Jennifer L. Romig
Partner
Jennifer has significant experience in advising clients on a variety of complex transactional, enforcement and regulatory matters within the health care and digital health industries. Jennifer advises health care industry clients, private equity firms and other investors on structuring and negotiating mergers and acquisitions, joint ventures, affiliations and a variety of contractual arrangements and general business transactions.
Jennifer has particular experience counseling clients on an array of data privacy, security and cybersecurity matters under HIPAA as well as state privacy and security laws. Jennifer regularly represents clients involved in security incidents and breaches involving protected health and other sensitive personal information, including in matters involving the United States Department of Health and Human Services, Office for Civil Rights and state authorities. Jennifer has also provided guidance to clients with respect to negotiation, implementation and adherence to Corporate Integrity Agreements.
Jennifer previously worked onsite in the legal department of a multinational medical device company. Prior to joining Ropes & Gray, Jennifer worked as a Public Interest Fellow in the Low Income Taxpayer Clinic at Southeast Louisiana Legal Services.
Experience
- Blackstone – Jennifer acted as regulatory counsel in negotiating a joint venture arrangement between Change Healthcare Holdings, a portfolio company of Blackstone, and McKesson’s technology services business.
- New Mountain Capital – Jennifer advised on regulatory matters related to New Mountain Capital’s majority investment in a combination of IMA Consulting and Revint Solutions, creating a leading platform offering a full suite of technology-enabled revenue integrity and recovery solutions as well as complex revenue cycle management consulting and interim management services for health care providers.
- CIOX Health – Jennifer acted as regulatory counsel in advising CIOX Health, a health services company that facilitates and manages the movement of health information, in its acquisition of ArroHealth, a leading provider of chart retrieval and risk adjustment services for health plans and provider groups.
- HIPAA Investigations – Jennifer has represented managed care plans, practice management companies, and a provider organization network in connection with HIPAA breach investigations by the United States Department of Health and Human Services, Office for Civil Rights.
- State Attorney General Investigations – Jennifer has represented electronic medical record companies, practice management companies and providers in connection with state attorney general investigations into security incidents involving sensitive personal information.
Publications
- Co-author, “Top 5 Privacy and Security Challenges for Adopters of Blockchain Technology in Health Care,” Bloomberg Law’s Health Law & Business (July 17, 2018)
- Quoted, “HIPAA Restricts Some Photography, But Not All,” Healthcare Risk Management (March 1, 2018)
- Co-author, “Compliance And The Transition To Value-Based Care,” Law360 (May 31, 2017)
- Co-author, “Inside the HHS Guidance on Ransomware,” Law360 (July 29, 2016)
- Co-author, “Key Data Privacy and Security Concerns for Investment Firms,” Law360 (May 20, 2016)
- Co-author, “Examining the Final Rule Modifying HIPAA,” Inside Counsel (August 21, 2013)
- Co-author, “Practical Steps for Business Associate Compliance With the HIPAA Final Rule,” Bloomberg BNA’s Health Care Policy Report (August 12, 2013)
- Co-author, “Takeaways From HHS Corporate Integrity Agreement Reports,” Law360 (November 19, 2012)
Presentations
- Speaker, “Due Diligence for Digital Health Transactions” at the American Conference Institute’s Summit on Digital Health Law (July 20, 2018)
- Speaker, “Networked Medical Devices and Current Security Risks” (July 16, 2018)
- Presenter, “The Ever-Changing Privacy and Cybersecurity Landscape and its Impact on Health Care Companies” (July 20, 2017)
- Presenter, “The Transition to Value-Based Health Care: Recommendations for Medical Device Manufacturers” (April 27, 2017)
- Presenter, “Be Vigilant! The Current State of Health Care Data Privacy Enforcement and What You Can Do to Prepare,” Association of Corporate Counsel, Chicago Chapter (February 24, 2016)
- Presenter, “HIPAA/HITECH Act in 2014: What You Need to Know,” The Knowledge Conference (May 16, 2014)
Education
- JD, The University of Chicago Law School, 2009
- BA (Asian and Middle Eastern Studies, Government), cum laude, Dartmouth College, 2006