Dianne advises a variety of health care clients on a broad range of issues, including licensure, regulatory, contractual, and risk management matters, and patient care. As former in-house counsel to an academic medical center, a large part of her practice involves counseling researchers and research sponsors in matters related to FDA and OHRP regulated clinical research, including patient consent, access to and use of tissue and associated patient information, and the Institutional Review Board process.
She also counsels health care clients and other business entities on a broad range of privacy and data security issues, including the HIPAA Privacy Rule and Security Standards, including requirements under HITECH and the HIPAA Omnibus Rule, 42 CFR Part 2, and state-imposed medical privacy laws. She regularly assists clients with data breach response and mitigation, the implementation of HIPAA-mandated policies and procedures, privacy audits, third-party requests for information, and review of HIPAA-related contracts and forms. She has successfully defended clients in both civil and criminal HIPAA enforcement actions and regularly assists clients with the management of data breaches and other losses of protected health information.
Before joining Mintz, Dianne was an associate staff attorney at the Lahey Clinic, where she provided general counsel services to medical, professional, and administrative staff. She also served as counsel to the Institutional Review Board, the Ethics Committee, the Intellectual Property and Technology Transfer Committee, and the Genetics Advisory Board. Before joining the Lahey Clinic’s legal staff, she worked in the research administration department. Her responsibilities included drafting a regulatory compliance manual detailing laws of concern in basic, clinical, and animal research, continually reviewing relevant regulations to ensure compliance for institutional programs, and researching and advising clients on a broad range of regulatory matters.
Dianne was the first Suffolk University law student to graduate with a concentration in Health Care and Biomedical Law. She formerly served as an adjunct professor at Stonehill College, teaching an undergraduate Health Care Law course.
Dianne is a contributor to the Mintz Health Law & Policy Matters blog as well as the Privacy & Security Matters blog.
Experience
- Provided strategic counsel to a start-up medical application company that has devised a method to detect mild cognitive impairment as a precursor to more significant cognitive diseases.
- Counseled a publically traded medical device company on risk management advice and helped them manage multiple significant adverse events following suspension of trial by the FDA.
- Assisted our client, a manufacturer of smart, wireless prescription bottles, with structuring their patient interface to be consistent with privacy and data security laws and other regulatory issues.
viewpoints
A New Decade of HIPAA: What Can We Expect?
December 23, 2019 | Blog | By Dianne Bourque, Ellen Janos
As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old. It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the first breach notification rule – the one based on the harm standard. And the Omnibus Rule’s “low probability of compromise” standard is almost seven years old! Regulators and regulated entities are heading into the new year and decade with a lot of momentum on some important issues. As we prepare to welcome 2020, we’d like to indulge in a bit of hindsight – as well as speculation – about what the new decade might hold for HIPAA-regulated entities.
Read more
HHS Proposes Sweeping Changes to AKS and Stark Law, Part 2: Cybersecurity Technology and Electronic Health Records
October 21, 2019 | Blog | By Karen Lovitch, Dianne Bourque, Theresa Carnegie, Rachel Yount
On October 17, 2019, the Department of Health & Human Services published two proposed rules that, if finalized, would implement significant changes to the Anti-Kickback Statute (AKS) and the Physician Self-Referral Law (commonly known as the Stark Law). This post is the latest installment in our blog series covering these proposed rules.
Read more
Part 2 Proposed Rule Brings Clarity and Reduces Regulatory Burdens for Substance Use Disorder Providers, but Challenges Remain
September 3, 2019 | Blog | By Dianne Bourque, Cassandra Paolillo
On August 22, the Substance Abuse and Mental Health Services Administration (“SAMHSA”) announced a new proposed rule (the “Proposed Rule”) amending 42 CFR part 2 (“Part 2”), which is aimed at protecting patient records created by federally funded programs for the treatment of substance use disorder (“SUD”). The Proposed Rule is aimed at alleviating these concerns within the constraints of the underlying statute, while also addressing the increasingly urgent need to streamline SUD services in light of the opioid epidemic. Here we’ll discuss some of the major changes under the Proposed Rule while highlighting the challenges that remain.
Read more
Another Chance for HIPAA and Part 2 Harmony?
July 22, 2019 | Blog | By Dianne Bourque
There are reports that HHS plans to issue a proposed rule next month, which would again amend 42 CFR Part 2 (“Part 2”) and modify how the medical records of patients with substance abuse disorders are currently shared between providers. Part 2 amendments, especially amendments to align Part 2 with the Health Insurance Portability and Accountability Act (“HIPAA”), would be welcome news to the many stakeholders in the industry who have repeatedly voiced their concerns regarding the regulatory hurdles that surround the disclosure of drug and alcohol treatment records.
