Deepali Doddi is an associate in Ice Miller’s Data Security and Privacy practice. Leveraging her experience as a former regulator with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), Deepali counsels clients on all aspects of HIPAA compliance, including uses and disclosures of health data, policies and procedures, business associate agreements, breach response, risk analysis and management, and audit preparation.

Deepali also regularly assists clients in a wide range of industries with issues arising under federal and state data security and privacy laws and regulations, including COPPA, CAN-SPAM, TCPA, GLBA, CalOPPA, the FTC Act, DFARS, and breach notification laws. She further advises on risks related to privacy and data security in the context of corporate mergers and acquisitions.

Additionally, Deepali helps clients navigate international data privacy matters, such as certifying to the EU-U.S. Privacy Shield Framework, selecting appropriate cross-border data transfer mechanisms, and complying with the EU General Data Protection Regulation (GDPR) and e-Privacy Directive. Deepali is both a Certified Information Privacy Professional/United States (CIPP/US) and a Certified Information Privacy Professional/Europe (CIPP/E) through the International Association of Privacy Professionals (IAPP).

Before joining Ice Miller, Deepali was an investigator in OCR’s Chicago regional office for more than five years. During her time at OCR, she investigated large breaches of protected health information involving such issues as theft, loss, and unauthorized access through cyberattacks. Notably, Deepali served as the lead investigator in several high-profile settlements, including North Memorial Health Care and Presence Health.

Deepali is currently an IAPP Chicago KnowledgeNet Co-Chair. She also serves on the board of directors of the Illinois Association of Healthcare Attorneys. 

Deepali received her juris doctor from the University of Notre Dame Law School. She received a Bachelor of Arts in economics and English from Northwestern University. Deepali is admitted to practice in Illinois.


Reported and Representative Cases

Ice TV
Firm Publications
Blog Posts
Published In
Speaking Engagements
  • "Trending Issues in Cybersecurity," International Warehouse Logistics Association, Legal Symposium, Chicago IL, November 10, 2017
  • “HIPAA Compliance: Inside OCR’s Phase 2 Audit Program,” Health Care Compliance Association, Regional Conference, Indianapolis, IN, September 29, 2017
  • "What OCR Expects in a HIPAA Risk Analysis," Clearwater Compliance, LLC, September 26, 2017
  • “To Report or Not to Report: How to Analyze an Event to Determine If and to Whom it Should be Reported,” Indiana Security and Privacy Network, Quarterly Meeting, Indianapolis, IN, August 3, 2017
  • “How to Protect Your Business: Strategies for Avoiding and Surviving a Cyberattack,” Cybersecurity Seminar, Schaumburg, IL, June 13, 2017
  • “HIPAA Compliance Updates,” Ice Miller CLE Forum, Indianapolis, IN, December 13, 2016
  • “HIPAA Compliance Updates,” Ice Miller CLE Forum, Columbus, OH, December 6, 2016
  • “Cybersecurity In Health Care: Teachings, Traps, and Trends,” ISBA Health Law Symposium, Indianapolis, IN, November 2, 2016
  • “OCR HIPAA Audit Program – Set Phase 2 to Stun,” International Association of Privacy Professionals KnowledgeNet, Indianapolis, IN, September 12, 2016
  • "HIPAA Audit Prep: Lessons from OCR Enforcement", webinar, Indianapolis, IN - August 31, 2016
  • "Navigating a Breach Incident at the Business Associate Level: Reporting, Investigation, and Mitigation Strategies,” American Health Lawyers Association, Webinar, February 24, 2016.
  • “Elements of a Data Breach Response: A HIPAA Perspective,” University of Dayton School of Law, Program in Law and Technology Seminar, Dayton, Ohio, June 5, 2015.
  • “Post-HITECH HIPAA Compliance: Key Considerations for Insurers,” Life and Health Compliance Association Meeting, Cincinnati, Ohio, May 14, 2015.
  • “HIPAA Enforcement, Audits, and Data Breach Response: What Is OCR Looking For?” International Association of Privacy Professionals KnowledgeNet, Cincinnati, Ohio, September 10, 2014.
View Full Site View Mobile Optimized