Dianne advises a variety of health care clients on a broad range of issues, including licensure, regulatory, contractual, and risk management matters, and patient care. As former in-house counsel to an academic medical center, a large part of her practice involves counseling researchers and research sponsors in matters related to FDA and OHRP regulated clinical research, including patient consent, access to and use of tissue and associated patient information, and the Institutional Review Board process.
She also counsels health care clients and other business entities on a broad range of privacy and data security issues, including the HIPAA Privacy Rule and Security Standards, including requirements under HITECH and the HIPAA Omnibus Rule, 42 CFR Part 2, and state-imposed medical privacy laws. She regularly assists clients with data breach response and mitigation, the implementation of HIPAA-mandated policies and procedures, privacy audits, third-party requests for information, and review of HIPAA-related contracts and forms. She has successfully defended clients in both civil and criminal HIPAA enforcement actions and regularly assists clients with the management of data breaches and other losses of protected health information.
Before joining Mintz, Dianne was an associate staff attorney at the Lahey Clinic, where she provided general counsel services to medical, professional, and administrative staff. She also served as counsel to the Institutional Review Board, the Ethics Committee, the Intellectual Property and Technology Transfer Committee, and the Genetics Advisory Board. Before joining the Lahey Clinic’s legal staff, she worked in the research administration department. Her responsibilities included drafting a regulatory compliance manual detailing laws of concern in basic, clinical, and animal research, continually reviewing relevant regulations to ensure compliance for institutional programs, and researching and advising clients on a broad range of regulatory matters.
Dianne was the first Suffolk University law student to graduate with a concentration in Health Care and Biomedical Law. She formerly served as an adjunct professor at Stonehill College, teaching an undergraduate Health Care Law course.
Dianne is a contributor to the Mintz Health Law & Policy Matters blog as well as the Privacy & Security Matters blog.
Dianne is a long-standing partner to our agency and her in-depth knowledge of our mission is key to our solutions.
- Health Care Client, Chambers USA 2024
Experience
- Provided strategic counsel to a start-up medical application company that has devised a method to detect mild cognitive impairment as a precursor to more significant cognitive diseases.
- Counseled a publically traded medical device company on risk management advice and helped them manage multiple significant adverse events following suspension of trial by the FDA.
- Assisted our client, a manufacturer of smart, wireless prescription bottles, with structuring their patient interface to be consistent with privacy and data security laws and other regulatory issues.
viewpoints
Health Care Privacy and Security in 2024: Six Critical Topics to Watch
January 25, 2024 | Blog | By Dianne Bourque, Madison Castle, Lara Compton, Ellen Janos, Pat Ouellette, Cassandra Paolillo
As we reflect on the flurry of activity in the health care data privacy and security space in 2023 and look ahead to what will continue to be a busy 2024, we are seeing the early stages of federal agency movement to align the regulatory environment with modern health care delivery, cutting-edge technologies, and innovative data-sharing techniques. Some of this work has been done in the form of federal agency guidance in which health care organizations will be looking for additional updates and there are also a handful of pending U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) proposals that call for substantial changes to the HIPAA Privacy Rule.
Are You Ready? How to Prepare for the End of OCR’s Public Health Emergency HIPAA Enforcement Discretion
May 1, 2023 | Blog | By Dianne Bourque, Lara Compton
In April, 2020, in an effort to facilitate a national pivot to telehealth in light of the COVID-19 Public Health Emergency (PHE), the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a policy of Health Insurance Portability and Accountability Act of 1996 (HIPAA) enforcement discretion for regulated health care providers (Covered Entities) implementing communications technologies that weren’t fully compliant with HIPAA or using those technologies in a manner that didn’t comply with HIPAA. Examples of flexibilities included allowing technology providers access to protected health information (PHI) without a HIPAA Business Associate Agreement (BAA). OCR’s enforcement discretion enabled Covered Entities to minimize the need for in-person visits for all kinds of health care services, not just COVID-19 related care. OCR also implemented flexibilities to promote public health during the COVID-19 pandemic; for example, it allowed for Business Associates to share COVID-19 data with government agencies for such purposes without specific authority to do so under BAAs.
OCR Proposes HIPAA Amendments to Protect Reproductive Health Care Information
April 13, 2023 | Blog | By Dianne Bourque, Kate Stewart, Pat Ouellette
In response to concerns about the confidentiality of protected health information (PHI) related to reproductive health care less than one year after Dobbs v. Jackson Women’s Health Organization decision, and the prospect of such PHI being weaponized by states and used against patients, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) has proposed amendments to the HIPAA Privacy Rule to protect that information.
