Skip to main content

Dianne J. Bourque


[email protected]



Dianne advises a variety of health care clients on a broad range of issues, including licensure, regulatory, contractual, and risk management matters, and patient care. As former in-house counsel to an academic medical center, a large part of her practice involves counseling researchers and research sponsors in matters related to FDA and OHRP regulated clinical research, including patient consent, access to and use of tissue and associated patient information, and the Institutional Review Board process. In addition, Dianne currently serves as a Vice Chair of AHLA's Health Care Reform Education Task Force.

She also counsels health care clients and other business entities on a broad range of privacy and data security issues, including the HIPAA Privacy Rule and Security Standards, including requirements under HITECH and the HIPAA Omnibus Rule, 42 CFR Part 2, and state-imposed medical privacy laws. She regularly assists clients with data breach response and mitigation, the implementation of HIPAA-mandated policies and procedures, privacy audits, third-party requests for information, and review of HIPAA-related contracts and forms. She has successfully defended clients in both civil and criminal HIPAA enforcement actions and regularly assists clients with the management of data breaches and other losses of protected health information.

Before joining Mintz, Dianne was an associate staff attorney at the Lahey Clinic, where she provided general counsel services to medical, professional, and administrative staff. She also served as counsel to the Institutional Review Board, the Ethics Committee, the Intellectual Property and Technology Transfer Committee, and the Genetics Advisory Board. Before joining the Lahey Clinic’s legal staff, she worked in the research administration department. Her responsibilities included drafting a regulatory compliance manual detailing laws of concern in basic, clinical, and animal research, continually reviewing relevant regulations to ensure compliance for institutional programs, and researching and advising clients on a broad range of regulatory matters.

Dianne was the first Suffolk University law student to graduate with a concentration in Health Care and Biomedical Law. She formerly served as an adjunct professor at Stonehill College, teaching an undergraduate Health Care Law course.

Dianne is a contributor to the Mintz Health Law & Policy Matters blog as well as the Privacy & Security Matters blog.


  • Suffolk University (MPA)
  • Suffolk University Law School (JD)
  • Boston College (BA)


  • Provided strategic counsel to a start-up medical application company that has devised a method to detect mild cognitive impairment as a precursor to more significant cognitive diseases.
  • Counseled a publically traded medical device company on risk management advice and helped them manage multiple significant adverse events following suspension of trial by the FDA.
  • Assisted our client, a manufacturer of smart, wireless prescription bottles, with structuring their patient interface to be consistent with privacy and data security laws and other regulatory issues.

Recognition & Awards

  • Chambers USA: Massachusetts – Healthcare (2015 – 2017)
  • Best Lawyers in America: Health Care Law (2020)

Recent Insights

News & Press



Practice Intro Healthcare Compliance Fraud Abuse Regulatory Counseling Mintz

HHS Proposes Sweeping Changes to AKS and Stark Law, Part 2: Cybersecurity Technology and Electronic Health Records

October 21, 2019 | Blog | By Karen Lovitch, Dianne Bourque, Theresa Carnegie, Rachel Yount

On October 17, 2019, the Department of Health & Human Services published two proposed rules that, if finalized, would implement significant changes to the Anti-Kickback Statute (AKS) and the Physician Self-Referral Law (commonly known as the Stark Law). This post is the latest installment in our blog series covering these proposed rules.
On August 22, the Substance Abuse and Mental Health Services Administration (“SAMHSA”) announced a new proposed rule (the “Proposed Rule”) amending 42 CFR part 2 (“Part 2”), which is aimed at protecting patient records created by federally funded programs for the treatment of substance use disorder (“SUD”). The Proposed Rule is aimed at alleviating these concerns within the constraints of the underlying statute, while also addressing the increasingly urgent need to streamline SUD services in light of the opioid epidemic. Here we’ll discuss some of the major changes under the Proposed Rule while highlighting the challenges that remain.

Another Chance for HIPAA and Part 2 Harmony?

July 22, 2019 | Blog | By Dianne Bourque, Matt Mora

There are reports that HHS plans to issue a proposed rule next month, which would again amend 42 CFR Part 2 (“Part 2”) and modify how the medical records of patients with substance abuse disorders are currently shared between providers. Part 2 amendments, especially amendments to align Part 2 with the Health Insurance Portability and Accountability Act (“HIPAA”), would be welcome news to the many stakeholders in the industry who have repeatedly voiced their concerns regarding the regulatory hurdles that surround the disclosure of drug and alcohol treatment records.
Health Privacy

