Liz Heddleston helps a wide range of clients in the healthcare industry find practical solutions to legal challenges and navigate the complex legal landscape governing healthcare. She has a broad-based regulatory compliance practice with a strong focus on HIPAA compliance and health information privacy and security.

Liz is a trusted adviser to medical and dental practices, hospitals, long-term care facilities, federally qualified health centers, behavioral health providers, health plans, and other healthcare organizations. She counsels clients on regulatory compliance and corporate matters, including health information privacy and security issues, Stark Law and Anti-Kickback Statute compliance, contracting and transactional matters, state licensure issues, Medicare and Medicaid reimbursement, telehealth, peer review and credentialing, and corporate and medical staff governance.

A significant part of Liz’s practice focuses on cybersecurity incidents impacting healthcare entities, HIPAA compliance, and health information privacy and security. Liz is Certified in Healthcare Privacy Compliance (CHPC®) and provides strategic guidance on complying with healthcare privacy laws, including HIPAA, 42 C.F.R. Part 2, the Information Blocking Rule, and state data privacy laws.

As part of a comprehensive risk management strategy, Liz helps clients build and update their HIPAA compliance programs, including assistance with policy and procedures, security risk assessments, and staff training programs. She counsels clients on day-to-day privacy and security issues, and helps clients draft and negotiate Business Associate Agreements, data sharing agreements, and healthcare technology agreements.

Liz is regularly on the frontlines of HIPAA breaches and cyber incidents impacting health data. She advises clients on breach response strategies, notification and reporting obligations, and post-breach compliance and remediation. She has helped clients successfully resolve HIPAA complaint investigations and compliance audits conducted by the HHS Office for Civil Rights.

Liz has been included in the Virginia Rising Stars list in Health Care Law by Super Lawyers and has been named to Best Lawyers: Ones to Watch in America for Health Care Law. In 2022, she was named a Virginia Lawyers Weekly “Up & Coming Lawyer.”

A Bethesda, Md. native, Liz graduated from Davidson College with a B.A. in English and earned her law degree from William & Mary Law School (magna cum laude, Order of the Coif). Prior to law school, Liz worked for five years as a newspaper journalist in Lynchburg, Va. Liz is a founding board member of Huddle Up Moms, a Roanoke-based non-profit dedicated to improving maternal health outcomes and empowering mothers through education, connection, and support. Outside of work, she enjoys running, rock climbing, and spending time outdoors with her daughters.

Attorney Perspectives

Speaking Engagements

  • McGriff Insurance Seminar | Compliance Review: CAA Reporting & Beyond
    April 18, 2023
  • Virginia Bar Association: 18th Annual Virginia Health Care Practitioners’ Roundtable | Understanding HIPAA to Maintain and Ethical Legal Practice
    October 20, 2022
  • The Medical Advisory Group of Roanoke | The Information Blocking Rule
    June 21, 2022
  • The Medical Advisory Group of Danville | The Information Blocking Rule
    June 15, 2022
  • The Medical Advisory Group of Lynchburg | The Information Blocking Rule
    June 8, 2022
  • Virginia Health Information Management Association Annual Conference | Protecting Patient Data from Cyber Criminals: HIPAA Compliance Strategies
    May 12, 2022
  • Virginia Medical Group Management Association | The Intersection of HIPAA, Patient Privacy, and the Nosy Employee
    March 23, 2021