Aaron Maguregui is a health care lawyer and member of the firm’s Privacy, Security & Information Management Practice, and national Telemedicine & Digital Health Industry Team. He advises innovative health care and technology companies to solve complex compliance, cybersecurity, data governance, data privacy, and risk management matters. Working with leading health care insurers, government-sponsored managed care organizations, health care providers, and technology companies, he delivers pragmatic legal advice and action-oriented solutions guidance to help clients reach their goals and objectives. Aaron is a Certified Information Systems Security Professional (CISSP), a global standard and essential industry credential accredited by (ISC).
Real-World Industry Knowledge
Prior to joining Foley, Aaron was in-house counsel at one of the country’s largest publicly-traded managed health care insurance organizations, helping lead the company’s Privacy & Information Security Department and build its security incident response team. Aaron has managed dozens of privacy and security incidents, successfully resolved multiple publicly-reported data breaches, and led responses to inquiries, complaints, and investigations from various federal and state government agencies including, the Office of Civil Rights (OCR), the Department of Justice (DOJ), the Centers for Medicare & Medicaid Services (CMS), the Department of Health & Human Services Office of the Inspector General (HHS-OIG), state Medicaid agencies, and state attorney generals offices. Aaron also counseled the company in obtaining HITRUST certification, a highly coveted certification that provides assurances to all stakeholders of the company’s security practices.
Cybersecurity, Data Governance, Privacy Counseling and Contracting
Aaron provides advice and counsel in all phases of cybersecurity attacks and data breach events. He works closely with CISO’s, compliance officers, general counsels, and incident response teams to prepare them for cyber-attacks and data loss events. By using preventative and anticipatory strategies, he advises and prepares health care companies to appropriately, efficiently, and successfully communicate, respond, and recover from all types of security incidents. Aaron has developed and implemented best-in-class cyber practices including, for example:
- Data privacy and information security frameworks, governance architecture, and response programs
- Written privacy and cybersecurity policies and procedures
- Board and executive training and education modules on cybersecurity preparedness and ongoing enterprise risk management activities
- Reviewing and negotiating cybersecurity and privacy insurance coverage
- Negotiating and drafting data agreements with vendors, including cybersecurity, risk-sharing, and indemnification
- Leading and managing privacy and security breach investigations and corrective actions, including reports to federal and state regulators
- Customized table-top exercises and penetration testing to simulate actual cybersecurity incidents
More Legal and Business Bylines From Aaron T. Maguregui
- HHS Updates Pixels and Trackers Guidance for HIPAA Regulated Entities - (Posted On Tuesday, March 19, 2024)
- HIPAA and Part 2 Harmonized: What Health Care Organizations Need to Know - (Posted On Monday, February 12, 2024)
- Telehealth Providers: HHS Issues HIPAA Best Practices - (Posted On Friday, November 17, 2023)
- Key Contractual Considerations for Health AI and Hospital Collaborations - (Posted On Thursday, September 14, 2023)
- Decentralized Clinical Trials Blog Series - (Posted On Monday, June 26, 2023)
- Florida’s New Prohibition on Offshoring Patient Information - (Posted On Tuesday, May 23, 2023)
- 2023 Telemedicine & Digital Health Trends - (Posted On Thursday, March 30, 2023)
- HHS Proposes to Align Federal Substance Use Disorder Law with HIPAA - (Posted On Wednesday, November 30, 2022)
- HIPAA & Telehealth: FAQs from HHS Guidance on Audio-Only Telehealth - (Posted On Thursday, June 16, 2022)
- Four Key Takeaways for Digital Health Companies from the FTC’s Recent COPPA Settlement - (Posted On Monday, January 10, 2022)