Gicel Tomimbang is an associate in the Data Privacy, Cybersecurity & Digital Assets Practice. A former deputy attorney general and Office for Civil Rights investigator, she advises domestic and international companies on data privacy and protection, healthcare privacy and digital health, cybersecurity readiness and incident response and consumer protection law.

Gicel uses her public sector experience to advise clients on a range of privacy, transactional and regulatory and compliance issues under state and federal laws, with a particular focus in the healthcare and digital health sectors. She also helps clients meet their obligations during a data breach, developing and executing legal strategy and guiding companies across industries through all aspects of incident response and investigation, including negotiating agreements with third-party vendors, interfacing with insurance providers and auditors, submitting notifications and engaging with regulators and law enforcement.

Gicel served as a deputy attorney general for the California Department of Justice – Office of the Attorney General, where she specialized in conducting health data privacy and cybersecurity-focused government investigations, as well as enforcement pursuant to federal and state health privacy laws and consumer protection laws prohibiting unfair and deceptive acts and practices. She also provided legal and policy advice to the attorney general and state agencies. Gicel also served as an investigator for the US Department of Health and Human Services, Office for Civil Rights, where she investigated companies’ compliance with the HIPAA Privacy, Security and Breach Notification rules and civil rights laws.

Gicel is a Certified Information Privacy Professional (CIPP/US and CIPP/E), a Certified Information Privacy Manager (CIPM) and an IAPP Fellow of Information Privacy (FIP). She invests in her community through her active leadership in and contributions to professional and community organizations, including the Los Angeles County Bar Association, the International Association of Privacy Professionals, the California Lawyers Association, Junior League Los Angeles and various mentorship programs.

Award Mouse thought multimedia interface book medal screen monitor
  • Assisted covered entity and business associate clients with drafting, revising and negotiating services and business associate agreements.
  • Negotiated health tech software licensing agreements and business associate agreements on behalf of SaaS company.
  • Advised global communications provider on HIPAA, TCPA and state health privacy law issues for telehealth vertical, as well as negotiated data agreements pertaining to same.
  • Counseled telehealth platform on HIPAA compliance issues regarding transcription services expansion and privacy issues under federal and state health privacy laws.
  • Advised global consumer health goods manufacturer on consent and authorization requirements of Washington’s My Health My Data Act and Nevada’s consumer health data law.
  • Counseled regional hospital system on structuring organized health care arrangements and affiliated covered entity structures under HIPAA to maximize business and patient care efficiencies.
  • Advised regional grocery store chain on compliance issues regarding state consumer privacy laws and HHS HIPAA tracking technologies guidance with respect to grocery and pharmacy data practices.
  • Provided legal advice to various provider, health tech and community services organizations on mental health data privacy issues, including under HIPAA and 42 CFR Part 2.
  • Represented state government health agencies in successful dismissal of OCR investigations of data security incidents.
  • Counseled social media company on global cybersecurity compliance and legal issues.
  • Developed US incident response plan, policies and procedures, and training program for data security incidents, including material cybersecurity incidents for a publicly-traded fintech company.
  • Supported litigation teams, serving as privacy and cybersecurity specialist in class action and arbitration matters.

Education

  • Santa Clara University, J.D., 2018
  • Arizona State University, B.S., cum laude, 2011

Admissions

  • California, 2019

Memberships & Affiliations

  • Los Angeles County Bar Association, First Vice Chairperson, Privacy and Cybersecurity Section
  • California Lawyer’s Association, Communications Chair, Privacy Law Section; Privacy Liaison to New Lawyer’s Section
  • International Association of Privacy Professionals (IAPP)
  • Junior League Los Angeles

Languages

  • English
  • Filipino (Tagalog)

{{insights.date}} {{insights.type}} {{insights.contentTypeTag}}
{{blog.displayDate}}
{{blog.title}} {{blog.source}}
Award Mouse thought multimedia interface book medal screen monitor