Wendell applies his computer science background to counsel clients on privacy, cybersecurity and security incidents, artificial intelligence, technology licensing, consumer protection, and other rapidly evolving subjects that may involve regulatory compliance counseling, technology and data commercialization strategies and agreements, and investigations related to privacy and cybersecurity. He advises clients across a range of industries, with a focus on the health care, life sciences, and biotech sectors.
Experience
Representative matters
Representative matters
Advised digital health clients with respect to FTC guidance, privacy best practices, and state privacy laws, including developing a written privacy program with external and internal privacy policies and procedures, handling data subject rights, and drafting template data protection agreements and checklists.
Advised multiple health care providers on developing patient communications policies that addressed email (CAN-SPAM Act), text messaging (TCPA and state laws), push notifications (FTC Act and state laws), and telephone calls (TCPA and state laws).
Guided clients with respect to personal, confidential, and proprietary information collection, handling, and sharing practices and security measures.
Advised digital health clients with respect to FTC guidance, privacy best practices, and state privacy laws, including developing a written privacy program with external and internal privacy policies and procedures, handling data subject rights, and drafting template data protection agreements and checklists.
Advised multiple health care providers on developing patient communications policies that addressed email (CAN-SPAM Act), text messaging (TCPA and state laws), push notifications (FTC Act and state laws), and telephone calls (TCPA and state laws).
Guided clients with respect to personal, confidential, and proprietary information collection, handling, and sharing practices and security measures.
Counseled many clients on compliance with U.S. federal and state privacy laws, regulations, and rules, and the EU’s General Data Protection Regulation and cross-border data transfer compliance
Drafted terms of use and privacy policies for digital health websites, mobile apps, and online platforms.
Counseled AI customers and vendors related to sharing and developing training data and AI models, focusing on regulatory compliance and bias, privacy and data protection, data retention, and intellectual property rights.
Advised organizations with risk management associated with new product and service offerings, especially in Internet, mobile, and health IT environments.
Represented a regional health care system to negotiate all material technology and data agreements, train in-house counsel, and develop negotiating playbooks for technology and data agreements.
Negotiated cloud service agreements for a national kidney care provider, including agreements with its EHR provider.
Represented a health care payer/provider to simultaneously contract with several affiliated companies of a large cloud infrastructure provider to build and support a high-profile patient platform.
Advised a developer of a fitness tracking device on licensing physiological data collection software and device components from suppliers.
Counseled a Fortune 100 medical device manufacturer on interface, API, and integration agreements with other device manufacturers, with particular attention to intellectual property and data rights protection.
Advised Fortune 50 medical supply company on joint development agreement with a Fortune 200 medical supply company to co-develop software to improve supply distribution network efficiencies.
Represented a practice management division of a major health care company on its existing rights to monetize de-identified patient data based on automated review of thousands of customer agreements and advised on modifications to the client’s customer agreement templates and overall approach to improve the client’s posture on data rights.
Counseled Fortune 100 medical device company in developing the contracting strategy and terms to launch suite of mobile applications for consumers, organizations, and health condition testing facilities.
Represented multinational medical equipment manufacturer on drafting patient and provider template agreements for online platforms associated with advanced orthopedic implants.
Drafted and advised on implementation of online terms of use and privacy policies for dozens of health care clients, including many in connection with the launch of software as a medical device (SaMD).
Advised international provider of remote patient care platform in connection with launch in United States, including an update of existing EU-specific customer and patient agreements to meet U.S. legal requirements.
Represented national retina care provider in engagement of provider of AI data analytics tool to process and analyze images for diagnostic purposes.
Negotiated an agreement on behalf of a regional provider and health plan with a software development company to develop and implement AI-based next-best action recommendation technology to a patient platform.
Drafted health technology platform operator’s template customer agreement, including incorporation of information blocking and interoperability requirements.
Counseled software and IT service providers (including AI, SaaS services, software development, and other IT-related services) on product development, privacy, data security, and contracting strategies.
Advised health care clients on cybersecurity legal requirements, guidance, and best practices, including security measures required by HIPAA and FDA Guidance.
Collaborated with cybersecurity vendors to assist health care clients with implementation of safeguards to systems, platforms, applications, and data that meet applicable legal obligations.
Drafted and revised cybersecurity and incident response-related policies, plans, and procedures for organizations, including those operating in the health care industry.
Successfully counseled health care and health insurance companies and clients in various other industries through security incident response, including vendor and direct, ransomware, multi-jurisdictional, and otherwise.
Assisted a provider of health care services to children in response to an Office for Civil Rights (OCR) inquiry following a data breach, including guiding the client through quickly implementing significant updates to its cybersecurity measures and HIPAA-compliance posture and drafting detailed technical responses to OCR about the client’s cybersecurity improvements and other remediation measures following the breach.
Guided a health care provider with responses to an OCR inquiry following a former-employee complaint alleging significant HIPAA violations, including assisting the client with implementing additional cybersecurity controls and describing to OCR the technical steps the client had taken to address the alleged HIPAA violations.
Counseled clients on written information security policies, incident response plans, and other corporate policies addressing information governance, technical infrastructure, and cybersecurity risk management.
Recognitions
- Ranked in Chambers USA for Nationwide Privacy & Data Security: Healthcare, 2025
- Listed as 'Next Generation Partner' in The Legal 500 USA for Media, technology and telecoms Cyber Law (including Data Privacy and Protection), 2022 - 2025
Credentials
Education
Education
- George Mason University School of Law, 2008, J.D., magna cum laude
- Macalester College, 1999, B.A.
Professional admissions & qualifications
Professional admissions & qualifications
- District of Columbia
- Maryland
- Texas
- Virginia
Professional affiliations
Professional affiliations
- International Association of Privacy Professionals
News
1 / 4
Media mentions
1 / 7
Insights
Blogs
1 / 17
Events
1 / 2