Joseph A. Dickinson, CHPC

Overview

With a background in both business and law, Joe has a unique understanding of the challenges his clients face, and he crafts data privacy and security programs for real-world applications.

Joe has more than 30 years of experience in the areas of data use, privacy, and cybersecurity. He regularly advises technology and healthcare companies and government entities, helping to identify their data privacy and cybersecurity risks. Joe also designs and manages programs and policies that minimize those risks.

He defends clients against state and federal governmental agency enforcement investigations, and assists with data breach response and data privacy assessments, information security compliance audits, and cyber investigations, including managing third-party forensic investigations. Joe also has led diligence efforts on all levels of business transactions that have identified and managed data-related issues having 7-figure potential impacts representing buyers, sellers, and investors.

Joe’s experience covers multiple privacy and security issues facing entities in the private and public sectors. He has worked with clients in the development of data privacy and cybersecurity programs, global data breach response, cross-border data transfers, HIPAA, GDPR, CAN-SPAM, and CCPA compliance, technology licensing, and transfer agreements, contracts involving data flows, and management of the related legal risks and obligations, intellectual property and information technology, governmental privacy-related investigations, and internal investigations related to corporate compliance.

Working closely with each client to build tailored programs and policies appropriate for the business, industry, and stage of development, Joe also assists with IoT risks, cloud services, and big data analytics. Joe evaluates the software development process, privacy by design, and counsels clients on responding to software audit requests and advising on the risks associated with the use of the Internet across international jurisdictions.

Before re-entering private practice, Joe served in-house as Chief Privacy and Chief Information Security Officer for a large Midwest academic medical system. He also managed the legal issues associated with global data sharing for a Big 4 accounting/consulting firm.

A recognized thought leader on data privacy, cybersecurity, and healthcare topics, Joe is Certified in Healthcare Privacy Compliance (CHPC®).

Community & Professional

Board of Advisors, North Carolina Technology Association
Member, Duke Law Center for Judicial Studies - North Carolina Thought Leadership Committee
Member, International Association of Privacy Professionals
Member, Health Care Compliance Association
Certified in Health Care Privacy Compliance (CHPC®)
Data Privacy and Security Committee, University HealthSystem Consortium
Cleveland-Marshall College of Law
National Advisory Board, Center for Cybersecurity and Privacy Protection
Advisory Council, Center for Health Law & Policy
The Sedona Conference®
Working Group Series Program, Data Security and Privacy Liability - Working Group 11
Member, American Health Lawyers Association
Member, Association of Corporate Counsel, Northeast Ohio Chapter
Member, North Carolina Bar Association, Privacy & Data Security Section
Member, Cleveland Metropolitan Bar Association, Healthcare Practice Group
Member, Ohio State Bar Association
Member, American Bar Association
Member, National Asian Pacific American Bar Association

Experience

Advised a private equity fund and its healthcare solutions portfolio company in the acquisition of consulting, and data management company.
Managed a global data breach involving 27 countries and more than 500 data servers.
Lead the response teams for hundreds of national and international data incidents and breaches.
Leads engagements for breach analysis, notification obligations, incident investigations, and regulatory compliance.
Coordinates forensic investigations.
Leads post-breach privacy and security gap remediation.
Oversees the buy-side and sell-side privacy/cybersecurity due diligence efforts for multi-million-dollar transactions.
Leads incident response preparations and tabletop exercises.
Develops and leads privileged forensic investigations, vulnerability assessments, and compliance reviews.
Assesses and operationalizes international data processing and data transfer protocols.

Media

Presentations

Speaker, “Like Healthcare Providers, Credit Unions are High Priority Targets for Hackers”, Carolinas Credit Union League (CCUL), LAUNCH 2023

Speaker, “Information Blocking: Chaos, Confusion, and Non-Compliance”, American Health Law Association (AHLA), Physicians and Hospitals Law Institute, January 2023

Speaker, “Data Privacy & Security Ethics”, 21^st Annual Maynard Nexsen In-House Counsel Ethics CLE, October 2022

Speaker, "The Privacy Mindset of the U.S. v. EU: Implications for U.S. Businesses in a Post-COVID Era", Federal Bar Association Annual Meeting& Convention, September 2022

Speaker, To Infinity and Beyond: Coordinating Incident Response Obligations–HIPAA, State Law, International Law, and Beyond”, American Health Law Association Fraud & Compliance Forum, September 2022

Webinar Panelist, “Cybersecurity in the Age of COVID-19,” Curi – A Medical Mutual Co. Webinar, December 8, 2020

Presenter, “GDPR/Data Privacy,” NCACPA 81st Annual Virtual Conference, November 18, 2020

Presenter, “Incident Response,” NCACPA 81st Annual Virtual Conference, November 16, 2020

Co-Panelist, "Health Care Sector Deep Dive," Cleveland-Marshall College of Law Cybersecurity & Privacy Protection Virtual Conference 2020, September 18, 2020

Webinar, Co-Presenter, "Managing Remote Access & Incident Response Remotely Workshop," NC TECH Webinar in Partnership with TCDI, June 17, 2020

Co-Presenter, "Cyber Security," NCACPA's Business & Industry Spring Conference, May 20, 2020

Co-Presenter, "The Role of Cyber-Insurance," WSJ Pro Cybersecurity Symposium, March 9, 2020

Co-Presenter, "Data Privacy, Cybersecurity, & HIPAA for Practitioners," NCACPA's 80th Annual Symposium, November 19, 2019

Co-Presenter, "Cyber Security and Health Care Privacy," HCCA 2019 Healthcare Enforcement Conference, November 3, 2019

Panelist, "Cybersecurity Panel Discussion," Total Computer Solutions, Greensboro, N.C., October 17, 2019

Panelist, "Pathways to Employment in International Law," Duke University School of Law, September 25, 2019

Speaker, "Overview of Data Privacy/Cybersecurity and Practical Implications," CED Accelerate Series, Research Triangle Park, N.C., June 25, 2019

Co-Speaker, "What Do Carnegie Hall and Good Security Incident Response Plans Have in Common?" HCCA's 23rd Annual Compliance Institute, April 8, 2019

Panelist, "General Data Protection Regulation (GDPR) – Info and Impacts," Visit North Carolina 365 Conference, April 1, 2019

Insights

05.18.2023 | Article
Cybersecurity in the Construction Industry. Know Your Risks and Take Steps to Protect your Company
04.17.2023 | Article
The DOJ’s Heightened Focus on the False Claims Act and Cybersecurity: Six Steps for Healthcare Providers to Implement to Stave Off Cybersecurity FCA Actions
10.12.2022 | Article
Cybersecurity and Data Management for Life Sciences Companies: Key Considerations and Issues for Leadership

Videos/Podcasts

Joe Dickinson Shares Insights on Data Privacy and Cybersecurity Issues Facing Organizations.
Organizations of all sizes and across multiple industries should be aware of the daily privacy and security issues facing them.
More Info ›

Podcasts

09.27.2022 | Taking the Pulse: A Health Care & Life Sciences Podcast - Episode 114: Joe Dickinson, Cybersecurity Attorney Nexsen Pruet
Hosts Matthew Roberts and Amanda Loveday welcome their colleague Joe Dickinson, a Nexsen Pruet cybersecurity attorney, for episode 114. Joe discusses how matters of data governance, privacy, and cybersecurity are increasing concerns in the health care and life sciences sectors. They dive into what health care leaders should do to protect their business, meet regulations, and more.