Eric Setterlund serves as counsel in Bradley’s Healthcare and Cybersecurity and Privacy practice groups. He has extensive experience with matters related to healthcare privacy, security protections and regulatory compliance. Prior to joining the firm, Eric served as chief privacy officer and privacy and data counsel for BlueCross BlueShield of Tennessee. He draws upon his real-world business and program management experience to provide his clients practical advice for complex regulatory and transactional matters.

Eric has a strong understanding of the day-to-day management and maintenance of an enterprise privacy program, including the development and implementation of required policies, procedures, and customer notices. He has years of experience guiding clients through significant changes in the regulatory landscape of state, federal, and international privacy laws.

In addition to his extensive program management experience, Eric has assisted clients with a variety of other compliance and transactional matters. He has broad experience in structuring and negotiating complex technology transactions and data sharing arrangements in the healthcare space, such as advising clients on strategic outsourcing and offshoring initiatives. He also has assisted clients with the development of new products and services to ensure compliance with privacy laws, including helping clients with digitization and customer outreach efforts. Eric has significant experience helping clients prepare for privacy and security risk assessments and third-party audits.

Eric has helped numerous public and private entities investigate and respond to data breaches or significant cybersecurity events, including helping companies notify customers, the media, and state and federal regulators. He has helped clients develop and implement response plans and test their cybersecurity readiness to mitigate risk associated with future incidents. Eric also has successfully defended and represented clients in numerous investigations and complaints brought by the Department of Health & Human Services’ Office of Civil Rights for alleged violations of HIPAA.

Eric is designated as an ANSI Certified Information Privacy Professional (CIPP/US) by the International Association of Privacy Professionals.