Skip to main content

Dianne J. Bourque

Member

DBourque@mintz.com

+1.617.348.1614

Follow:
Share:

Dianne advises a variety of health care clients on a broad range of issues, including licensure, regulatory, contractual, and risk management matters, and patient care. As former in-house counsel to an academic medical center, a large part of her practice involves counseling researchers and research sponsors in matters related to FDA and OHRP regulated clinical research, including patient consent, access to and use of tissue and associated patient information, and the Institutional Review Board process. 

She also counsels health care clients and other business entities on a broad range of privacy and data security issues, including the HIPAA Privacy Rule and Security Standards, including requirements under HITECH and the HIPAA Omnibus Rule, 42 CFR Part 2, and state-imposed medical privacy laws. She regularly assists clients with data breach response and mitigation, the implementation of HIPAA-mandated policies and procedures, privacy audits, third-party requests for information, and review of HIPAA-related contracts and forms. She has successfully defended clients in both civil and criminal HIPAA enforcement actions and regularly assists clients with the management of data breaches and other losses of protected health information.

Before joining Mintz, Dianne was an associate staff attorney at the Lahey Clinic, where she provided general counsel services to medical, professional, and administrative staff. She also served as counsel to the Institutional Review Board, the Ethics Committee, the Intellectual Property and Technology Transfer Committee, and the Genetics Advisory Board. Before joining the Lahey Clinic’s legal staff, she worked in the research administration department. Her responsibilities included drafting a regulatory compliance manual detailing laws of concern in basic, clinical, and animal research, continually reviewing relevant regulations to ensure compliance for institutional programs, and researching and advising clients on a broad range of regulatory matters.

Dianne was the first Suffolk University law student to graduate with a concentration in Health Care and Biomedical Law. She formerly served as an adjunct professor at Stonehill College, teaching an undergraduate Health Care Law course.

Dianne is a contributor to the Mintz Health Law & Policy Matters blog as well as the Privacy & Security Matters blog.

Education

  • Suffolk University Law School (JD)
  • Suffolk University (MPA)
  • Boston College (BA)

Experience

  • Provided strategic counsel to a start-up medical application company that has devised a method to detect mild cognitive impairment as a precursor to more significant cognitive diseases.
  • Counseled a publically traded medical device company on risk management advice and helped them manage multiple significant adverse events following suspension of trial by the FDA.
  • Assisted our client, a manufacturer of smart, wireless prescription bottles, with structuring their patient interface to be consistent with privacy and data security laws and other regulatory issues.

Recognition & Awards

  • Chambers USA: Massachusetts – Healthcare (2015 – 2017)
  • Best Lawyers in America: Health Care Law (2020-2021)

Involvement

  • Regular guest lecturer, Cybersecurity Policy & Governance Program, Boston College Woods College of Advancing Studies