Read more
Health Care & Cybersecurity: A Powerful Combination
May 14, 2019 | Blog | By Cynthia Larose
The adoption of connected medical devices and the Internet of Medical Things (IoMT) has both enhanced the quality of patient care and increased the vulnerability of health care organizations. Sophisticated cyberattacks on hospitals and health systems threaten patient safety and impose substantial financial costs.
Read more
Complying with the California Consumer Privacy Act: Are Health Care Organizations "Home Free"?
April 4, 2019 | Blog
On June 28, 2018, California passed the California Consumer Privacy Act (CCPA) and then further amended it on September 23, 2018. CCPA breaks new state law privacy ground, and this post addresses some of the confusion surrounding the exemptions for health information.
Read more
Strategies to Unlock AI's Potential in Health Care, Part 3: HIPAA and Other Privacy Considerations
October 25, 2018 | Blog | By Dianne Bourque
Software developers are racing to develop health care products that leverage artificial intelligence (AI), including machine learning and deep learning. Examples include software that analyzes radiology images and pathology slides to help physicians diagnose disease, electronic health records software that automates routine tasks, and software that analyzes genetic information to support targeted treatment. The one thing that all of these products have in common is a need to interact, in some way, with real world medical data. However, this real world data can be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as well as a patchwork of federal and state laws and regulations. Below we discuss the contexts in which developers may encounter these laws, as well as strategies to navigate related legal issues.
Read more
50 Reasons to Download the Newly-Updated Mintz Data Breach Matrix
May 4, 2018 | Blog | By Dianne Bourque
Mintz Levin has updated the Mintz Matrix, a comprehensive summary of the data breach notification laws that now exist in all 50 states (South Dakota and Alabama finally caved and enacted their own laws). It’s critical that HIPAA-regulated entities monitor these state laws because they apply simultaneously, and often conflict with, HIPAA.
Read more
Bah, Humbug! HIPAA Compliance Isn’t Getting Any Easier
December 21, 2017| Blog|
Proposed Law Would Criminalize Failures to Report Data Breaches
December 12, 2017 | Blog | By Dianne Bourque, Ryan Cuthbertson
A draft bill recently introduced in the U.S. Senate serves as a good reminder that compliance with data breach reporting requirements is critical.
Read more
News & Press
In a Report on Patient Privacy article, Members Dianne Bourque and Lara Compton shed light on the termination of HIPAA enforcement discretions post-COVID-19. The HHS Office for Civil Rights officially reinstated its authority over telehealth on August 9, necessitating a rapid reassessment of compliance for covered entities and business associates.
Mintz is pleased to announce that 120 firm attorneys have been recognized as leaders by Best Lawyers® in the 2024 edition of The Best Lawyers in America©.
BOSTON –Mintz announced today that 39 of its practices and 81 of its attorneys earned recognition in the 2023 edition of Chambers USA, a guide to the country’s leading law firms.
HHS Proposes Rule Shoring Up HIPAA To Protect Reproductive Health Data, Including Around abortions
April 12, 2023
Health Care Dive interviewed Member Dianne Bourque about the Biden administration's proposed new rule that would ban health care entities from sharing patient information.
2023’s Largest Health Data Breach So Far Brings Legal Flurry
March 14, 2023
Member Dianne Bourque spoke to Bloomberg Law about Regal Medical Group's cyberattack that resulted in the exposure of over 3 million patients' health information.
Axios interviewed Member Dianne Bourque about health privacy in the post-Roe digital age.
Boston Legal Teams Brace For Wave Of Uncharted Battles Over Abortion
September 2, 2022
Meta’s Pixel Cases Stir Trouble for Health Site Tracking Tools
August 10, 2022
HIPAA Faces Test in New Abortion Reality
August 10, 2022
Five Mintz Attorneys Recognized as Client Service All-Stars by BTI
February 08, 2022
Medicare AI Will Infer Race to Close Health Equity Gap
August 5, 2021
Mintz Member Dianne Bourque was quoted in an article published by Bloomberg Law about how the Centers for Medicare & Medicaid Services (CMS) has proposed the use of an algorithm in hospitals that guesses people’s race to improve health inequity gaps. The artificial intelligence is intended to serve as a stand-in until CMS can get patients to self-identify.
Mintz Member Dianne J. Bourque was quoted in an article published by MedCity News speaking on the errant email that exposed hundreds of One Medical patients' email addresses. Specifically, she addressed reporting obligations and the impact of the security lapse.
