small-logo
ProfessionalsCapabilitiesInsights & NewsCareersLocations
About UsAlumniOpportunity & InclusionPro BonoCorporate Social Responsibility
Stay Connected:
facebookinstagramlinkedintwitteryoutube
Site Search

Capabilities 11 results

Practice Area

Privacy & Data Security

Winston takes a strategic approach to privacy and data security, integrating our extensive capabilities across practices to provide our clients with cutting-edge privacy and data security counseling, crisis management, security incident investigation and notification management, defense of data security class action litigation and regulatory inquiries, and international data protection. Our Global Privacy & Data Security Practice features a core team of privacy professionals and is bolstered by more than 40 attorneys from a variety of other disciplines firmwide. Our team combines compliance counselors, transactional lawyers, former government regulators and federal prosecutors, seasoned investigators, and experienced litigators. Few firms can rival our in-depth, sophisticated, and integrated experience in this area....Read more

Industry

Healthcare

Industry

Development & Protection of AI Technologies

Our Intellectual Property (IP) and Privacy teams work closely together to counsel clients in building, protecting, and commercializing proprietary AI technologies and data; the use of third party or open source AI technologies and data; and the implications that these activities may have under privacy laws....Read more

Insights & News 94 results

Benefits Blast

|

February 3, 2026

|

3 Min Read

Group Health Plans Must Update HIPAA Notices by February 16 to Address New SUD Privacy Rules

Covered entities, including group health plans, must update and distribute their Health Insurance Portability and Accountability Act of 1996 (HIPAA) Notice of Privacy Practices (NPP) by February 16, 2026, to comply with new rules for handling substance use disorder ) records.

News

|

August 4, 2025

|

3 Min Read

Key Takeaways from Winston’s Fifth Annual Health Care & Life Sciences Summit

Winston & Strawn was pleased to host its fifth annual Health Care & Life Sciences Summit. This year’s event brought together clients, colleagues, and industry leaders for an afternoon of insightful discussions, networking, and perspectives on the shifting dynamics across the health care and life sciences sector....Read more

Client Alert

|

March 28, 2025

|

3 Min Read

HHS Announces Major Restructuring and Workforce Reductions

On March 27, 2025, citing priorities to reduce agency budget costs and eliminate redundancy among sub-agencies, the U.S. Department of Health and Human Services (HHS) announced that it would be undergoing a significant restructuring, including cutting 20,000 jobs largely from public health agencies. 

View All Insights & News

Other Results 17 results

Site Content

What Is Healthcare Security Law?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established U.S. regulations to protect the privacy and security of individual health information. The healthcare security law creates these specific protections through both the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule has set national standards for the protection of certain types of health information. The Security Rule established security standards for protecting consumers’ health information that is stored or transferred electronically. The healthcare Security Rule outlines the operational safeguards that organizations must implement to keep protected electronic health information secure....Read more

Site Content

What Is Healthcare Privacy Law?

Today, healthcare privacy law is driven by the 1996 Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. This federal privacy rule establishes protections for specific patient health information. Healthcare plans, clearinghouses, and providers are subject to the law....Read more

Law Glossary

What Is Data Breach and Data Security Law?

Within 48 U.S. states and the District of Columbia, data breach and data security laws require organizations and government agencies to provide notifications of security breaches when they involve personally identifiable information. Companies may also be required by state data breach laws to act to minimize the effects of a breach. The FTC can investigate companies that do not adhere to their stated privacy policies and do not have safeguards to protect customer data, but no broad federal law exists regarding breach notifications. However, these U.S. data security laws and government agency rules are enforced:...Read more
Logo
facebookinstagramlinkedintwitteryoutube

Copyright © 2026. Winston & Strawn LLP

AlumniCorporate Transparency Act Task ForceDEI Compliance Task ForceEqual Rights AmendmentLaw GlossaryThe Oval UpdateWinston MinutePrivacy PolicyCookie PolicyFraud & Scam AlertsNoticesSubscribeAttorney Advertising