“I went to the doctor recently and caught myself assessing how they handled my personal information and reading the privacy notice posted in the room. I often wonder if I am the only person who is so interested in reading the fine print,” said Tara Cho, a privacy attorney with Poyner Spruill LLP.
Because of her practice, Cho has a unique perspective on how her medical records are handled. She works with in-house attorneys and compliance teams at hospitals, pharmacies, clinical research companies, health care providers, and other entities. Although many are within the health care sector, Cho works with clients across multiple industries to help ensure compliance with privacy and security regulations.
While most of her time is now spent on big data issues and security breaches, the Cookeville, Tennessee native started off on a different path. She earned her Bachelor of Arts in English and creative writing from Rhodes College in Memphis. At the New England School of Law in Boston where she earned her Juris Doctor, her focus was on health care law. She has since become a certified information privacy professional and focuses her practice on privacy and information security law.
“I wasn’t a techie,” laughed Cho. “I’ve learned how to be one, though. I’ve always been interested in having the latest newest gadgets. Now I’m learning more and more about their backend infrastructure as I advise on technical security specifications. With the development of new technology, comes new threats and vulnerabilities. Privacy and information security is a complicated area that is constantly changing.”
Cho’s favorite aspect of her job is the moving target of her field. “Every day brings new compliance considerations or requirements to balance against our clients’ business needs,” she said.
REACTING TO CRISES
According to Cho, a breach of patient information is not a question of if but when. When it does hit, a mass breach of medical records or health information could be as devastating as recent credit card breaches at Home Depot, Target and other conglomerates. The breach last year affecting Anthem and its almost 80 million participants provides a recent example.
Cho helps clients navigate the difficult process of investigating and responding to a breach while complying with state and federal reporting requirements.
“Over time, clients have developed a heightened awareness to security risks and have begun to be more proactive, focusing on preventive measures to minimize the risk of a data breach along with its resulting costs which stem from fines, settlements, investigation and notification expenses, reputational damage, and implementation of corrective actions,” said Cho.
Before beginning her practice with Poyner Spruill, Cho spent three years with Durhambased Quintiles, the world’s largest contract research organization focused primarily on Phase II-IV clinical trials and associated laboratory and analytical services.
“At Quintiles, I was able to witness how all the cross-functional stakeholders involved in a project collaborate so both business and compliance needs can be met. From that experience, I have perspective on finding strategic ways to advance business objectives in a compliant manner, rather than seeing only the black and white interpretation of the law.”
Today, Cho brings a practical, no-nonsense approach to help her clients meet privacy and information security regulatory requirements as they launch patient outreach programs, develop mobile and Web-based apps, implement bring your own device and cloud computing policies, and introduce new lines of business and products that rely on personally identifiable information.
“As always, new opportunities come with new legal risks and obligations,” Cho said.
“One of the most exciting and rewarding aspects of my practice is helping build compliant programs and solutions that foster innovation of cutting-edge technology and development of life-saving drugs and devices to enhance the quality of patient care.”