Use of cookies by
Norton Rose Fulbright
We use cookies to deliver our online services. Details and instructions on how to disable those cookies are set out at nortonrosefulbright.com/cookies-policy. By continuing to use this website you agree to our use of our cookies unless you have disabled them.

Kim Gold

Senior Associate

Kim Gold

New York

T:+1 212 318 3103

Kim Gold is a Senior Associate in Norton Rose Fulbright's New York Office.  Her practice focuses on healthcare transactions, regulatory compliance, and privacy and security matters.

Kim has extensive experience in the areas of privacy, information security, cybersecurity and information management. She regularly advises clients on matters involving privacy and security of patient information under HIPAA and state laws. She also represents clients in the health information technology area and has counseled pharmaceutical companies and medical device manufacturers on privacy and FDA regulatory issues, including those particular to mobile medical apps and "The Internet of Things (IoT)." In addition, Kim advises clients on telemedicine, Internet-based health initiatives and electronic health records.

For more than a year, Kim worked on-site with the Global Privacy Office of a global pharmaceutical company on various legal matters, including negotiating vendor agreements, providing advice on marketing and clinical trial initiatives, and developing privacy notices, consent documents, and internal policies.

Kim's transactional experience includes mergers and acquisitions, joint ventures, and affiliations of hospitals, group practices and other provider entities. She also represents not-for-profit and tax-exempt organizations on a broad range of matters, and regularly advises clients on issues relating to accreditation by the Accreditation Council for Graduate Medical Education (ACGME) and the Liaison Committee on Medical Education (LCME).

Kim is a frequent writer and speaker on privacy and health care issues. She has appeared before the American Bar Association, American Health Lawyers Association and New York State Bar Association, speaking on topics such as health information technology, HIPAA compliance, and data breaches. Kim also has written articles about breach notification requirements and state privacy laws for national publications, including the American Journal of Health-System Pharmacy and HCCA Compliance Today.

Kim is a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP).

[+Open all]
  • Education

    2008 - JD, Fordham University
    2004 - BA, Communications, University of Delaware Honors Program

    While in law school, Kimberly interned for the Honorable Phyllis Gangel-Jacob of the New York State Supreme Court Appellate Term. Additionally, she was the associate editor of the Fordham Intellectual Property, Media and Entertainment Law Journal and a member of Phi Alpha Delta.

  • Representative experience

    Healthcare Transactions

    • Represented New York State Catholic Health Plan, Inc., d/b/a Fidelis Care New York in the US$3.75 billion acquisition of its entire health insurance business by Centene Corporation.
    • Counseled a global pharmaceutical company in its acquisition of a generic drug manufacturer.
    • Negotiated clinical trial agreements on behalf of pharmaceutical manufacturers.
    • Advised a not-for-profit mobile medical app manufacturer in a joint venture transaction with a not-for-profit foundation.
    • Negotiated agreements with SaaS and other vendors on behalf of a global pharmaceutical company.
    • Represented an operator of long term care and independent living facilities on a member substitution transaction.
    • Counseled on transactional matters between pharmaceutical manufacturers and group purchasing organizations.
    • Advised a health system in a joint venture with a national dialysis company.
    • Counseled a national operator of home health agencies in a corporate reorganization.
    • Represented hospitals and health systems in sales of assets.
    • Represented a provider of correctional health services on Corporate Practice of Medicine issues, including corporate organizational structure and management arrangements.
    • Advised a physician practice in its proposed sale to another practice.
    • Advised on graduate medical education (GME) implications of transactions involving teaching hospitals.

    Healthcare Regulatory

    • Advised an international pharmaceutical company on regulatory requirements regarding the use of healthcare apps and wearable devices.
    • Advised a medical device manufacturer and a global pharmaceutical company on the development and implementation of patient testimonial programs.
    • Counseled a hospital system in responding to ACGME citations and achieving full accreditation for its GME programs.
    • Represented a health system in medical staff hearings and appeals.
    • Counseled healthcare clients on alleged violations of the federal Stark and Anti-Kickback laws.
    • Counseled clients on HIPAA and FTC privacy regulations applicable to pharmaceutical and device manufacturers, internet-based platforms and mobile medical apps.
    • Represented and advised labs, hospitals and health systems in responding to government investigations.
    • Developed compliance policies and training for a global pharmaceutical company.
    • Advised a life sciences company on CDC requirements in connection with importing and testing infectious blood samples.  
    • Advised a managed care plan on executive compensation matters, including compliance with the IRS Intermediate Sanctions Regulations.
    • Advised a health system in responding to OIG allegations of Stark Law violations.
    • Advised a pharmaceutical manufacturer on clinical trial initiatives, including negotiating clinical trial agreements.
    • Counseled a pharmaceutical manufacturer on pharmacovigilance matters.