Mintz Member Dianne J. Bourque was quoted in an article published by Bloomberg Law on privacy concerns associated with the federal government’s collection of personal information, including race and ethnicity information, to track Americans getting the COVID-19 vaccine.
Corporate Secrets at Risk in Hack of U.S. Courts Documents
January 8, 2021
Mintz Member Dianne J. Bourque was quoted in an article published by Bloomberg Law on a cyberhack of the U.S. federal courts filing system. Specifically, she addressed why it may be particularly problematic for patients and health-care providers that are involved in litigation.
Amazon’s Pharmacy Venture Opens New Privacy, Security Law Risks
November 30, 2020
In Bloomberg Law, Mintz Member Dianne Bourque commented on some of the state and federal privacy laws protecting patient data that Amazon will have to navigate with the launch of its new online pharmacy business.
Hospital Ransomware Attacks Spotlight Need for Security Steps
November 4, 2020
In Bloomberg Law, Mintz Member Dianne Bourque shared cybersecurity best practices for health care providers, particularly in light of recent ransomware attacks targeting hospitals across the country.
Fertility Tracking Apps Get Tough Look From States Over Privacy
October 14, 2020
Mintz Member Dianne Bourque was quoted in an article published by Bloomberg Law on privacy concerns with mobile fertility apps as they are not covered by the Health Insurance Portability and Accountability Act.
The Virus Shot Goes in Your Arm, but Where Does Your Data Go?
September 24, 2020
Mintz Member Dianne Bourque was quoted in an article published by Bloomberg Law on privacy protections and related concerns as the federal government is working with states and private companies to allow immunization databases to share data as part of a COVID-19 vaccine distribution plan.
Mintz Advises Partners In Health on Massachusetts COVID-19 Community Tracing Collaborative
April 08, 2020
Firm provides pro bono legal counsel to global health nonprofit on groundbreaking initiative to slow the spread of COVID-19 in the Commonwealth of Massachusetts.
Trump Keeps Touting an Unproven Coronavirus Treatment. It’s Now Being Tested on Thousands in New York
March 31, 2020
Mintz Member Dianne Bourque was quoted in an article published by the Washington Post on New York’s efforts to distribute tens of thousands of doses of anti-malarial drugs as an experimental, unproven treatment for seriously ill coronavirus patients.
Does Epic’s CEO Have A Point On Privacy?
February 24, 2020
Mintz Member Dianne J. Bourque was quoted extensively in an article published by MedCity News on privacy considerations for individuals that opt to share their data with mobile health apps.
On Bloomberg Television, Mintz Member Dianne Bourque Discusses Google’s Deal with Ascension Hospitals
November 19, 2019
Mintz Member Dianne Bourque appeared on Bloomberg Television’s “Bloomberg Technology” news program to discuss Google’s partnership with Ascension, the nation’s second-largest health system, which includes sharing the personal health data of tens of millions of patients. Ms. Bourque addressed the legality of the arrangement under the Health Insurance Portability and Accountability Act (HIPAA), compliance under the federal privacy law, and legal limitations for using the health data.
The full show is available here, and the segment featuring Ms. Bourque runs from 29:47 - 35:15.
The full show is available here, and the segment featuring Ms. Bourque runs from 29:47 - 35:15.
Google Is Slurping Up Health Data—and It Looks Totally Legal
November 18, 2019
An article published by Wired detailed Google’s partnership with Ascension, the nation’s second-largest health system, which includes sharing the personal health data of tens of millions of patients. In the article, Mintz Member Dianne Bourque was quoted on the legality of the arrangement under the Health Insurance Portability and Accountability Act (HIPAA) and legal limitations for using the health data.
Don’t Forget About State Laws on HIPAA Breaches
May 10, 2019
Mintz health care lawyer Dianne Bourque is quoted in this article, which addresses a host of state legislatures—often via consumer protection laws—are redefining what is considered a breach and how providers will need to handle reporting.
Anthem Settlement Holds Lessons on Data Breaches, Costs
December 1, 2018
This feature article discuses key takeaways following Anthem’s $115 million settlement – one of the largest following a consumer data breach. Mintz Member Dianne Bourque is among the sources discussing what the health care industry can learn.
Obamacare Enrollment Data Breach May Trigger Privacy Probe
October 24, 2018
This article takes a closer look at a hack of Obamacare enrollment records. The piece notes that the breach could lead to an in-depth investigation of the government agency responsible for the federal health-care exchange. It is further noted that this hack could serve as a wake-up call for the government. Member Dianne Bourque is among the industry sources quoted.
