Deepali Doddi is an associate in Ice Miller’s Data Security and Privacy practice. As a former investigator with the U.S. Department of Health and Human Services, Office for Civil Rights, Deepali has significant experience in investigating regulated entities for compliance with federal health information privacy and security laws and regulations. Using her deep experience in this area, Deepali advises regulated entities regarding best practices for safeguarding data and ensuring compliance with the HIPAA Privacy and Security Rules and the Breach Notification Rule. She is a member of the International Association of Privacy Professionals (IAPP) and is a Certified Information Privacy Professional/United States (CIPP/US) through that organization.

Before joining Ice Miller, Deepali served as a federal investigator with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) in Chicago, Illinois for more than five years. During her time at OCR, Deepali enforced the HIPAA Privacy, Security, and Breach Notification Rules against covered entities and their business associates. Most notably, Deepali conducted investigations of large breaches of protected health information involving such issues as theft, loss, and unauthorized access through cyberattacks. As part of her enforcement efforts, she advised various entities regarding best practices for safeguarding data, responding to security incidents, and developing and implementing policies and procedures to ensure compliance with the HIPAA Rules. 
Deepali also has experience in drafting and negotiating formal settlement agreements and corrective action plans to resolve indicated noncompliance with the HIPAA Rules, and she served as the lead investigator in the North Memorial Health Care case, which resulted in a monetary settlement of $1.55 million. 
In addition to her HIPAA work, Deepali contributed to OCR’s administrative rulemaking under Section 1557 of the Affordable Care Act, which prohibits discrimination in covered health programs and activities.

Deepali received her juris doctorate from the University of Notre Dame Law School. While in law school, Deepali served as an executive articles editor for the Notre Dame Journal of Law, Ethics and Public Policy.  She received a Bachelor of Arts in economics and English from Northwestern University.
Deepali is admitted to practice in Illinois.
Reported and Representative Cases

Ice TV
Firm Publications
Blog Posts
Published In
Speaking Engagements
  • “HIPAA Compliance: Inside OCR’s Phase 2 Audit Program,” Health Care Compliance Association, Regional Conference, Indianapolis, IN, September 29, 2017
  • What OCR Expects in a HIPAA Risk Analysis: A Conversation with Deepali Doddi, former OCR Investigator, Midwest Region, Webinar, September 26, 2017
  • “To Report or Not to Report: How to Analyze an Event to Determine If and to Whom it Should be Reported,” Indiana Security and Privacy Network, Quarterly Meeting, Indianapolis, IN, August 3, 2017
  • “How to Protect Your Business: Strategies for Avoiding and Surviving a Cyberattack,” Cybersecurity Seminar, Schaumburg, IL, June 13, 2017
  • “HIPAA Compliance Updates,” Ice Miller CLE Forum, Indianapolis, IN, December 13, 2016
  • “HIPAA Compliance Updates,” Ice Miller CLE Forum, Columbus, OH, December 6, 2016
  • “Cybersecurity In Health Care: Teachings, Traps, and Trends,” ISBA Health Law Symposium, Indianapolis, IN, November 2, 2016
  • “OCR HIPAA Audit Program – Set Phase 2 to Stun,” International Association of Privacy Professionals KnowledgeNet, Indianapolis, IN, September 12, 2016
  • "HIPAA Audit Prep: Lessons from OCR Enforcement", webinar, Indianapolis, IN - August 31, 2016
  • "Navigating a Breach Incident at the Business Associate Level: Reporting, Investigation, and Mitigation Strategies,” American Health Lawyers Association, Webinar, February 24, 2016.
  • “Elements of a Data Breach Response: A HIPAA Perspective,” University of Dayton School of Law, Program in Law and Technology Seminar, Dayton, Ohio, June 5, 2015.
  • “Post-HITECH HIPAA Compliance: Key Considerations for Insurers,” Life and Health Compliance Association Meeting, Cincinnati, Ohio, May 14, 2015.
  • “HIPAA Enforcement, Audits, and Data Breach Response: What Is OCR Looking For?” International Association of Privacy Professionals KnowledgeNet, Cincinnati, Ohio, September 10, 2014.
View Full Site View Mobile Optimized