Nick Weil
Senior Director

Data Privacy; Health Care Regulation; Information Compliance

Nick Weil is a Senior Director based out of Chicago, living in Omaha. Focusing on information compliance and health regulatory risk, Nick is a seasoned advisor, both as an external consultant and an in-house professional, with previous experience as chief compliance officer, data privacy officer, and corporate counsel. A licensed attorney with nearly a decade in the regulatory compliance and legal industries, Nick’s work spans multiple sectors, including medicine, health sciences and information technology.

  • Experience

    At Ankura, Nick supports a wide range of clients: from academic medical centers to metropolitan health systems, biopharmaceutical manufacturers and clinical researchers, international corporations to innovative start-ups. Nick has led large-scale regulatory investigations and data breach incidents, provided hands-on interim staffing, and conducted privacy and regulatory assessments and inventories. He specializes in information compliance issues and analysis, including data privacy law, cyber security regulations, information blocking rules, and interoperability requirements for organizations processing health information and other sensitive data.

    Before Ankura, Nick was the chief compliance officer and legal counsel for a large physician practice and ambulatory care center. There he developed and led the compliance, privacy, and data security program for a primary care physician group, pharmacy, urgent care clinic, and numerous specialist providers and services, while reporting and providing governance advice to the practice’s board and investor, a state-wide healthcare insurance company. Prior to that, Nick was a compliance and privacy officer for a large metropolitan health system. He began his career as a health care and medical malpractice defense attorney.

    Nick’s professional experience includes:

    • Data Privacy Assessments: Reviewed the HIPAA privacy, breach, and security program, policies, and procedures of a large multi-disciplinary hospital system, ambulatory care provider, and related physician groups system; Led a privacy program assessment of biopharmaceutical manufacturer and researcher, resolving and advising within a complex regulatory framework, at the intersections of HIPAA, GDPR, CCPA, and the Common Rule; Provided HIPAA privacy expertise during NIST privacy and security assessment for Medical Device Manufacturer and Supplier; Provided HIPAA privacy assessment and program development support for investor-backed behavioral health and clinician group, including policy templates and information security recommendations.
    • Information Blocking Review: Conducted readiness assessment against the ONC information blocking rule for large health care system, health information exchange, and clinically integrated network. Provided information blocking policy and procedure support and advice to large health systems and complex provider, health IT developer, and health information network entities.
    • HIPAA Privacy Officer Staffing: Served as interim privacy officer for academic medical center, leading existing privacy department, advising on diverse privacy issues and incidents, including COVID-exposure monitoring, clinical research consenting, and data contract negotiating; Directed year-long engagement as the interim chief privacy officer for a large health care hospital, physician group, and ambulatory system, developing privacy program, managing large-scale breaches and data security incidents, and advising internal compliance and legal departments on information compliance issues; Functioned as privacy manager and director for pharmaceutical and clinical research group by developing privacy program and advising on various data privacy risks. Stood up CCPA and HIPAA compliance frameworks for client.
    • Interoperability Advisory: Advised on and drafted expert opinion report regarding the CMS and ONC interoperability and information blocking rule for a national health plan.
    • HIPAA Applicability and Coverage Guidance: Reviewed the processes and policies of a COVID testing and treatment support organization and employee health benefit provider for HIPAA applicability and alignment to HIPAA privacy and security standards.
    • Health Information Security Reviews: Conducted assessment and analysis of cybersecurity program for genetic testing and data analytics provider for CCPA and HIPAA compliance, in partnership with outside legal counsel; Functioned as Information Security Officer for a large ambulatory clinic, physician group, and ACO, conducted OCR security risk analysis, managed cyber and breach incidents and advised on data governance contracting, infrastructure, and CMS data sharing and contracting.
    • Privacy Program Development and Support: Developed business associate agreement review process and support for medical device manufacturer, training privacy staff on contract management and risk identification; Reviewed, drafted, and deployed HIPAA policies and procedures for a large range of entities: from start-ups to large systems, from business associates to HIPAA covered entities.
    • Data Inventory and Mapping: Provided data mapping support, training, policy support, and advising to international manufacturing corporation in furtherance of GDPR compliance; Led data inventory for biopharmaceutical organization, providing results, mapping product, and recommendations to internal compliance and legal leadership; Customized and provided data interview, inventory, and mapping services to genetic testing and data analytics provider at direction of outside legal counsel.

  • Insights & innovation
    • HIPAA at Home: Remote Workers and the Security Rule, Compliance Today Magazine, November 2020
    • Health Information Compliance: 7 Element Compliance for the 21st Century Cures Act, Compliance Today Magazine, February 2021
    • “Clinical Research Privacy”, presentation at the Health Care Compliance Association Research Compliance Conference Association and record webinar, June 2021
    • Hosted series webinar on the new Information Blocking and Interoperability Rule from the ONC, 2020 – Ankura Consulting
    • Ankura Monthly Webinar on Health Privacy and Compliance: “Compliance Round Up” Regular contributor
    • Visiting Lecturer at Loyola University School of Law, on Regulatory Compliance topics to law students in the Center for Compliance Studies