Use of cookies by
Norton Rose Fulbright
We use cookies to deliver our online services. Details and instructions on how to disable those cookies are set out at By continuing to use this website you agree to our use of our cookies unless you have disabled them.

Kim Gold

Senior Counsel

Kim Gold

New York

T:+1 212 318 3103

Kim Gold is a healthcare and privacy lawyer focusing on transactional, regulatory, data privacy and cybersecurity matters, primarily for healthcare and life sciences companies. 

Kim has extensive experience in the areas of privacy, information security, cybersecurity and information management.  She provides privacy and security advice in connection with corporate/M&A and technology transactions, regulatory investigations, vendor management, and incident planning and response.  She is currently advising a number of multinational companies in various industries on compliance with the EU General Data Protection Regulation (GDPR). 

Kim regularly advises clients on matters involving privacy and security of patient information under HIPAA and state laws.  She also represents clients in the digital health area and has counseled healthcare providers, pharmaceutical companies, and medical device manufacturers on relevant data privacy and regulatory issues, including those particular to mobile medical apps, wearable devices, and telemedicine.

For more than a year, Kim worked on-site with the Global Privacy Office of a global pharmaceutical company on various legal matters, including negotiating vendor agreements, providing advice on marketing and clinical research initiatives, and developing privacy notices, consent documents, and internal policies.

Kim's transactional experience includes mergers and acquisitions, joint ventures, and affiliations of hospitals, group practices and other provider entities. She also represents not-for-profit and tax-exempt (501(c)(3)) organizations on a broad range of transactional and regulatory matters.  

Kim's practice also involves counseling healthcare and life sciences companies on regulatory and compliance matters, including developing and implementing compliance programs, defending clients in government investigations, and advising on regulatory and privacy considerations in connection with clinical research initiatives.  Kim also regularly advises clients on graduate medical education issues affecting academic medical centers and teaching hospitals, including ACGME accreditation and Medicare reimbursement issues.

Kim is a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP).

[+Open all]
  • Education

    JD, Fordham University, 2008
    BA, Communications, University of Delaware Honors Program, 2004

    While in law school, Kim interned for the Honorable Phyllis Gangel-Jacob of the New York State Supreme Court Appellate Term. Additionally, she was the associate editor of the Fordham Intellectual Property, Media and Entertainment Law Journal and a member of Phi Alpha Delta.

  • Representative experience

    Healthcare Transactions

    • Represented New York State Catholic Health Plan, Inc., d/b/a Fidelis Care New York in the US $3.75 billion acquisition of its entire health insurance business by Centene Corporation.
    • Counseled a global pharmaceutical company in its acquisition of a generic drug manufacturer.
    • Negotiated clinical trial agreements on behalf of pharmaceutical manufacturers.
    • Advised a not-for-profit mobile medical app manufacturer in a joint venture transaction with a not-for-profit foundation.
    • Negotiated agreements with SaaS and other vendors on behalf of a global pharmaceutical company.
    • Represented an operator of long term care and independent living facilities on a member substitution transaction.
    • Counseled on transactional matters between pharmaceutical manufacturers and group purchasing organizations.
    • Advised a health system in a joint venture with a national dialysis company.
    • Counseled a national operator of home health agencies in a corporate reorganization.
    • Represented hospitals and health systems in sales of assets.
    • Represented a provider of correctional health services on New York Corporate Practice of Medicine issues, including corporate organizational structure and management arrangements.
    • Advised a physician practice in its proposed sale to another practice.
    • Advised on graduate medical education (GME) implications of transactions involving teaching hospitals.

    Healthcare Regulatory

    • Advised an international pharmaceutical company on regulatory requirements regarding the use of healthcare apps and wearable devices.
    • Advised a medical device manufacturer and a global pharmaceutical company on the development and implementation of patient testimonial programs.
    • Counseled a hospital system in responding to ACGME citations and achieving full accreditation for its GME programs.
    • Represented a health system in medical staff hearings and appeals.
    • Counseled healthcare clients on alleged violations of the federal Stark and Anti-Kickback laws.
    • Counseled clients on HIPAA and FTC privacy regulations applicable to pharmaceutical and device manufacturers, internet-based platforms and mobile medical apps.
    • Represented and advised labs, hospitals and health systems in responding to government investigations.
    • Developed compliance policies and training for a global pharmaceutical company.
    • Advised a life sciences company on CDC requirements in connection with importing and testing infectious blood samples. 
    • Advised a managed care plan on executive compensation matters, including compliance with the IRS Intermediate Sanctions Regulations.
    • Advised a health system in responding to OIG allegations of Stark Law violations.
    • Advised a pharmaceutical manufacturer on clinical trial initiatives, including negotiating clinical trial agreements.
    • Counseled a pharmaceutical manufacturer on pharmacovigilance matters.
    • Counseled a not-for-profit managed care organization on executive compensation and other corporate governance matters.

