As a member of the firm’s Health Law, Cybersecurity & Data Privacy, and Corporate & Business Transactions practice groups, Liz Heddleston helps clients navigate the complex legal landscape governing healthcare.

Liz provides practical guidance on regulatory, operational, and corporate issues to medical practices, hospitals, long-term care facilities, and other healthcare organizations. She advises clients on a broad range of healthcare-related matters, including Stark Law and Anti-Kickback Statute matters, contracting and transactional matters, state and federal regulatory compliance, Medicare and Medicaid issues, peer review and credentialing, and corporate and medical staff governance.

Liz specializes in HIPAA compliance and data privacy and is Certified in Healthcare Privacy Compliance (CHPC®). She counsels clients on day-to-day privacy and security operational issues, the Information Blocking Rule, and other data privacy laws. She regularly advises clients on HIPAA breach response and notification issues, including reporting obligations to the HHS Office for Civil Rights (OCR). She assists clients in drafting, reviewing, and negotiating Business Associate Agreements and other healthcare technology agreements, and helps clients develop and update privacy policies and procedures.

Liz has been included in the Virginia Rising Stars list in Health Care Law by Super Lawyers and has been named to Best Lawyers: Ones to Watch™ in America for Health Care Law. In 2022, she was named a Virginia Lawyers Weekly “Up & Coming Lawyer.”

A Bethesda, Md. native, Liz graduated from Davidson College with a B.A. in English and earned her law degree from William & Mary Law School (magna cum laude, Order of the Coif). Prior to law school, Liz worked for five years as a newspaper journalist in Lynchburg, Va.

Attorney Perspectives

Speaking Engagements

  • Virginia Bar Association: 18th Annual Virginia Health Care Practitioners’ Roundtable | Understanding HIPAA to Maintain and Ethical Legal Practice
    October 20, 2022
  • The Medical Advisory Group of Roanoke | The Information Blocking Rule
    June 21, 2022
  • The Medical Advisory Group of Danville | The Information Blocking Rule
    June 15, 2022
  • The Medical Advisory Group of Lynchburg | The Information Blocking Rule
    June 8, 2022
  • Virginia Health Information Management Association Annual Conference | Protecting Patient Data from Cyber Criminals: HIPAA Compliance Strategies
    May 12, 2022
  • Virginia Medical Group Management Association | The Intersection of HIPAA, Patient Privacy, and the Nosy Employee
    March 23, 2021