Recent Insights

News & Press

Events

Viewpoints

Health Care Viewpoints Thumbnail

US Health System Warned of Coordinated Ransomware Attacks

October 30, 2020 | Blog | By Dianne Bourque

US hospitals and healthcare facilities struggling to maintain normal operations during the COVID-19 emergency, were warned this week by the federal Cybersecurity and Infrastructure Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) of a “targeted and imminent cybercrime threat.” Specifically, CISA, FBI and HHS have credible information that malicious cyber actors are targeting hospitals and other health care providers with Trickbot malware, leading to ransomware attacks, data theft and significantly, the disruption of healthcare services during the pandemic.
Read more
Health Care Viewpoints Thumbnail
The U.S. Department of Health and Human Services (HHS) recently released a final rule further amending 42 CFR Part 2 regulations (Part 2) to allow greater sharing of patient records related to substance use disorder (SUD) treatment. For the past few years, we have seen a push to better align the incredibly strict requirements of Part 2 with HIPAA in order to increase care coordination and promote patient outcomes, particularly in light of the opioid epidemic, which has unfortunately escalated during the COVID-19 pandemic.   HHS has been inching toward the harmonization of Part 2 with HIPAA and has now adopted a final rule to address some of the confusion caused by differences between the two regulatory schemes. In conjunction with the release of the final rule, HHS also issued a helpful fact sheet explaining the major changes.
Read more
Health Care Viewpoints Thumbnail
Late last week, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued guidance aimed at “making sure misconceptions about HIPAA do not get in the way of a promising COVID-19 response,” according to OCR Director Roger Severino. That “promising response” relates to emerging evidence that plasma from recovered patients (often referred to as “convalescent plasma”) may contain antibodies to SARS-CoV-2, the virus that causes COVID-19. Those antibodies could be useful in treating individuals who are sick with COVID-19. The OCR’s guidance addresses how health care providers may contact, in a HIPAA-compliant manner, recovered COVID-19 patients to provide them with information about donating blood and plasma to potentially help other COVID-19 patients.
Read more
Health Care Viewpoints Thumbnail

FDA Issues Guidance Addressing COVID-19 Interference with Clinical Trials

March 21, 2020 | Blog | By Dianne Bourque, Benjamin Zegarelli

In recognition of the widespread disruptions the COVID-19 crisis is posing to planned and ongoing clinical trials at sites throughout the United States (and global clinical sites), the Food and Drug Administration (FDA) issued on Wednesday, March 18 a guidance describing potential considerations for adjusting trial processes and, potentially, protocols and statistical analysis plans to mitigate any difficulties meeting trial objectives due to interference from the virus and related social and governmental restrictions. The document, titled FDA Guidance on Conduct of Clinical Trials of Medical Products during COVID-19 Pandemic, describes various potential complications, such as subjects being unable to travel to the trial site, loss of access to investigational product, or the need to screen subjects for COVID-19, as well as general recommendations for addressing them.
Read more
Health Care Viewpoints Thumbnail
Amidst the novel coronavirus (COVID-19) outbreak, the Secretary of the U.S. Department of Health and Human Services (HHS), Alex M. Azar, took steps on March 15, 2020, to waive sanctions and penalties related to certain provisions of the HIPAA Privacy Rule (the “Waiver”). However, the HIPAA Privacy Rule is not suspended, and the Waiver only applies: (1) in the emergency area identified in the public health emergency declaration; (2) to hospitals that have instituted a disaster protocol; and (3) for up to 72 hours from the time the hospital implements its disaster protocol. To demonstrate how the Privacy Rule and Waiver provisions work in real life, let’s look at an example: A patient at a hospital reports contact with a confirmed COVID-19 diagnosis. How can this information be shared?
Read more
Practice Hero Artificial-Intelligence Mintz

Artificial Intelligence in Health Care

February 5, 2020 | Blog | By Rachel Irving Pitts

Artificial Intelligence is a growing part of our day-to-day life. And AI promises to improve our health care system. ML Strategies Vice President Christian Tomatsu Fjeld recently sat down with other experts for a panel discussion hosted by the San Francisco Business Times to discuss AI and some business and policy considerations across multiple industries. This viewpoint considers some of the impacts on health care specifically, and links out to the panel's discussion.
Read more
Health Care Viewpoints Thumbnail

A New Decade of HIPAA: What Can We Expect?

December 23, 2019 | Blog | By Sarah Beth Kuyers, Dianne Bourque, Ellen Janos

As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old.  It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the first breach notification rule – the one based on the harm standard.   And the Omnibus Rule’s “low probability of compromise” standard is almost seven years old!   Regulators and regulated entities are heading into the new year and decade with a lot of momentum on some important issues.  As we prepare to welcome 2020, we’d like to indulge in a bit of hindsight – as well as speculation – about what the new decade might hold for HIPAA-regulated entities. 
Read more
Doctor Using Calculator

HHS Proposes Sweeping Changes to AKS and Stark Law, Part 2: Cybersecurity Technology and Electronic Health Records

