Overview
Edward G. Zacharias (CIPP/US) is the managing partner of McDermott’s Boston office and co-head of the Firm’s Digital Health Practice Group. He helps clients navigate complex regulatory, privacy, and cybersecurity matters that affect a broad range of health-related technologies.
Ed provides legal guidance during the conception, development, launch, and support of artificial-intelligence (AI)-enabled and other digital health products, and structures sophisticated data development, use, and disclosure frameworks designed to help clients execute strategically important business objectives while avoiding legal pitfalls. He has extensive experience advising clients on the use of website and mobile application user tracking technologies and the potential regulatory and litigation challenges to their deployment, including under wiretapping/eavesdropping statutes. He also advises clients on a broad range of information privacy and cybersecurity laws, including the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, 42 CFR Part 2, the Federal Trade Commission Act, and state consumer privacy laws.
Ed manages complex, high-profile ransomware attacks and other data breaches, guiding clients through all aspects of incident response and remediation. He represents clients in privacy, consumer protection and cybersecurity compliance investigations conducted by the US Department of Health and Human Services Office for Civil Rights (OCR), state attorneys general and the Federal Trade Commission. Ed has extensive experience negotiating favorable settlements on behalf of clients when these investigations result in allegations of noncompliance.
Results
- Represented a multinational technology platform in assessing the application of AI, privacy, and wiretapping laws and regulations across multiple jurisdictions for a product launch
- Advised a national retail chain on structural and healthcare compliance considerations related to its establishment of in-store clinics
- Advised a Fortune 20 company in establishing a comprehensive HIPAA compliance program and data use strategy related to its entrance into the healthcare market as a provider of healthcare services
- Served as lead counsel to a health system with more than 500 clinical sites of service in responding to a ransomware attack, including coordinating legal and compliance advice, cybersecurity and forensics teams, media response, communications with regulators, and ransom negotiations with a threat actor
- Represented clients in response to numerous OCR HIPAA compliance investigations, including successful resolutions with no adverse findings and multiple favorable settlements for clients
- Represented a publicly traded technology company in investigating and responding to an international cyberattack that affected its services and operations
- Advised a large electronic health record company on various data use and disclosure considerations related to its development of a personal health record for patients of its healthcare provider customers
Recognitions
- Chambers USA, Band 2 in Healthcare, 2018-2025
- Legal 500 US, Leading Lawyer in Media, Technology and Telecoms: Cyber Law, 2021 and 2024
- Best Lawyers in America, Healthcare Law, 2022-2025
- Thomson Reuters, Stand-out Lawyer – independently rated lawyers, 2023-2025
- Massachusetts Lawyers Weekly, Top 20 Managing Partner, 2024 and 2025
- Burton Awards, Law360 Distinguished Legal Writing Award, 2023
- BTI, Client Service All-Stars, 2022
- Acritas Stars, listed among independently rated lawyers, 2020
Community
- Boston Bar Association, leadership council member
- American Health Lawyers Association
Credentials
Education
Boston University School of Law, JD, 2006
Case Western Reserve University, MA, Bioethics, 2003
Coleman College, AS, Computer Applications and Networks, 2001
Boston College, BA, 1999
Admissions
Massachusetts
