Brandon Ge is senior counsel in the Washington, D.C., office of Wilson Sonsini Goodrich & Rosati, where his practice focuses on health information, privacy and security, incident response, digital health, AI governance, interoperability and information blocking, data use and exchange, and privacy- and security-related contracting.
Brandon’s clients span industries including digital health companies, health insurers, health care providers, health information networks, cybersecurity companies, financial institutions, and nonprofit organizations. He provides practical counseling on federal and state privacy and security laws, including HIPAA, 42 CFR Part 2, the Health Breach Notification Rule, the FTC Act, TCPA, COPPA, state consumer privacy laws, and state health privacy laws.
Brandon helps clients build, assess, and strengthen privacy and security compliance programs. He drafts privacy and security policies and procedures, incident response plans, training materials, template agreements, privacy notices, and website and application terms of use. He also negotiates business associate agreements, data use agreements, data processing agreements, and other privacy- and security-related contracts, including high-volume and high-value contracting matters for financial services, technology, and cybersecurity clients.
Brandon has significant experience advising clients through data breaches and cybersecurity incidents involving protected health information, personal information, and sensitive business data. He manages incident response matters end-to-end: coordinating with forensic and incident response vendors, assessing notification obligations, drafting notices and public statements, and communicating with law enforcement and federal and state regulators.
Brandon represents clients in privacy- and security-related investigations and disputes. He has defended numerous digital health companies, health insurers, and other clients in investigations by the U.S. Department of Health and Human Services Office for Civil Rights and state attorneys general, including matters involving breaches of protected health information. He also advises and defends clients in matters involving tracking technologies, digital advertising, and TCPA compliance.
On the transactional side, Brandon has led privacy and security due diligence in various healthcare and technology transactions, including for numerous acquisitions by one of the nation’s largest health insurers and a multi-billion-dollar acquisition by one of the world’s largest technology companies.
Brandon counsels clients on health data interoperability, patient access, information blocking, and federal health IT requirements. He has advised on ONC information blocking rules and CMS interoperability rules and the implications of these requirements for health information networks, payers, and technology-enabled healthcare services.
Brandon is a Certified Information Privacy Professional (CIPP/US), Certified Information Privacy Manager (CIPM), and Artificial Intelligence Governance Professional (AIGP). He has conducted HIPAA Security Rule risk assessments and, as a former HITRUST Certified CSF Practitioner, assisted digital health companies and providers with the HITRUST compliance and certification.
Brandon Ge is senior counsel in the Washington, D.C., office of Wilson Sonsini Goodrich & Rosati, where his practice focuses on health information, privacy and security, incident response, digital health, AI governance, interoperability and information blocking, data use and exchange, and privacy- and security-related contracting.
Brandon’s clients span industries including digital health companies, health insurers, health care providers, health information networks, cybersecurity companies, financial institutions, and nonprofit organizations. He provides practical counseling on federal and state privacy and security laws, including HIPAA, 42 CFR Part 2, the Health Breach Notification Rule, the FTC Act, TCPA, COPPA, state consumer privacy laws, and state health privacy laws.
Brandon helps clients build, assess, and strengthen privacy and security compliance programs. He drafts privacy and security policies and procedures, incident response plans, training materials, template agreements, privacy notices, and website and application terms of use. He also negotiates business associate agreements, data use agreements, data processing agreements, and other privacy- and security-related contracts, including high-volume and high-value contracting matters for financial services, technology, and cybersecurity clients.
Brandon has significant experience advising clients through data breaches and cybersecurity incidents involving protected health information, personal information, and sensitive business data. He manages incident response matters end-to-end: coordinating with forensic and incident response vendors, assessing notification obligations, drafting notices and public statements, and communicating with law enforcement and federal and state regulators.
Brandon represents clients in privacy- and security-related investigations and disputes. He has defended numerous digital health companies, health insurers, and other clients in investigations by the U.S. Department of Health and Human Services Office for Civil Rights and state attorneys general, including matters involving breaches of protected health information. He also advises and defends clients in matters involving tracking technologies, digital advertising, and TCPA compliance.