    Data Privacy

    • Represented and assisted various clients in response efforts to multi-state data security incidents involving multiple notification and regulatory response obligations.
    • Advised a medical provider industry association and health insurer in developing and revising mobile app and Facebook App privacy policies and terms of use.
    • Advised a global pharmaceutical manufacturer on consent and other privacy issues associated with email, postcard, and text message marketing initiatives for its products.
    • Advised an international pharmaceutical company on regulatory issues regarding the use of social media platforms and on the use of third party messenger services.
    • Counseled a German pharmaceutical company concerning the data security and privacy issues of a U.S.-based interactive web portal dedicated to marketing a specific drug and encouraging online interaction between providers and patients.
    • Assessed mobile app data collection practices and developing mobile privacy disclosures and opt-in and opt-out consent mechanisms, including double and single opt-in requirements.
    • Provided TCPA and Mobile Marketing Association (MMA) compliance advice (including advising on call-to-action language, enrollment, opt-out, mobile terms, and ongoing operation of text messaging programs) for a global pharmaceutical company.
    • Advised on FDA, FTC and OCR guidance on cybersecurity for medical devices.
    • Developed internal business guidelines for text messaging and email marketing campaigns, addressing call-to-action language, opt-in/opt-out requirements, mobile terms of services, anti-spam requirements, and ongoing operation of mobile marketing programs under relevant legal and self-regulatory requirements and best practices, including "Privacy by Design" principles.
    • Advised a medical device company concerning security and privacy compliance and "Privacy by Design" issues associated with Internet of Things strategy for medical devices connected wirelessly to the Internet.
    • Advised an international medical devices company on privacy and cross border data flow issues relevant to the launch of a medical device that transmits patient data for diagnostic purposes.
    • Counseled a prosthetics company on privacy and cybersecurity issues, including an Internet of Things implementation related to wireless sensors installed on its prosthetic devices.
    • Advised and assisted a hospital in its response to an incident involving unauthorized access to patient records, including its individual and regulatory notifications.
    • Assisted a health system in its response to an inadvertent disclosure of health information, including HIPAA and state law reporting requirements.
    • Assisted a global pharmaceutical manufacturer in the development of its data incident response plan. 
  • Admissions
    • New York State Bar License
  • Rankings and recognitions
    • New York Metro Rising Star, Healthcare, Thomson Reuters, 2016, 2017
    • Pro Bono Service Award, NYC Family Court Volunteer Attorney Program, 2010 - 2016
    • Certificate of Recognition, New York State Courts Access to Justice Program, 2012, 2016
  • Publications
  • Speaking engagements
    • "HIPAA Update," American Health Lawyers Association teleconference, August 3, 2017
    • "Healthcare M&A Hot Topics," Presentation to D&B Bank, June 14, 2017
    • "Efforts to Provide Early Access to Medicines in Europe and US," Norton Rose Fulbright Webinar, May 23, 2017
    • "Medical Device Quality Improvement: Implementing Postmarket Cybersecurity Programs Aligned with New FDA Guidelines," Webinar, February 22, 2017
    • "Representation of Research Universities and Hospitals in Various Areas of the Law," "WiN"ning Business Panel, New York, NY, February 2, 2017 
    • "Anatomy of a Business Associate Agreement," The American Bar Association Health Law Section Webinar, January 19, 2017
    • "Privacy and Data Security: Concerns for Life Sciences and Healthcare Companies," Norton Rose Fulbright Webinar, November 9, 2016
    • "HIPAA, Privacy and Security Fundamentals,"  The American Bar Association Health Law Section Webinar, June 16, 2016
    • "Anatomy of a HIPAA Breach (Master Track)," The American Bar Association Health Law Section Webinar, March 1, 2016 
    • "From Cloud 9 to Dark Clouds: Managing Big Data and Cloud Security Issues," Norton Rose Fulbright Annual Health Law Symposium, Austin, TX, January 28, 2016 
    • "Hot Topics in Medical Staff Credentialing," Physicians' Reciprocal Insurers (PRI) Webinar, January 14, 2016
    • "Understanding the Regulatory Landscape," Global Legal ConfEx, New York, NY, October 27, 2015
    • "Health Information Privacy and Security," Norton Rose Fulbright Webinar, October 6, 2015
    • "What's up eDoc?:  A Privacy Primer for Health IT at MaRS," MaRS Discovery District, Toronto, ON, September 30, 2015
    • "The Intersection of Education and Healthcare – Accreditation, GME and Research," Duke University Office of Counsel, September 25, 2015
    • "Demystifying the HIPAA Security Risk Analysis (SRA) Requirement," Norton Rose Fulbright Annual Corporate Compliance Roundtable, St. Louis, MO, May 14, 2015
    • "Top Issues in Healthcare Transactions," NYU Langone Medical Center, May 8, 2015
    • "The mHealth Revolution: A Clash of Innovation and the Law, Current HIT Challenges: mHeatlh, Big Data, and HIPAA Compliance," American Health Lawyers Association, Baltimore, MD, March 28, 2014
    • "The Fundamentals of a Healthcare Transaction: An Interactive Look at the Anatomy of a Deal," The American Bar Association Health Law Section Webinar, November 11, 2013
    • "Health Data Breaches: Complying with New HIPAA Notification Rule and Mitigating Damages," Strafford Publications Webinar, September 25, 2013
    • "The HIPAA Omnibus Rule: Best Practices for Compliance," New York State Bar Association, New York, NY, June 5, 2013
    • "Anti-Kickback Law Basics," The American Bar Association Health Law Section Webinar, April 18, 2013
    • "Tips for Surviving a Health Law Practice - Top 10 Issues, Fundamentals of Health Law," AHLA Chicago, IL, October 29, 2012
  • Memberships and activities
    • American Bar Association (ABA)
      • Health Law Section
        • eHealth, Privacy & Security Interest Group Liaison for Communication & Marketing (2016-present)
        • Distance Learning Committee, vice chair (2012 - 2017) 
        • HITECH Task Force
        • Young Lawyers Division Health Law Committee
      • Science and Technology Section
    • American Health Lawyers Association (AHLA)
      • Health Information Technology Practice Group: Emerging Uses Affinity Group, chair (2012 - 2015)
    • Food and Drug Law Institute (FDLI)
      • Journal Editorial Advisory Board (2014 - present)
    • International Association of Privacy Professionals (IAPP)
    • American Telemedicine Association
    • New York State Bar Association (NYSBA)
      • Young Lawyers Section