Ira Parghi  


Executive Summary

Ira Parghi is counsel in BLG’s Toronto office and a member of the firm’s Health Law and Privacy and Data Protection practice groups. 

Ira advises clients on access to information issues and on all stages of the life cycle of information privacy and security incidents: prevention (education, best practices, policies, audits), investigation, analysis (including under multiple potentially applicable provincial, state, and federal laws), reporting (to consumers and regulators), remediation, and regulatory investigation (again, potentially involving multiple regulatory bodies, laws, and jurisdictions). She has experience with a broad range of privacy matters, including cybersecurity breaches and ransomware incidents. Ira helps clients navigate often complex US-Canada cross-border regulatory landscapes, and, having worked in an in-house privacy role, provides practical advice that is operationally feasible. She has counseled health-care providers, medical technology companies, multinational pharmaceutical firms, universities, start-up companies, and non-profits, in both the US and Canada.

Ira also defends hospitals and other health-care organizations in medical malpractice litigation as counsel to the Healthcare Insurance Reciprocal of Canada (HIROC). She has represented clients before courts, administrative tribunals, and Coroner’s Inquests.

Ira previously worked as the Corporate Privacy Officer for a large health system, and as Counsel in the San Francisco office of a global law firm.

Representative Work

  • Advises hospitals, community-based health organizations, and other entities on wide range of privacy issues, including incident management, notification to affected individuals, and regulatory reporting.
  • Counsels hospitals and research institutes on privacy and data handling issues arising in context of clinical research, including multi-site and cross-border research projects.
  • Submitted representations to federal privacy and access to information regulator on behalf of client whose information was sought to be disclosed through access to information request.
  • Spearheaded health system’s responses to over 35 different privacy-related inquiries and investigations from U.S. federal and state regulators seeking to enforce patient privacy and data privacy laws; these included lengthy and high-profile investigations with the potential for enforcement action.
  • Supervised the investigation, analysis, documentation, remediation, and, where appropriate, patient and regulatory notification in over 200 potential privacy incidents across a major U.S. health system.
  • Counseled start-up companies, hospitals, health systems, universities, a medical research institute, social service organizations, and medical technology companies on a wide range of U.S. and Canadian privacy and information security laws, institutional policies, and best practices.
  • Advised medical technology company on privacy incident management, privacy considerations with respect to "smart" devices that collect, use, and transmit health information, and privacy obligations under U.S. federal and applicable state laws.
  • Counseled post-acute care system on potential privacy incidents, including analysis under several applicable U.S. federal and state laws, remediation, and handling of regulatory investigation.
  • Spent several months on secondment to privacy office of a leading U.S. research university, where duties included advising on privacy incident investigation and handling, reviewing and formulating policies on privacy in clinical care and research contexts, and supporting privacy team generally.
  • Advised pharmaceutical companies on potential privacy issues arising out of multi-site, multinational research projects.
  • Counseled investment management companies and other institutional clients on privacy- and security-related diligence and disclosures in context of corporate transactions.
  • Advised large insurer on potential privacy questions involved in proposed genetic testing initiative.
  • Successfully represented large professional organization in complex complaint brought against it before Ontario Information and Privacy Commissioner.

Publications & Presentations

  • Instructor, “Herding Cats and Losing Sleep: Handling Privacy Breaches in a Hospital Setting,” Information Technology & Privacy in Health Law course, Osgoode Hall Law School Health Law Program, May 2019
  • Presenter, “Privacy in Health Care,” St. Mary’s General Hospital, May 2019
  • Co-Presenter, “Privacy Update,” Canadian Life and Health Insurance Association Inc. Annual Conference, May 2019
  • Presenter, “Hot Topics in Privacy: Big Data in Health Care,” Medico-Legal Society of Toronto Annual Spring Bouquet, May 2019
  • Co-Author, "No Reasonable Expectation of Privacy in Case of Online Child Luring", BLG Publication, May 2019.
  • Co-Presenter, "A Risk Manager's Guide to IoT, Privacy and Cyber-Risk," BLG Annual Municipality Liability Seminar, April 2019
  • Author, “Healthcare Privacy and the UCL” in Antitrust, Unfair Competition Law & Privacy Law Section, California Lawyers Association, California Antitrust and Unfair Competition Law, Revised Edition (C. Johnson, ed., Matthew Bender & Co, 2018)
  • Author, “Reporting PHIPA Breaches to Affected Individuals and the Information and Privacy Commissioner: A Primer,” BLG Health Law Monitor, November/December 2018
  • Presenter, “Risk Management,” BLG Legal Operations Forum, November 2018
  • Presenter, “Cyber Security - Protecting Your Organization and Responding to Threats,” Healthcare Insurance Reciprocal of Canada Integrated Risk Management Risk Register Clinic, November 2018
  • Author, "Your Bitcoin or Your Business: The Growing Threat of Ransomware Across Industries," Westlaw Journals, December 2017
  • Presenter, "The Report on Improving Cybersecurity in the Health Care Industry and its implications for the health industry," Ropes & Gray Webinar, November 2017
  • Presenter, "Developments in value-based health care," Ropes & Gray Life Sciences Roundtable, November 2017
  • Author, "California's New Focus on Drug Pricing Transparency," Law360, November 2017
  • Author, "Blurring the Lines Between Health Care Provider and Payor," Law360, September 2017
  • Author, "How Can We Make EHR Access Less Unwieldy for Patients and Providers?" MedCity News, August 2017
  • Author, "4 Predictions for Value-Based Care and Digital Health," Law360, June 2017
  • Presenter, "The Role of Digital Health in the Shift to Value-Based Health Care," Ropes & Gray Webinar, May 2017
  • Author, "Where is the Future of HIPAA Enforcement Heading?," MedCity News, May 2017
  • Presenter, "Developments in EU privacy law," Ropes & Gray Small Pharma Compliance Roundtable, March 2017
  • Presenter, "Best Practices in Research Data Sharing and Licensing," Association of University Technology Managers Annual Meeting, March 2017
  • Presenter, "Data Sharing and Licensing: Best Practices and Ongoing Questions," Association of Corporate Counsel - San Francisco Bay Area CLE seminar, May 2016
  • Presenter, "Money and Data in Risk-Bearing Provider Networks: Fraud and Abuse, Privacy, and How to Have Your Cake and Eat it Too," Healthcare Law & Compliance Institute, March 2016
  • Author, "Digital Health 101: There's No Regulator-Free Path to the Digital Health Market," Bloomberg BNA Health IT Law & Industry Report, May 2016
  • Author, "Big Data and HIPAA Privacy – Threshold Questions to Ask," Pharmaceutical Compliance Monitor, March 2016
  • Author, "Clearing Up Developer Health App Questions," Law360, February 2016
  • Presenter, "Medical Software: Evolving FDA Policies and Privacy Regulation," medical and consumer goods company regulatory attorney meeting, July 2015
  • Presenter, "Research Data Sharing and Licensing: Best Practices and Ongoing Questions," university technology licensing office meeting, June 2015
  • Presenter, "Disentangling the Gordian Knot: Privacy and Compliance," Digital Health Summer Summit, June 2015
  • Presenter, "Lifestyle Data and Health Apps – Minding the Gap between the FDA, FTC, and Health Care Laws," Association of Corporate Counsel - San Francisco Bay Area CLE seminar, June 2015
  • Presenter, "Sensitive Data & The Business Judgment Rule," Association of Corporate Counsel - San Francisco Bay Area CLE seminar, February 2015