009)

Member, American Health Lawyers Association

Member, California Society for Healthcare Attorneys

Member, International Association of Privacy Professionals

Admissions

  • California

Education

  • Northwestern University, 1982, B.S.
  • University of Southern California Law School, 1990, J.D.

Sectors

  • Life Sciences
  • Healthcare
  • Fintech
  • Digital Health

Services

  • Privacy & Cybersecurity
  • Life Sciences Transactions
  • Healthcare Litigation & Regulatory Counseling
  • Healthcare Transactions

Regions

  • North America

Trending Topics

  • California’s Consumer Privacy Act and Other State Privacy & Security Laws

Events

2/10/2020 - 2020 Health Datapalooza

12/9/2019 - Practical Privacy and the CCPA: Bracing for January 1

11/5/2019 - Potential Pitfalls of the CCPA Exemptions: Ensuring Reasonable Security Measures

10/22/2019 - CCPA Update: New Amendments and Preparing for January 1

10/14/2019 - Privacy + Security Forum 2019

9/30/2019 - The New GDPR in California – Are You Ready for CCPA Compliance?

5/30/2019 - 2019 Technology May-rathon: CCPA – What Should I Do Now?

5/30/2019 - California Consumer Privacy Act (CCPA) What Should I Do Now?

5/14/2019 - How Companies Can Address Emerging Compliance Risks in Privacy

5/10/2019 - 2019 Technology May-rathon: Big Data, Privacy, and Competition Law: The Transatlantic Debate

5/9/2019 - HIPAA Privacy and Security In Emergencies and Disasters

5/9/2019 - 2019 Morgan Lewis Advanced Topics in Hedge Funds and Other Alternative Funds Conference – San Francisco

5/7/2019 - 2019 Technology May-rathon: Digital Health Privacy: Avoiding The Landmines

2/13/2019 - California Privacy Law Update: The California Consumer Privacy Act and More

1/23/2019 - Morgan Lewis Hedge Fund University ™ Privacy & Cybersecurity for Fund Managers

10/17/2018 - 2018 MITX Data Summit

10/16/2018 - The California Consumer Privacy Act Amendments, Round 1

10/3/2018 - 2018 Privacy + Security Forum

9/17/2018 - Silicon Valley Association of General Counsel Monthly Luncheon

8/1/2018 - 2018 Doing Business in the Golden State – The California Consumer Privacy Act: Preparing for 2020

News

11/19/2019 - 10 Things You Need to Know About CCPA Compliance, Compliance Week

9/13/2019 - PE Firms Brace for New Frontier in US Data Privacy Regulation, The Wall Street Journal

8/23/2019 - Morgan Lewis Partner Kicks Cyber Law Up a Notch In His Thrillers, Bloomberg Law

7/3/2019 - Privacy & Cybersecurity Policy To Watch In 2nd Half Of 2019, Law360

4/15/2019 - Morgan Lewis Litigation Team, Lawdition Collaborate to Produce Free Online CLE Programming

7/27/2018 - Privacy & Cybersecurity Policy to Watch for Rest of 2018, Law360

7/20/2017 - Morgan Lewis Represents athenahealth in Acquisition of Praxify Technologies

7/12/2017 - Cybersecurity Policy To Watch For The Rest Of 2017, Law360

3/27/2017 - Morgan Lewis Advises New Vista Behavioral Health in Acquisition of Avalon Malibu

3/8/2017 - Morgan Lewis Advises MeetMe in Acquisition of If(we)

6/27/2016 - Morgan Lewis Advises MeetMe in Skout Acquisition

12/30/2014 - Move Over Grisham, More Lawyers Moonlight in Fiction, The Recorder

10/1/2014 - California Governor Signs Privacy Bill to Block Drone Snooping, Law360

3/13/2014 - Briefing Complete, Eleventh Circuit Poised to Assess HIPAA Conflict with Florida Law, BNA Health Law Reporter

1/24/2014 - California's Smart-Meter Data Law Hints At Privacy Bills To Come, Law360

11/6/2013 - Security Flaws Land ACA Contractors In Legal Crosshairs, Law360

1/22/2013 - Breach, Business Associate Obligations Biggest Provisions in HIPAA Rule, Experts Say, BNA's Health Care Daily Report

1/22/2013 - HIPAA Update Ushers In Broad Security, Reporting Regime, Law360

1/7/2013 - Privacy Cases To Watch In 2013, Law360

12/7/2012 - California Attorney General's Delta Privacy Suit Puts Other Companies On Notice, Law360

2/29/2012 - Morgan Lewis Partner Appointed to California Office of Privacy Protection Advisory Group

Publications

12/5/2019 - The CCPA Impacts Non-US Companies. Are You Prepared?