    Data Privacy

    • Represent and assist clients across industries in response efforts to multi-state data security incidents involving multiple notification and regulatory response obligations.
    • Currently advising multiple multinational companies on compliance with the upcoming EU General Data Protection Law (GDPR).
    • Advised a multinational investment bank and financial services company on legal and regulatory compliance matters under state, federal, and international privacy laws.
    • Counseled a global technology company providing digital platforms on privacy contractual terms, GDPR compliance, and cross border data transfer issues.
    • Advised a multinational manufacturing company on its cybersecurity incident response plan and various internal privacy policies and procedures.
    • Advised an international bank on a data breach involving more than a million data subjects.
    • Counseled a provider of enterprise staffing software on cross border data transfer issues, including EU - U.S. Privacy Shield certification.
    • Provided advice on privacy and cybersecurity contractual terms and diligence matters in corporate and technology transactions.
    • Advised a medical provider industry association and health insurer in developing and revising mobile app and Facebook App privacy policies and terms of use.
    • Developed internal business guidelines for text messaging and email marketing campaigns, addressing call-to-action language, opt-in/opt-out requirements, mobile terms of services, anti-spam requirements, and ongoing operation of mobile marketing programs under relevant legal and self-regulatory requirements and best practices, including "Privacy by Design" principles.
    • Provided cybersecurity incident readiness coaching to energy and utility companies.
    • Advised a global pharmaceutical manufacturer on consent and other privacy issues associated with email, postcard, and text message marketing initiatives for its products.
    • Counseled a German pharmaceutical company concerning the data security and privacy issues of a U.S.-based interactive web portal dedicated to marketing a specific drug and encouraging online interaction between providers and patients.
    • Assessed mobile app data collection practices and developing mobile privacy disclosures and opt-in and opt-out consent mechanisms, including double and single opt-in requirements.
    • Advised a medical device company concerning security and privacy compliance and "Privacy by Design" issues associated with Internet of Things strategy for medical devices connected wirelessly to the Internet.
    • Advised an international medical devices company on privacy and cross border data flow issues relevant to the launch of a medical device that transmits patient data for diagnostic purposes.
    • Counseled a prosthetics company on privacy and cybersecurity issues, including an Internet of Things implementation related to wireless sensors installed on its prosthetic devices.
    • Assisted a global pharmaceutical manufacturer in the development and implementation of its data incident response plan.
  • Admissions
    • New York State Bar
  • Rankings and recognitions
    • New York Metro Rising Star, Healthcare, Thomson Reuters, 2016, 2017
    • New York Metro - Top Women, Healthcare, Thomson Reuters, 2016, 2017
    • Pro Bono Service Award, NYC Family Court Volunteer Attorney Program, 2010-2018
    • Certificate of Recognition, New York State Courts Access to Justice Program, 2012, 2016
  • Publications
  • Speaking engagements
    • Upcoming Speaking Engagements:
    • "Ensuring Compliance Across States' Data Breach Notification Rules and Data Privacy Regulations," Data Privacy Governance & GDPR Alignment Conference, Philadelphia, PA, July 26, 2018
    • "Nuts and Bolts of Responding to a Privacy Breach," 2018 Association of Corporate Counsel (ACC) Annual Meeting, Austin, TX, October 22, 2018
    • Past Speaking Engagements:
    • "The Law and the Future of Cryptocurrency," Global Legal ConfEx, New York, NY, June 21, 2018
    • "Indemnification Provisions in HIPAA Business Associate Agreements," Strafford Webinars, June 6, 2018
    • "EU GDPR: Where to Start? Some Practical Tips," Law Technology Live Webinar, May 31, 2018
    • "The Impact of the DFS Cyber Security Regulation," Today's General Counsel Institute, 'The Exchange' Data Privacy and Cybersecurity Forum, New York, NY, May 24, 2018