October 21, 2019 | Blog | By Karen Lovitch, Dianne Bourque, Theresa Carnegie, Rachel Yount

On October 17, 2019, the Department of Health & Human Services published two proposed rules that, if finalized, would implement significant changes to the Anti-Kickback Statute (AKS) and the Physician Self-Referral Law (commonly known as the Stark Law). This post is the latest installment in our blog series covering these proposed rules.
Read more
Health Care Viewpoints Thumbnail
On August 22, the Substance Abuse and Mental Health Services Administration (“SAMHSA”) announced a new proposed rule (the “Proposed Rule”) amending 42 CFR part 2 (“Part 2”), which is aimed at protecting patient records created by federally funded programs for the treatment of substance use disorder (“SUD”). The Proposed Rule is aimed at alleviating these concerns within the constraints of the underlying statute, while also addressing the increasingly urgent need to streamline SUD services in light of the opioid epidemic. Here we’ll discuss some of the major changes under the Proposed Rule while highlighting the challenges that remain.
Read more
Health Care Viewpoints Thumbnail

Another Chance for HIPAA and Part 2 Harmony?

July 22, 2019 | Blog | By Dianne Bourque

There are reports that HHS plans to issue a proposed rule next month, which would again amend 42 CFR Part 2 (“Part 2”) and modify how the medical records of patients with substance abuse disorders are currently shared between providers. Part 2 amendments, especially amendments to align Part 2 with the Health Insurance Portability and Accountability Act (“HIPAA”), would be welcome news to the many stakeholders in the industry who have repeatedly voiced their concerns regarding the regulatory hurdles that surround the disclosure of drug and alcohol treatment records.
Read more

News & Press

News Thumbnail
In Bloomberg Law, Mintz Member Dianne Bourque commented on some of the state and federal privacy laws protecting patient data that Amazon will have to navigate with the launch of its new online pharmacy business.
News Thumbnail
In Bloomberg Law, Mintz Member Dianne Bourque shared cybersecurity best practices for health care providers, particularly in light of recent ransomware attacks targeting hospitals across the country.
News Thumbnail
Mintz Member Dianne Bourque was quoted in an article published by Bloomberg Law on privacy concerns with mobile fertility apps as they are not covered by the Health Insurance Portability and Accountability Act.
News Thumbnail
Mintz Member Dianne Bourque was quoted in an article published by Bloomberg Law on privacy protections and related concerns as the federal government is working with states and private companies to allow immunization databases to share data as part of a COVID-19 vaccine distribution plan.
Press Release Thumbnail
Firm provides pro bono legal counsel to global health nonprofit on groundbreaking initiative to slow the spread of COVID-19 in the Commonwealth of Massachusetts.
News Thumbnail
Mintz Member Dianne Bourque was quoted in an article published by the Washington Post on New York’s efforts to distribute tens of thousands of doses of anti-malarial drugs as an experimental, unproven treatment for seriously ill coronavirus patients.
News Thumbnail
Mintz Member Dianne J. Bourque was quoted extensively in an article published by MedCity News on privacy considerations for individuals that opt to share their data with mobile health apps.
News Thumbnail
Mintz Member Dianne Bourque appeared on Bloomberg Television’s “Bloomberg Technology” news program to discuss Google’s partnership with Ascension, the nation’s second-largest health system, which includes sharing the personal health data of tens of millions of patients. Ms. Bourque addressed the legality of the arrangement under the Health Insurance Portability and Accountability Act (HIPAA), compliance under the federal privacy law, and legal limitations for using the health data.