12/2/2019 - Employee and Other Notices by January 1, 2020, and Related Issues for Employers

11/22/2019 - Responding to Requests to Opt Out

11/20/2019 - Responding to Requests to Delete

11/15/2019 - Responding to Requests to Know

11/13/2019 - Privacy Policy Requirements

11/8/2019 - Verifying Consumer Requests

11/6/2019 - Receiving Requests

10/18/2019 - The Proposed CCPA Regulations Are Here: An Overview

10/2/2019 - CCPA Amendments to Watch as Effective Date Draws Closer, Bloomberg Law

9/23/2019 - California Legislature Proposes CCPA Amendments as Effective Date Draws Closer

2019 - Big Data, Privacy, and Competition Law

4/12/2019 - Trailer: Responding to and Preventing Healthcare Data Breaches, Lawdition

3/19/2019 - Interoperability and Patient Access to Health Data Proposed Rules Are Here: Comments Due May 3, Health Law Scan

February 2019 - California Consumer Privacy Act: A Work in Progress, With More Changes to Come, Bloomberg Law

10/12/2018 - California Governor Signs First Internet of Things Law

7/17/2018 - Blockchain in Healthcare Technology Could Boost Patient-Provider Information Exchange

7/13/2018 - INSIGHT: California’s New, GDPR-Like Privacy Law Is A Game-Changer, Bloomberg Law: Privacy & Data Security

7/10/2018 - California Enacts Sweeping GDPR-Like Privacy Law

6/26/2018 - New Colorado Data Privacy Law Requires Businesses to Improve Protection of Personal Information

6/6/2018 - California Consumer Privacy Act Could Spell a Sea Change in US Privacy Law

5/1/2018 - Delaware Launches Website to Help Compliance with Data Breach Law

Winter 2017–2018 - Digital Health Privacy: Old Laws Meet New Technologies, The Journal of the Antitrust, UCL and Privacy Section of the California Lawyers Association

2/1/2018 - The Year Ahead in HIPAA: Does 2017 Reflect the “New Normal” for Enforcement? BNA’s Health Law Reporter

12/12/2017 - UK High Court: Employers May Be Vicariously Liable for Employee Data Breaches

October 2017 - Domestic Privacy Profile: California, Bloomberg Law

11/15/2017 - Voice-Activated Devices May Collect Audio from Children

8/1/2017 - FTC and FBI Issue Compliance Reminder on Children’s Online Privacy Protection Act

6/19/2017 - Does HIPAA Permit Sharing Medical Information to Develop Clinical Protocols?

5/3/2017 - OCR Announces First HIPAA Settlement with Wireless Health Services Provider

3/22/2017 - How the General Data Protection Regulation Will Apply to and Affect the UK

2/2/2017 - HIPAA Turns 20: Looking Back at 2016 and Challenges Ahead, Bloomberg Law

12/7/2016 - Investigatory Powers Act Becomes UK Law

11/11/2016 - CRTC Issues First Compliance and Enforcement Decision on Canada’s Anti-Spam Legislation

7/18/2016 - OCR Begins HIPAA Phase 2 Audits

7/12/2016 - Get to Know California’s ‘Online Eraser’ Law, Tech & Sourcing @ Morgan Lewis

7/12/2016 - EU–US Privacy Shield Approved

6/28/2016 - UK Data Privacy Laws in a Post-Brexit World

3/24/2016 - OCR Launches Phase 2 of HIPAA Audits

3/2/2016 - Health Apps and HIPAA: OCR Publishes New Guidance For Health App Developers

