Kristen N. Bertch

Kristen N. Bertch

T: 410.347.8745
F: 410.223.4176

Ms. Bertch counsels clients on a broad range of cybersecurity and data privacy matters, financial services, corporate governance and transactional matters, including initial public offerings and capital raising efforts. Additionally, she provides advice on topics such as blockchain technologies, opt-in and opt-out policies, data breach laws, GDPR, the CCPA and the laws as they apply to data privacy and data security practices. Ms. Bertch currently holds a Certified Information Privacy Professional ("CIPP") Certification from IAPP.
In addition to her law firm experience, Ms. Bertch has participated in internships with the FTC’s Division of Privacy and Identity Protection and the Future of Privacy Forum, a DC-based think tank dedicated to advancing principled data practices in support of emerging technologies.

She also advises clients regarding compliance and regulatory filing needs with the U.S. Securities and Exchange Commission regulations, and with federal securities law.
Speaker, NAPHSIS Systems & Interoperability Workshop, HIPAA & Vital Records, October 8, 2019 

Co-Author, Law Journal Newsletters: Cybersecurity Law & Strategy, Know Your Tech, March 19, 2019

Co-Author, Bloomberg Law, INSIGHT: Enforcing the Crypto Freeze, September 28, 2018

Credited, California Law Review Online: Vol. 7, Incomprehensible Discrimination, March 2017

Credited, Notre Dame Law Review: Vol. 92:2, The Privacy Policymaking of State Attorneys General, 2016

Credited, GWU Law School Public Law Research Paper No. 2017-2, Risk and Anxiety: A Theory of Data Breach Harms, December 14, 2016


Client Alert: OCR Issues Guidance About Sharing Patient Information and Telehealth Communications during Pandemic

The Office of Civil Rights (“OCR”) recently issued bulletins with important guidance for health care providers during the COVID-19 pandemic. 

The OCR has recognized that, during the COVID-19 national emergency, health care providers may seek to communicate with patients, and provide so-called “telehealth” services, through remote communications technologies.  Some of these technologies, and the manner in which they are used by HIPAA-covered healthcare providers, may not fully comply with the requirements of the HIPAA Rules.  However, in light of the national emergency, the OCR said that it will not impose penalties against covered health care providers for the lack of a HIPAA business associate agreement (“BAA”) with video communication vendors, or any other noncompliance with the HIPAA Rules that relates to the good faith provision of telehealth services during the COVID-19 nationwide public health crisis.

Client Alert: COVID-19 Cyber Scams: Protect Your Organization

With everyone’s attentions devoted to the COVID-19 crisis and the disruptions it has caused to the normal rhythms of business and personal affairs, it should come as no surprise that criminals and scammers are seeking to take advantage of the situation.