Photo of Ellen H. Moskowitz

Ellen is a senior counsel in the Corporate Department and a member of the Health Care Group. She assists clients in the health care, life sciences, sports and non-profit industries.

Ellen advises on complex health care regulatory matters, health privacy and data security issues, and health-related labor and employment matters.  Her work with social services and charitable organizations particularly focuses on corporate governance matters.  Ellen’s clients are diverse, spanning hospital systems, physician groups and other health care providers and associations, health technology companies, social services and charitable organizations, professional sports leagues, pharmaceutical and medical device companies, private equity firms, health plans, health management companies, and tissue banks and organ procurement organizations.

Ellen is accredited by the International Association of Privacy Professionals as a certified information privacy professional in the U.S. private sector. She has written and lectured widely on health care law, policy and ethics.

Before joining Proskauer, Ellen was an associate for law with The Hastings Center, a private, nonpartisan education and research institute that examines ethical and policy issues in medicine, health and the environment. She also has served as associate counsel to the New York State Task Force on Life and the Law, a state law reform commission, where she helped to develop laws and regulations on care of the dying, organ transplantation and assisted reproduction.

Reflecting the movement to toughen data security laws on a state-by-state basis, on July 25, 2019, Governor Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act” or the “Act”). The Act amends New York State’s current data breach notification law, which covers breaches

On November 19, 2015, Lahey Hospital and Medical Center (“Lahey”) entered into an $850,000 settlement with the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) for alleged violations of the Health Insurance Portability and Accountability Act of 1996 or “HIPAA”. As part of the settlement, Lahey must adopt a robust corrective action plan, which became operational on November 19, 2015, and will last for two years.

The settlement reinforces the importance of conducting HIPAA risk assessments with respect to the individually identifiable information in electronic form that is protected by HIPAA, referred to as “electronic protected health information” or “ePHI.”  The settlement also underscores that covered entities must timely identify and respond to security incidents, and promptly mitigate any harmful effects. In addition, the settlement highlights the critical nature of physical workstation security, in particular where health care delivery involves the use of portable devices that store ePHI, and the value of employing technical solutions that encrypt data at rest that is stored on portable devices.

Authors: Roger Cohen, Paul Hamburger, Kristen Mathews, Ellen Moskowitz, Richard Zall

Anthem Inc. (Anthem), the nation’s second-largest health insurer, revealed late on Wednesday, February 4 that it was the victim of a significant cyber attack. According to Anthem, the attack exposed personal information of approximately 80 million individuals, including those insured by related Anthem companies.