3/2/2016 - European Commission Releases Details of New EU-US Privacy Shield

3/2/2016 - The Judicial Redress Act of 2015 Becomes Law

2/8/2016 - Judicial Redress Act Would Extend Privacy Act Remedies to Citizens of Designated Foreign Nations

2/4/2016 - EU-US Privacy Shield to Replace Safe Harbor

1/14/2016 - Beyond HIPAA: Five Health-care Privacy Trends for 2016, BNA's Health Law Reporter

12/23/2015 - New EU Data Protection and Cybersecurity Laws Finalised

11/19/2015 - California Amends its Breach Notification Requirements (AGAIN)

9/9/2015 - Third Circuit Sides with FTC in Data Security Dispute with Wyndham, Tech & Sourcing @ Morgan Lewis

2/20/2015 - Brazil Bill Implements New Provisions for International Data Transfers

2/17/2015 - Preparing for Phase 2 HIPAA Audits: It’s All About the Documentation

1/26/2015 - What Every General Counsel Needs to Know About Privacy and Cybersecurity Law: Trends for 2015, BNA Privacy and Security Law Report

1/22/2015 - Proposed Data Breach Legislation Announced

12/23/2014 - New California Privacy Laws for 2015

11/24/2014 - Boards of Directors Can't Shirk Cyber Responsibility

9/22/2014 - FTC Shifts Heat To Mobile Apps With Kids' Privacy Actions, Law360

7/8/2014 - Florida’s Strict New Data Breach Notification Law Takes Effect

6/26/2014 - What to Do Before You Experience a Security Breach: Incident Response Plans and Other Preventive Measures

3/18/2014 - What Every General Counsel Should Know About Privacy and Security: 10 Trends for 2014

2/17/2014 - HIPAA Business Associates and Health-Care Big Data: Big Promise, Little Guidance, BNA's Privacy and Security Law Report

12/4/2013 - Silicon Valley Association of General Counsel All-Hands Meeting

10/11/2013 - New California Law Protects Online Account Information

10/4/2013 - California Enacts New Laws on Data Privacy and Security Issues

6/17/2013 - FDA Taking on Cybersecurity Risks for Medical Devices

4/16/2013 - Protections to Be Extended for Electronic Health Record Donations

3/20/2013 - New Provisions for HIPAA Business Associates and Subcontractors

3/20/2013 - New Privacy, Security and Breach Rules: What You Need to Know

3/19/2013 - New Regulations Extend Reach of Health Care Privacy and Security Obligations, The Legal Intelligencer

2/11/2013 - California Institute for Quantitative Biosciences – HIPAA Issues and Startups

2/11/2013 - HIPAA Issues and Startups, presented for a QED@QB3 Seminar

2/7/2013 - Final HIPAA Omnibus Rule Brings Sweeping Changes to Health Care Privacy Law: HIPAA Privacy and Security Obligations Extended to Business Associates and Subcontractors, BNA's Health Law Reporter

1/28/2013 - What Every General Counsel Should Know About Privacy and Security: 10 Trends for 2013, BNA's Privacy and Security Law Report

1/18/2013 - HHS Releases HIPAA/HITECH Omnibus Final Rule

1/8/2013 - OCR Reaches $50,000 Settlement with Hospice for Small Data Breach

1/3/2013 - Increasing Scrutiny of Consumer Data Collection

10/9/2012 - Shhh! Latest Developments in Security and Patient Privacy

9/11/2012 - Cloud Computing: Privacy and Security Legal Issues , presented at the 13th Annual eDiscovery West Summit

8/9/2012 - California Establishes Privacy Enforcement and Protection Unit

11/18/2011 - HIPAA Privacy and Security Audit Program Begins This Month

11/16/2011 - Recent SEC Guidance and Upcoming Amendments to California and Illinois Statutes Affect Data Breach Disclosure Obligations

6/16/2011 - HHS Proposed Rule Creates New Access Report Obligations And Amends Existing Accounting of Disclosures Provisions, BNA's Health Law Reporter

11/9/2010 - The Future of HIPAA Compliance: Understanding the HITECH Act Regulations

7/29/2010 - HHS Proposed Rule Fine-Tunes HITECH and HIPAA Requirements, BNA's Health Law Reporter, Vol. 19, No. 30