Sharon S. Kamowitz, J.D., CIPP/US

Sharon Kamowitz is an accomplished attorney, Certified Information Privacy Professional, (CIPP/US) with a broad background in corporate, private practice, and government settings, including over two decades of experience developing, implementing, and managing privacy and compliance programs, and advising on related issues. 

As the founder of Sharon Kamowitz Privacy & Compliance Consulting, she helps healthcare providers, digital healthcare companies, and other businesses navigate complex privacy, compliance, and related legal issues.

Before beginning her consulting practice, Sharon worked in healthcare and insurance, both in-house and as a regulator.  Most recently, she was Assistant Privacy Officer at Fresenius Medical Care North America and before that, Director and Associate General Counsel at Coverys, a provider of medical professional liability insurance.  In these roles she developed comprehensive compliance and privacy programs addressing international, federal and state regulatory requirements, gained expertise in HIPAA from both covered entity and business associate perspectives, and advised on contractual and other related matters. 

Sharon is also a Principal Privacy Consultant for American Cyber Security Management, and was previously a Senior Privacy Consultant for TrustArc, a privacy management software company.  For many years, she has also served as In-House Counsel for Impact Events Group, Inc. a leading producer of antiquarian/rare book, ephemera and antique fairs and other consumer events, and innovative developer of a licensed online platform.

Her earlier experience includes the roles of Hearing Officer at the Massachusetts Division of Insurance and General Counsel and Senior Hearing Examiner for the Brookline Rent Control Board. She began her career in private practice advising on and litigating employment and business matters.

Sharon is consistently recognized for technical expertise, thorough preparation, and the ability to explain legal concepts in the context of broader business implications. Over the years, she has conducted numerous risk assessments and developed a variety of easy-to-understand policies, procedures, and awareness materials.

In nice weather, you can often find Sharon on her bike, training for the Pan Mass Challenge which supports cutting edge research at the Dana Farber Cancer Institute. 

And at any time of the year, she is happy to show off photos of her grandchildren, but she is careful to not post any online without proper consent.

Education, Certifications, Bar Admissions

Sharon earned her B.A. in history (cum laude) from the University of Rochester. Because Rochester was not cold enough, she headed to Madison, Wisconsin for her J.D. (cum laude) from the University of Wisconsin Law School.

She is admitted to the bar in Massachusetts, Virginia, and Wisconsin, and is an International Association of Privacy Professionals (IAPP) Certified Information Privacy Professional, (CIPP/US).

Professional Memberships

Sharon is a Board Member and Chair of the Practice & Career Management Committee of the Northeast Chapter of the Association of Corporate Counsel (ACC). She is also Steering Committee Member of the Business Lawyers Network (BLN), and an active member of the New England Corporate Counsel Association (NECCA), the International Association of Privacy Professionals (IAPP), and the Association of Independent General Counsel (AIGC).

Selected Accomplishments

Comprehensively revised and streamlined the Health Insurance Portability and Accountability (HIPAA) privacy program of an integrated healthcare company for use in thousands of clinical practices, independent medical offices, urgent care facilities, pharmaceutical and equipment distribution, and medical practice management technology.

Established the privacy, security, and information governance program of a national insurance company encompassing the Gramm Leach Bliley Act (GLB) and National Association of Insurance Commissioners (NAIC) Privacy of Consumer Financial and Health Information Model Regulation: HIPAA Privacy, Security and Breach Rules; and state law requirements including the Massachusetts Data Protection Act and related regulations.

Conducted HIPAA gap assessments and recommended remediations for growing organizations in the digital healthcare and cannabis industries.  Developed comprehensive policies and procedures to meet HIPAA and other legal requirements.

Developed website privacy notices for a variety of U.S. and international organizations and software applications.

Developed and implemented a multi-faceted compliance program that included a code of conduct, compliance plan, and policies addressing confidentiality, social media, conflicts of interest, fraud, non-discrimination, non-harassment, non-retaliation, and compliance with the CAN-SPAM Act, OFAC Sanctions Program, and industry-specific requirements.

Developed and presented over 100 privacy and compliance training sessions for diverse audiences including Boards of Directors, executives, managers, contractors, and employees of different levels of experience.

Managed and investigated over 400 potential security incidents/potential breaches affecting up to tens of thousands of individuals per incident. 

Oversaw EU-US Privacy Shield recertification for national healthcare and medical technology companies to comply with GDPR when transferring personal data (HR and non-HR) from the EU to the U.S. 

Regularly passes other cyclists of both genders and all ages, politely, of course.