Cyberattacks Targeting Computer Chips May Expose Health-Care Data
January 19, 2018
Mintz Member Dianne Bourque was quoted in a Bloomberg Law article regarding the possible exposure of patients’ personal data due to cyberattacks on computer chips. Health care organizations are urged to install the most current security patches for their computer networks.
Dianne Bourque, a Member in the firm’s Health Law Practice, was among the group of experts quoted in a Law360 article regarding how a Blue Cross Executive’s divulging of private information about a patient likely triggered an alert with HIPAA's privacy protections.
Mintz Members will be participating in multiple panel discussions at the 2017 Boston Conference on Cyber Security hosted by Boston College and the FBI. The event presents an opportunity for leading minds to come together and fashion a more secure cyberspace.
Mintz Represents Myriad Genetics in Acquisition of Assurex Health
September 08, 2016
Attorneys from Mintz represented Myriad Genetics, Inc. in its acquisition of Assurex Health, an informatics-based precision medicine company providing treatment decision support to health care providers for mental health patients.
Nurse's Gory Tweets Leave Privacy Attys Gobsmacked
August 9, 2016
Dianne Bourque, a Member in the firm’s Health Law Practice, is quoted in this Law360 article on a Chicago nurse’s tweets of pictures of a shooting victim’s hospital room. The tweet brought about allegations of privacy violations and a lawsuit against the hospital claiming as much.
Firm’s National Healthcare Practice, NY Corporate/M&A and Litigation: General Commercial Among Newest Rankings
Tell Gun-Toting Patients That New HIPAA Gun Rule Isn’t about Them
January 18, 2016
Dianne Bourque, a Member in the firm’s Health Law Practice, is quoted in this Part B News article discussing the new HIPAA federal privacy rule for gun control.
The 2015 Chambers USA: America's Leading Lawyers for Business guide names 52 Mintz, Cohn, Ferris, Glovsky and Popeo, P.C. attorneys as “Leaders in Their Fields.”
Events & Speaking
Speaker
Speaker
Sep
30
2020
Clinical Trial Risk Management during COVID-19
Advanced Medical Technology Association's Virtual MedTech Conference
Online Event
Speaker
Apr
7
2020
Everything Life Sciences Companies Need to Know to Navigate the COVID-19 Pandemic
View the Webinar Recording
Speaker
Mar
30
2020
Coronavirus (COVID-19): Managing the Privacy & Cybersecurity Risks
View the Webinar Recording
Mar
25
2020
Telehealth: Keeping Up with the Fast-Moving Federal and State Regulatory Landscape During the COVID-19 Pandemic
View the Webinar Recording
Mar
2
2020
Healthcare Law & Compliance Institute: Taming Technology
How to Maximize Innovation While Minimizing Risk
Amelia Island, Florida
Speaker
Nov
14
2019
Health and Hospital Law: MCLE BasicsPlus
MCLE Conference Center, 10 Winter Place, via Winter Street
Panelist
Jun
19
2019
Health Care & Cybersecurity: A Powerful Combination
ML Strategies, 701 Pennsylvania Ave, NW, Suite 900, Washington, DC 20004
Speaker
May
23
2019
MCLE New England's 20th Annual Hospital & Health Law Conference 2019
Conflict of Interest and Research Compliance
Ten Winter Place, Boston
Speaker
Speaker
Panelist
Speaker
Speaker
Panelist
May
2
2016
Faculty
Panelist
Sep
27
2015
Employee Benefits & Healthcare Congress
Employer Healthcare & Benefits Congress (EHBC)
Orange County Convention Center, 9800 International Drive, Orlando, FL
Co-chair
Speaker
Speaker
Read less
Jul
23
2013
8 Weeks Until the HIPAA Omnibus Rule Compliance Date - How to Make the Most of Your Time
Mintz Levin Health Beat Webinar Series
Webinar
Recognition & Awards
Chambers USA: Massachusetts – Healthcare (2015-2017; 2021-2023)
BTI Consulting Group Client Service All-Star (2022)
Featured in Best Lawyers in America: Health Care Law (2020-2024)
Involvement
- Regular guest lecturer, Cybersecurity Policy & Governance Program, Boston College Woods College of Advancing Studies
Recent Insights
Health Care Privacy and Security in 2024: Six Critical Topics to Watch
January 25, 2024| Blog|
In a Report on Patient Privacy article, Members Dianne Bourque and Lara Compton shed light on the termination of HIPAA enforcement discretions post-COVID-19. The HHS Office for Civil Rights officially reinstated its authority over telehealth on August 9, necessitating a rapid reassessment of compliance for covered entities and business associates.
Mintz is pleased to announce that 120 firm attorneys have been recognized as leaders by Best Lawyers® in the 2024 edition of The Best Lawyers in America©.