On the transactional side, Brandon has led privacy and security due diligence in various healthcare and technology transactions, including for numerous acquisitions by one of the nation’s largest health insurers and a multi-billion-dollar acquisition by one of the world’s largest technology companies.
Brandon counsels clients on health data interoperability, patient access, information blocking, and federal health IT requirements. He has advised on ONC information blocking rules and CMS interoperability rules and the implications of these requirements for health information networks, payers, and technology-enabled healthcare services.
Brandon is a Certified Information Privacy Professional (CIPP/US), Certified Information Privacy Manager (CIPM), and Artificial Intelligence Governance Professional (AIGP). He has conducted HIPAA Security Rule risk assessments and, as a former HITRUST Certified CSF Practitioner, assisted digital health companies and providers with the HITRUST compliance and certification.
- J.D., Columbia Law School, 2012
Harlan Fiske Stone Scholar; Editor, Columbia Science and Technology Law Review
- B.A., Economics, University of Maryland, College Park, 2007
- Member, International Association of Privacy Professionals
- Named among the 2023-2026 “Ones to Watch – Health Care Law” by The Best Lawyers in America
- Named among the 2024-2026 “Ones to Watch – Privacy and Data Security Law” by The Best Lawyers in America
- Bar of the District of Columbia
- State Bar of Maryland
- J.D., Columbia Law School, 2012
Harlan Fiske Stone Scholar; Editor, Columbia Science and Technology Law Review
- B.A., Economics, University of Maryland, College Park, 2007
- Member, International Association of Privacy Professionals
- Named among the 2023-2026 “Ones to Watch – Health Care Law” by The Best Lawyers in America
- Named among the 2024-2026 “Ones to Watch – Privacy and Data Security Law” by The Best Lawyers in America
- Bar of the District of Columbia
- State Bar of Maryland
Select Publications
- Co-author, "Scope of FTC's Health Info Enforcement May Expand," Law360, June 2023
- Co-author, “International: GDPR v. HIPAA – Comparing and Contrasting Two Important Data Protection Regimes,” OneTrust DataGuidance, May 2023
- Co-author, "Two Privacy Rulings Highlight Browsewrap Agreement Risk," Law360, March 2023
- Co-author, “Ninth Circuit Rejects Facebook’s Article III Argument; Biometric Lawsuit will Proceed,” Intellectual Property & Technology Law Journal, December 2019
- Co-author, "Ninth Circuit’s Expansive Standard for Standing in Breach Case," Law360, April 2018
- Co-author, "Task Force Reports Hopes to Galvanize Cybersecurity Efforts in the Health Care Industry," Westlaw, July 2017
- Co-author, "Privacy as Power: A Catalyst in the Big Data Revolution," HIT News American Health Law Association, May 2014
Select Speaking Engagements
- Speaker, “HIPAA Update,” Silicon Valley Association of General Counsel 31stAnnual All Hands Meeting, Santa Clara, CA, November 2019
Select Publications
- Co-author, "Scope of FTC's Health Info Enforcement May Expand," Law360, June 2023
- Co-author, “International: GDPR v. HIPAA – Comparing and Contrasting Two Important Data Protection Regimes,” OneTrust DataGuidance, May 2023
- Co-author, "Two Privacy Rulings Highlight Browsewrap Agreement Risk," Law360, March 2023
- Co-author, “Ninth Circuit Rejects Facebook’s Article III Argument; Biometric Lawsuit will Proceed,” Intellectual Property & Technology Law Journal, December 2019
- Co-author, "Ninth Circuit’s Expansive Standard for Standing in Breach Case," Law360, April 2018
- Co-author, "Task Force Reports Hopes to Galvanize Cybersecurity Efforts in the Health Care Industry," Westlaw, July 2017
- Co-author, "Privacy as Power: A Catalyst in the Big Data Revolution," HIT News American Health Law Association, May 2014
Select Speaking Engagements
- Speaker, “HIPAA Update,” Silicon Valley Association of General Counsel 31stAnnual All Hands Meeting, Santa Clara, CA, November 2019
- Privacy Policy
- Terms of Use
- Accessibility