Skip to main content
Top Button
Kim Metzger is a partner in Ice Miller's litigation group, concentrating her practice in drug and device litigation and data security and privacy, particularly HIPAA privacy compliance. She is a member of the International Association of Privacy Professionals (IAPP) and is a Certified Information Privacy Professional/U.S. Private Sector (CIPP/US), Certified Information Privacy Professional/Europe (CIPP/E), and Certified Information Privacy Manager (CIPM) through that organization. Kim was inducted into the IAPP’s inaugural class of Fellow of Information Privacy (FIP) designation recipients.

Internet of Things Resource Center
Kim has extensive experience with federal and state health information privacy laws, has established a HIPAA compliance program for a large health care provider and a benefits outsourcing provider, and counsels clients on HIPAA and other information privacy matters. She is integrally involved with the Firm's HIPAA compliance program, and chaired an initiative to ensure the Firm's compliance with revised health information privacy directives issued by a large pharmaceutical client. Kim trains pharmaceutical manufacturing and other health care clients on issues of HIPAA compliance. She also assist clients in determining whether they have experienced a data breach, and how to best respond to a breach.

She has extensive experience with pretrial proceedings in pharmaceutical litigation, including mediation of pharmaceutical cases, large document production, protective order proceedings, and depositions of plaintiffs, experts, and treating physicians. She frequently works on teams with counsel in other jurisdictions, as either national or local counsel. She has served on national counsel teams representing pharmaceutical manufacturers in litigation in various jurisdictions nationwide, working closely with co-defendants and local counsel to coordinate resolution. She has obtained summary judgment for a client based on adequacy of warning, and successfully defended a university in a lawsuit by a student alleging unjust dismissal.

A lifelong Midwesterner, Kim was raised in Indiana and returned to the state after graduate school in 1996. She received her bachelor's degree in psychology from the University of Notre Dame in 1988, and her master's degree in social work from the University of Illinois, with highest honors, in 1992. She then worked as a child welfare case manager and therapist before entering law school. She obtained her juris doctorate from the University of Toledo College of Law, magna cum laude, in 1996, where she served as a note and comment editor on the law review staff and was Order of the Coif. Before joining the Firm, she served as an associate director/general counsel for a large community mental health center in Northern Indiana.

Ice TV
Firm Publications
Blog Posts
Published In
Speaking Engagements
  • Managing Medical Device Cybersecurity Liability: What Health Delivery Organizations Should Know, February 18, 2019
  • 11th Annual HHS Office for Civil Rights (OCR)/NIST HIPAA Security Rule conference (Safeguarding Health Information: Building Assurance Through HIPAA Security): Best Practices for Security Rule Compliance: An Attorney's Perspective. Washington, DC, October 18, 2018
  • Indiana State Bar Association Annual Meeting: Cybersecurity Litigation: Managing Risk In a Risky World. French Lick, IN, October 11, 2018
  • Ohio Hospital Association Annual Meeting: Cybersecurity and the Internet of (Health) Things: Risk Management in Health Care. Columbus, OH, June 4, 2018
  • ICLEF Indiana Consumer Law: Consumer Credit and Consumer Products Issues - "mHealth Technology and Health Social Media: Safeguarding Consumer Data in a Wearable World", Indianapolis, IN, May 23, 2018
  • Independent Colleges of Indiana 2018 Spring IT Leaders Forum GLBA and GDPR: What Do They Mean for Higher Education?  May 4, 2018.
  • Cybersecurity and the Internet of (Health) Things:  How IoT Devices are Transforming Provider IT Networks, presentation at the annual meeting of the Indiana Health Information Management Association (IHIMA), April 24, 2018
  • OCR Audit/Enforcement Update, presentation to working group of ERISA “church plan” counsel, June 9, 2017 (Philadelphia, PA)
  • Ohio Hospital Association Annual Meeting:  "Cybersecurity and the Internet of Health Things: Smart Devices, Smart Solutions", Columbus, OH - June 12, 2017
  • National Lorman Live Webinar: "'Internet of Things' Privacy and Security Primer: What Every Privacy and Compliance Officer Should Know" - May 17, 2017
  • "Data Security and Privacy Service for Higher Education", webinar, Indianapolis, IN - November 18, 2016
  • Health Care Compliance Association's Indianapolis Regional Conference: IT HIPAA Security/Privacy, Indianapolis, IN - September 30, 2016
  • "HIPAA Audit Prep: Lessons from OCR Enforcement", webinar, Indianapolis, IN - August 31, 2016
  • 2016 Indiana Health Information Management Association Annual Meeting: "Managing PHI in the Electronic Age: Top Legal Concerns...& Solutions", Indianapolis, IN - May 11, 2016
  • Samaritan Alliance Spring 2016 Leadership Forum:  “Escape Velocity: Breaking Free From HIPAA Risk.”  April 12 (Ft. Wayne, IN) and 13 (Greenwood, IN), 2016
  • Thompson Information Services: "Skimpy Risk Analyses are Risky Business", webinar - March 24, 2016
  • "The 21st Century Imperative: Cybersecurity", Butler University, Indianapolis, IN - Feb. 26, 2016
  • "Importance of Data Security in Health Care:  How Privacy Breaches and Security Incidents Impact Patients and Providers," Ice Miller CLE Forum for In-House Counsel, Indianapolis, IN - Dec. 10, 2015
  • "Importance of Data Security in Health Care:  How Privacy Breaches and Security Incidents Impact Patients and Providers," Ice Miller CLE Forum for In-House Counsel, Columbus, Ohio - Dec. 1, 2015
  • National Lorman Webinar: Cyber-security in Health Care: Addressing the Threat Landscape and Implementing a Security Management Process - October 26, 2015
  • 2015 Indiana State Bar Association’s Health Law Symposium:  "Impact of Data Security on Medical Identity Theft and Patient Disclosures, and OCR HIPAA Enforcement Update."  September 11, 2015, Indianapolis, IN
View Full Site View Mobile Optimized