Health Care & Cybersecurity: A Powerful Combination

May 14, 2019 | Blog | By Cynthia Larose

The adoption of connected medical devices and the Internet of Medical Things (IoMT) has both enhanced the quality of patient care and increased the vulnerability of health care organizations. Sophisticated cyberattacks on hospitals and health systems threaten patient safety and impose substantial financial costs.
Viewpoint General
On June 28, 2018, California passed the California Consumer Privacy Act (CCPA) and then further amended it on September 23, 2018. CCPA breaks new state law privacy ground, and this post addresses some of the confusion surrounding the exemptions for health information.
Viewpoint General
Software developers are racing to develop health care products that leverage artificial intelligence (AI), including machine learning and deep learning. Examples include software that analyzes radiology images and pathology slides to help physicians diagnose disease, electronic health records software that automates routine tasks, and software that analyzes genetic information to support targeted treatment. The one thing that all of these products have in common is a need to interact, in some way, with real world medical data. However, this real world data can be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as well as a patchwork of federal and state laws and regulations. Below we discuss the contexts in which developers may encounter these laws, as well as strategies to navigate related legal issues.
Mintz Levin has updated the Mintz Matrix, a comprehensive summary of the data breach notification laws that now exist in all 50 states (South Dakota and Alabama finally caved and enacted their own laws). It’s critical that HIPAA-regulated entities monitor these state laws because they apply simultaneously, and often conflict with, HIPAA.

Bah, Humbug! HIPAA Compliance Isn’t Getting Any Easier

December 21, 2017 | Blog | By Dianne Bourque, Ellen Janos

As we look back on 2017, one message is clear: don’t be a Scrooge when it comes to HIPAA compliance. With ever-evolving security threats and unrelenting enforcement, regulated entities must maintain a spirit of compliance that lasts the whole year through.

Proposed Law Would Criminalize Failures to Report Data Breaches

December 12, 2017 | Blog | By Dianne Bourque, Ryan Cuthbertson

A draft bill recently introduced in the U.S. Senate serves as a good reminder that compliance with data breach reporting requirements is critical.

HIPAA and Other Privacy Considerations at Play when Building a Health App

November 8, 2017 | Blog | By Dianne Bourque, Cynthia Larose

Consumers are increasingly turning to health apps for a variety of medical and wellness-related purposes. This has in turn caused greater amounts of data—including highly sensitive information—to flow through these apps.

News & Press

Don’t Forget About State Laws on HIPAA Breaches

May 10, 2019 | Renal & Urology News

Mintz health care lawyer Dianne Bourque is quoted in this article, which addresses a host of state legislatures—often via consumer protection laws—are redefining what is considered a breach and how providers will need to handle reporting.

Anthem Settlement Holds Lessons on Data Breaches, Costs

December 1, 2018 | Health Risk Management

This feature article discuses key takeaways following Anthem’s $115 million settlement – one of the largest following a consumer data breach. Mintz Member Dianne Bourque is among the sources discussing what the health care industry can learn.
This article takes a closer look at a hack of Obamacare enrollment records. The piece notes that the breach could lead to an in-depth investigation of the government agency responsible for the federal health-care exchange. It is further noted that this hack could serve as a wake-up call for the government. Member Dianne Bourque is among the industry sources quoted.
Mintz Member Dianne Bourque was quoted in a Bloomberg Law article regarding the possible exposure of patients’ personal data due to cyberattacks on computer chips. Health care organizations are urged to install the most current security patches for their computer networks.
Dianne Bourque, a Member in the firm’s Health Law Practice, was among the group of experts quoted in a Law360 article regarding how a Blue Cross Executive’s divulging of private information about a patient likely triggered an alert with HIPAA's privacy protections. 
Mintz Members will be participating in multiple panel discussions at the 2017 Boston Conference on Cyber Security hosted by Boston College and the FBI. The event presents an opportunity for leading minds to come together and fashion a more secure cyberspace.
Attorneys from Mintz represented Myriad Genetics, Inc. in its acquisition of Assurex Health, an informatics-based precision medicine company providing treatment decision support to health care providers for mental health patients.
Dianne Bourque, a Member in the firm’s Health Law Practice, is quoted in this Law360 article on a Chicago nurse’s tweets of pictures of a shooting victim’s hospital room. The tweet brought about allegations of privacy violations and a lawsuit against the hospital claiming as much.
Firm’s National Healthcare Practice, NY Corporate/M&A and Litigation: General Commercial Among Newest Rankings
Dianne Bourque, a Member in the firm’s Health Law Practice, is quoted in this Part B News article discussing the new HIPAA federal privacy rule for gun control.
The 2015 Chambers USA: America's Leading Lawyers for Business guide names 52 Mintz, Cohn, Ferris, Glovsky and Popeo, P.C.  attorneys as “Leaders in Their Fields.”



Health and Hospital Law: MCLE BasicsPlus

MCLE Conference Center, 10 Winter Place, via Winter Street


Health and Hospital Law: MCLE BasicsPlus

MCLE Conference Center, 10 Winter Place, via Winter Street


Health Care & Cybersecurity: A Powerful Combination

ML Strategies, 701 Pennsylvania Ave, NW, Suite 900, Washington, DC 20004


MCLE New England's 20th Annual Hospital & Health Law Conference 2019

Conflict of Interest and Research Compliance

Ten Winter Place, Boston


New England Healthcare Executive Network Meeting

NE Healthcare Executive Network

Boston, MA


Anatomy of a HIPAA Breach Master Track

American Bar Association



Employee Benefits & Healthcare Congress

Employer Healthcare & Benefits Congress (EHBC)

Orange County Convention Center, 9800 International Drive, Orlando, FL