Paul Rothermel
Managing Attorney
O: 651.430.7150
M: 651.364.7514
Paul Rothermel advises FDA-regulated and healthcare companies on privacy, cybersecurity, and healthcare compliance matters. His practice focuses on designing and operationalizing privacy programs that align HIPAA, state privacy laws, and international data protection requirements with business and regulatory expectations. Clients rely on Paul for practical guidance on privacy risk management across digital health, clinical research, medical devices, and data-driven operations.
Paul has deep experience advising on HIPAA compliance, state consumer privacy laws such as the CCPA and other emerging state frameworks, and international data protection regimes including GDPR. He supports clients in structuring data governance programs that account for cross-border data flows and vendor risk management.
His practice includes responding to data breaches and cybersecurity incidents, guiding clients through notification obligations, regulatory inquiries, and remediation planning. Paul works closely with digital health and technology teams to align innovation initiatives with evolving privacy and cybersecurity expectations.
Representative Experience
- Works routinely with clients to assess and implement privacy and cybersecurity programs, including drafting and implementing policies, procedures, and training.
- Develops privacy policies, notices, and consents for websites and applications.
- Counsels drug and device manufacturers in clinical trial privacy requirements, including conducting data protection impact assessments, standard contractual clauses, and reviewing informed consent forms.
- Drafts and negotiates business associate agreements, data processing agreements, standard contractual clauses, and other privacy and data protection provisions and agreements.
- Serves as privacy officer and data protection officer including for organizations which are HIPAA covered entities and with global operations.
- Performs diligence for third party privacy and cybersecurity controls and develops standard contractual provisions and agreements to protect client interests.
- Assesses reimbursement programs for compliance privacy and cybersecurity requirements.
Education
- Juris Doctor, Mitchell Hamline School of Law
- Bachelor of Arts, History, University of Northwestern - St.Paul
Bar Admissions and Qualifications
- Minnesota
- Certified Information Privacy Manager (CIPM)
Court Admissions
- State of Minnesota
Memberships
- Member, Minnesota State Bar Association - Heath Law Section
- Member, International Association of Privacy Professionals
Honors and Awards
- Super Lawyer 2024
- Super Lawyers Rising Star 2023