    • "GDPR The New Cyber – Horizons in 2018," Today's General Counsel Institute, 'The Exchange' Data Privacy and Cybersecurity Forum, New York, NY, May 23, 2018
    • "Challenges Faced by Multi-National Corporate Compliance Professionals: Are You Ready For GDPR and Handling the Next Investigation?", Emerging leaders in compliance and investigations network, Houston, TX, March 20, 2018
    • "Data Privacy and Security: Concerns and Best Practices for Life Sciences & Healthcare Companies," Norton Rose Fulbright Webinar, February 15, 2018
    • "HIPAA Enforcement and Best Practices," American Health Lawyers Association Business Law & Governance Webinar, November 8, 2017
    • "HIPAA Update," American Health Lawyers Association Payers, Plans & Managed Care Webinar, August 3, 2017
    • "Healthcare M&A Hot Topics," Presentation to D&B Bank, June 14, 2017
    • "Efforts to Provide Early Access to Medicines in Europe and US," Norton Rose Fulbright Webinar, May 23, 2017
    • "Medical Device Quality Improvement: Implementing Postmarket Cybersecurity Programs Aligned with New FDA Guidelines," Webinar, February 22, 2017
    • "Representation of Research Universities and Hospitals in Various Areas of the Law," "WiN"ning Business Panel, New York, NY, February 2, 2017 
    • "Anatomy of a HIPAA Business Associate Agreement," The American Bar Association Health Law Section Webinar, January 19, 2017
    • "Privacy and Data Security: Concerns for Life Sciences and Healthcare Companies," Norton Rose Fulbright Webinar, November 9, 2016
    • "HIPAA, Privacy and Security Fundamentals,"  The American Bar Association Health Law Section Webinar, June 16, 2016
    • "Anatomy of a HIPAA Breach (Master Track)," The American Bar Association Health Law Section Webinar, March 1, 2016 
    • "From Cloud 9 to Dark Clouds: Managing Big Data and Cloud Security Issues," Norton Rose Fulbright Annual Health Law Symposium, Austin, TX, January 28, 2016 
    • "Hot Topics in Medical Staff Credentialing," Physicians' Reciprocal Insurers (PRI) Webinar, January 14, 2016
    • "Understanding the Regulatory Landscape," Global Legal ConfEx, New York, NY, October 27, 2015
    • "Health Information Privacy and Security," Norton Rose Fulbright Webinar, October 6, 2015
    • "What's up eDoc?:  A Privacy Primer for Health IT at MaRS," MaRS Discovery District, Toronto, ON, September 30, 2015
    • "The Intersection of Education and Healthcare – Accreditation, GME and Research," Duke University Office of Counsel, September 25, 2015
    • "Demystifying the HIPAA Security Risk Analysis (SRA) Requirement," Norton Rose Fulbright Annual Corporate Compliance Roundtable, St. Louis, MO, May 14, 2015
    • "Top Issues in Healthcare Transactions," NYU Langone Medical Center, May 8, 2015
    • "The mHealth Revolution: A Clash of Innovation and the Law, Current HIT Challenges: mHeatlh, Big Data, and HIPAA Compliance," American Health Lawyers Association, Baltimore, MD, March 28, 2014
    • "The Fundamentals of a Healthcare Transaction: An Interactive Look at the Anatomy of a Deal," The American Bar Association Health Law Section Webinar, November 11, 2013
    • "Health Data Breaches: Complying with New HIPAA Notification Rule and Mitigating Damages," Strafford Webinar, September 25, 2013
    • "The HIPAA Omnibus Rule: Best Practices for Compliance," New York State Bar Association, New York, NY, June 5, 2013
    • "Anti-Kickback Law Basics," The American Bar Association Health Law Section Webinar, April 18, 2013
    • "Tips for Surviving a Health Law Practice - Top 10 Issues, Fundamentals of Health Law," AHLA Chicago, IL, October 29, 2012
  • Memberships and activities
    • American Bar Association (ABA)
      • Health Law Section
        • eHealth, Privacy & Security Interest Group Liaison (2017-present)
        • Distance Learning Committee, vice chair (2012 - 2017) 
        • HITECH Task Force
        • Young Lawyers Division Health Law Committee
      • Science and Technology Section
    • American Health Lawyers Association (AHLA)
      • Diversity+Inclusion Council, member (2018-2020)
      • Health Information Technology Practice Group: Emerging Uses Affinity Group, chair (2012 - 2015)
    • Food and Drug Law Institute (FDLI)
      • Journal Editorial Advisory Board (2014 - present)
    • International Association of Privacy Professionals (IAPP)
    • American Telemedicine Association
    • New York State Bar Association (NYSBA)
      • Young Lawyers Section
    • Association of Corporate Counsel NYC Women's Group Steering Committee