The full show is available here, and the segment featuring Ms. Bourque runs from 29:47 - 35:15.
News Thumbnail
An article published by Wired detailed Google’s partnership with Ascension, the nation’s second-largest health system, which includes sharing the personal health data of tens of millions of patients. In the article, Mintz Member Dianne Bourque was quoted on the legality of the arrangement under the Health Insurance Portability and Accountability Act (HIPAA) and legal limitations for using the health data.
Mintz health care lawyer Dianne Bourque is quoted in this article, which addresses a host of state legislatures—often via consumer protection laws—are redefining what is considered a breach and how providers will need to handle reporting.
This feature article discuses key takeaways following Anthem’s $115 million settlement – one of the largest following a consumer data breach. Mintz Member Dianne Bourque is among the sources discussing what the health care industry can learn.
This article takes a closer look at a hack of Obamacare enrollment records. The piece notes that the breach could lead to an in-depth investigation of the government agency responsible for the federal health-care exchange. It is further noted that this hack could serve as a wake-up call for the government. Member Dianne Bourque is among the industry sources quoted.
Mintz Member Dianne Bourque was quoted in a Bloomberg Law article regarding the possible exposure of patients’ personal data due to cyberattacks on computer chips. Health care organizations are urged to install the most current security patches for their computer networks.
Dianne Bourque, a Member in the firm’s Health Law Practice, was among the group of experts quoted in a Law360 article regarding how a Blue Cross Executive’s divulging of private information about a patient likely triggered an alert with HIPAA's privacy protections. 
Press Release Thumbnail
Mintz Members will be participating in multiple panel discussions at the 2017 Boston Conference on Cyber Security hosted by Boston College and the FBI. The event presents an opportunity for leading minds to come together and fashion a more secure cyberspace.
Attorneys from Mintz represented Myriad Genetics, Inc. in its acquisition of Assurex Health, an informatics-based precision medicine company providing treatment decision support to health care providers for mental health patients.
Dianne Bourque, a Member in the firm’s Health Law Practice, is quoted in this Law360 article on a Chicago nurse’s tweets of pictures of a shooting victim’s hospital room. The tweet brought about allegations of privacy violations and a lawsuit against the hospital claiming as much.
Firm’s National Healthcare Practice, NY Corporate/M&A and Litigation: General Commercial Among Newest Rankings
Dianne Bourque, a Member in the firm’s Health Law Practice, is quoted in this Part B News article discussing the new HIPAA federal privacy rule for gun control.
The 2015 Chambers USA: America's Leading Lawyers for Business guide names 52 Mintz, Cohn, Ferris, Glovsky and Popeo, P.C.  attorneys as “Leaders in Their Fields.”

Events

Sep
30
2020

Clinical Trial Risk Management during COVID-19

Advanced Medical Technology Association's Virtual MedTech Conference

Online Event

Webinar Reference Image
Apr
21
2020

Clinical Trials in the Time of COVID-19

View the Webinar Recording

Webinar Reference Image
Speaker
Mar
2
2020

Healthcare Law & Compliance Institute: Taming Technology

How to Maximize Innovation While Minimizing Risk

Amelia Island, Florida

Speaker
Nov
14
2019

Health and Hospital Law: MCLE BasicsPlus

MCLE Conference Center, 10 Winter Place, via Winter Street

Panelist
Jun
19
2019

Health Care & Cybersecurity: A Powerful Combination

ML Strategies, 701 Pennsylvania Ave, NW, Suite 900, Washington, DC 20004

Speaker
May
23
2019

MCLE New England's 20th Annual Hospital & Health Law Conference 2019

Conflict of Interest and Research Compliance

Ten Winter Place, Boston

Panelist
Mar
8
2017
Panelist
May
2
2016

New England Healthcare Executive Network Meeting

NE Healthcare Executive Network

Boston, MA

Faculty
Mar
1
2016

Anatomy of a HIPAA Breach Master Track

American Bar Association

Webinar

Panelist
Sep
27
2015

Employee Benefits & Healthcare Congress

Employer Healthcare & Benefits Congress (EHBC)

Orange County Convention Center, 9800 International Drive, Orlando, FL

Co-chair
Apr
29
2015
Speaker
Jul
23
2013