Karen Mandelbaum is a Senior Counsel in the Health Care and Life Sciences practice, in the Washington, DC, office of Epstein Becker Green. She has deep experience in all aspects of data privacy and protection due to her work as a privacy and security official at the Centers for Medicare & Medicaid Services (CMS), and in the private sector.
Ms. Mandelbaum:
- Advises clients on all aspects of federal and state privacy and consumer data protection laws and regulations, including, HIPAA, HITECH, and 42 CFR Part 2
- Helps design and develop effective data governance strategies that maximize value and encourage trust
- Advises on developing and implementing cybersecurity and privacy programs, designing information system security and privacy policies, implementing and operationalizing privacy and security controls, and designing metrics to monitor program compliance
- Assists with developing policies and procedures for security and privacy incident reporting and breach notification, responding to cyber incidents and data breaches, and mitigating the impact of data breaches
- Advises clients on provider reimbursements and Medicare, Medicaid, and Affordable Care Act programs and models
- Assists health care clients in fraud, waste, and abuse-related investigations and litigation
Before joining Epstein Becker Green, Ms. Mandelbaum served as the Senior Advisor for Security & Privacy Policy and Governance to the Chief Information Officer, Chief Information Security Officer, and Senior Official for Privacy in the Office of Information Technology at CMS, where she was responsible for developing and implementing an integrated approach to CMS’s cybersecurity and privacy program. She was previously a Privacy Policy Subject Matter Expert at the Center for Consumer Information & Insurance Oversight (CCIIO), responsible for defining the scope of privacy requirements and the privacy policy program for the health insurance exchanges and the Federally-Facilitated Marketplace. Earlier in her career, she served as General Counsel and the Privacy and Security Officer of a national health care technology company and then was an attorney at a law firm in Minnesota, where she acted as outside counsel for small and mid-sized business clients on all health care-related privacy and compliance matters.
Ms. Mandelbaum received the 2018 CMS Administrator’s Honor Award for Execution of Major Projects in appreciation of her contributions to the New Medicare Card Initiative. She also received the 2017 Administrator’s Honor Award for Organizational Excellence in recognition of her contributions to developing the Website Notices for Healthcare.gov and Medicare.gov as part of the Office of Communications Marketing and Privacy Team.