John Murphy, an associate attorney at Mullen Coughlin, focuses his practice on data privacy and security, breach investigation and response, risk management, and regulatory compliance. Mr. Murphy assists clients in performing thorough breach investigations, determining the nature and scope of breaches, identifying the affected individuals, types of information involved, and the applicable state, federal, and foreign laws, and preparing compliant notices to affected individuals and appropriate regulators, where required. Mr. Murphy also assists clients in identifying security risks, implementing appropriate risk management plans, and creating/modifying policies and procedures to encompass a client’s entire data system, to reduce the risk of data breaches.
Before joining the Mullen Coughlin, Mr. Murphy was an investigator with the U.S. Department of Health and Human Service (HHS), Office for Civil Rights (OCR). At HHS/OCR, Mr. Murphy investigated breaches of protected health information (PHI), evaluated the HIPAA compliance (Privacy Rule, Security Rule, and Breach Notification Rule) of the responsible covered entity or business associate, and determined the corrective action needed to resolve noncompliance. This role provided Mr. Murphy with knowledge of OCR’s investigatory procedures, the standards used to assess HIPAA compliance, and the best practices to bring an OCR case to closure.
Mr. Murphy has also represented clients in Workers’ Compensation proceedings, ERISA litigation, and Social Security Disability hearings.