Mintz Health Law: What We Are Grateful For
January 11, 2023 | Podcast | By Bridgette Keller
Bridgette Keller speaks with the Mintz Health Law team about what they are grateful for as they look back on a year of client service, mentorship, and working together as a team.
Is Your Website Collecting PHI Under OCR's New Tracking Technologies Bulletin?
December 7, 2022 | Blog | By Dianne Bourque, Lara Compton, Kathryn Edgerton, Cassandra Paolillo, Kate Stewart
Covered Entities and Business Associates should promptly and carefully review their use of online tracking technologies on their websites and mobile apps following a bulletin (Bulletin) published by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) last week. The Bulletin addresses multiple facets of compliance with HIPAA when using online third-party tracking technologies (Tracking Technologies). In doing so, OCR significantly expands its interpretation of the definition of Protected Health Information (PHI) to include, in some instances, identifiable information gathered by Tracking Technologies where a user visits a website and does not interact with the entity in any other way. In its Bulletin, OCR interprets the act of an individual visiting a website as evidence of a relationship or anticipated future relationship between the visitor and the entity.
Protecting Health Information Post Roe – Part 2: Steps for Health Care Providers
July 21, 2022 | Blog | By Cynthia Larose, Dianne Bourque
In this second of our two-part blog series on protecting health information post Roe, we discuss legal and practical strategies that health care providers can take to protect the information of their patients. State laws that restrict or criminalize abortions will require significant amounts of health information to enforce, putting new pressure on health care providers caught in the middle of competing obligations to their patients and to regulatory and law enforcement authorities making lawful requests for this information.
Protecting Health Information Post Roe Part 1: Steps for Women
July 5, 2022 | Blog | By Dianne Bourque, Cynthia Larose
Much has been written about how existing privacy laws such as HIPAA are unhelpful to women in the wake of Dobbs vs. Jackon Women's Health Organization ruling. In the first of this two-part blog post series, the Mintz team breaks down the legal rights and practical strategies that women can use to protect their own information.
The Risks of HIPAA Non-Compliance Can Survive – and Even Grow – Post Closing
June 3, 2021 | Blog | By Dianne Bourque, Stephnie John
HHS’ OCR Announces Enforcement Discretion for HIPAA Noncompliance Relating to Online COVID-19 Vaccination Appointment Scheduling Applications
February 25, 2021 | Blog
Fifth Circuit Vacates $4.3M HIPAA Penalty and Potentially Opens the Door for Future HIPAA Enforcement Challenges
January 25, 2021 | Blog | By Dianne Bourque
Beyond its harsh words for HHS, this opinion is notable for calling into question some longstanding HHS enforcement practices and interpretations of the HIPAA regulations. The opinion also makes clear that regulated entities should check the math when HHS levies a fine. Although limited in its precedential authority, the Fifth Circuit’s opinion, at the very least, gives HIPAA-regulated entities some new food for thought if faced with an HHS enforcement action.
News & Press
The Best Lawyers in America 2025 Recognizes 184 Mintz Attorneys across 56 Practice Areas
August 15, 2024
187 Mintz attorneys have been recognized by Best Lawyers® in the 2025 edition of The Best Lawyers in America©. Notably, three Mintz attorneys received 2025 “Lawyer of the Year” awards, and 64 firm attorneys were included in the 2025 edition of Best Lawyers: Ones to Watch.
Say Hello to the Company Shrink
July 22, 2024
Mintz announced today that 42 of its practices and 83 of its attorneys earned recognition in the 2024 edition of Chambers USA, a guide to the country’s leading law firms. Of those included in the guide, 18 attorneys and seven practice areas were awarded Chambers’ highest ranking, Band 1. The firm obtained new listings in three practice areas and 10 of its lawyers were recognized for the first time.
In a Report on Patient Privacy article, Members Dianne Bourque and Lara Compton shed light on the termination of HIPAA enforcement discretions post-COVID-19. The HHS Office for Civil Rights officially reinstated its authority over telehealth on August 9, necessitating a rapid reassessment of compliance for covered entities and business associates.
Mintz is pleased to announce that 120 firm attorneys have been recognized as leaders by Best Lawyers® in the 2024 edition of The Best Lawyers in America©.
BOSTON –Mintz announced today that 39 of its practices and 81 of its attorneys earned recognition in the 2023 edition of Chambers USA, a guide to the country’s leading law firms.
HHS Proposes Rule Shoring Up HIPAA To Protect Reproductive Health Data, Including Around abortions
April 12, 2023
Health Care Dive interviewed Member Dianne Bourque about the Biden administration's proposed new rule that would ban health care entities from sharing patient information.
2023’s Largest Health Data Breach So Far Brings Legal Flurry
March 14, 2023
Member Dianne Bourque spoke to Bloomberg Law about Regal Medical Group's cyberattack that resulted in the exposure of over 3 million patients' health information.
Axios interviewed Member Dianne Bourque about health privacy in the post-Roe digital age.
Boston Legal Teams Brace For Wave Of Uncharted Battles Over Abortion
September 2, 2022
Best Lawyers® recognized 108 firm attorneys in the 2023 edition of The Best Lawyers in America©. Notably, two Mintz attorneys – Poonam Patidar and Scott M. Stanton – received 2023 “Lawyer of the Year” awards, and 28 firm attorneys were included in the inaugural edition of Best Lawyers: Ones to Watch.
Meta’s Pixel Cases Stir Trouble for Health Site Tracking Tools
August 10, 2022
HIPAA Faces Test in New Abortion Reality
August 10, 2022
Five Mintz Attorneys Recognized as Client Service All-Stars by BTI
February 08, 2022
Medicare AI Will Infer Race to Close Health Equity Gap
August 5, 2021
Corporate Secrets at Risk in Hack of U.S. Courts Documents
January 8, 2021
Amazon’s Pharmacy Venture Opens New Privacy, Security Law Risks
November 30, 2020
Hospital Ransomware Attacks Spotlight Need for Security Steps
November 4, 2020
Fertility Tracking Apps Get Tough Look From States Over Privacy
October 14, 2020
The Virus Shot Goes in Your Arm, but Where Does Your Data Go?
September 24, 2020
Mintz Advises Partners In Health on Massachusetts COVID-19 Community Tracing Collaborative
April 08, 2020
Trump Keeps Touting an Unproven Coronavirus Treatment. It’s Now Being Tested on Thousands in New York
March 31, 2020
Does Epic’s CEO Have A Point On Privacy?
February 24, 2020
On Bloomberg Television, Mintz Member Dianne Bourque Discusses Google’s Deal with Ascension Hospitals
November 19, 2019
The full show is available here, and the segment featuring Ms. Bourque runs from 29:47 - 35:15.
Google Is Slurping Up Health Data—and It Looks Totally Legal
November 18, 2019
Don’t Forget About State Laws on HIPAA Breaches
May 10, 2019
Anthem Settlement Holds Lessons on Data Breaches, Costs
December 1, 2018
Obamacare Enrollment Data Breach May Trigger Privacy Probe
October 24, 2018
Cyberattacks Targeting Computer Chips May Expose Health-Care Data
January 19, 2018
Mintz Represents Myriad Genetics in Acquisition of Assurex Health
September 08, 2016
Nurse's Gory Tweets Leave Privacy Attys Gobsmacked
August 9, 2016
Tell Gun-Toting Patients That New HIPAA Gun Rule Isn’t about Them
January 18, 2016
Events & Speaking
Which Hat Are You Wearing? HIPAA and Privacy in Value Based Care
ABA National Managed Care Institute 2024
New York, New York
Clinical Trial Risk Management during COVID-19
Advanced Medical Technology Association's Virtual MedTech Conference
Online Event
Everything Life Sciences Companies Need to Know to Navigate the COVID-19 Pandemic
View the Webinar Recording
Coronavirus (COVID-19): Managing the Privacy & Cybersecurity Risks
View the Webinar Recording
Telehealth: Keeping Up with the Fast-Moving Federal and State Regulatory Landscape During the COVID-19 Pandemic
View the Webinar Recording
Healthcare Law & Compliance Institute: Taming Technology
How to Maximize Innovation While Minimizing Risk
Amelia Island, Florida
Health and Hospital Law: MCLE BasicsPlus
MCLE Conference Center, 10 Winter Place, via Winter Street
Health Care & Cybersecurity: A Powerful Combination
ML Strategies, 701 Pennsylvania Ave, NW, Suite 900, Washington, DC 20004
MCLE New England's 20th Annual Hospital & Health Law Conference 2019
Conflict of Interest and Research Compliance
Ten Winter Place, Boston
Employee Benefits & Healthcare Congress
Employer Healthcare & Benefits Congress (EHBC)
Orange County Convention Center, 9800 International Drive, Orlando, FL
8 Weeks Until the HIPAA Omnibus Rule Compliance Date - How to Make the Most of Your Time
Mintz Levin Health Beat Webinar Series
Webinar
Recognition & Awards
Chambers USA: Massachusetts – Healthcare (2015-2017; 2021-2024)
BTI Consulting Group Client Service All-Star (2022)
Featured in Best Lawyers in America: Health Care Law (2020-2025)
Involvement
- Regular guest lecturer, Cybersecurity Policy & Governance Program, Boston College Woods College of Advancing Studies