Sarah L. Rugnetta, Esq.

Sarah L. Rugnetta, Esq.

Certified Information Privacy Professional, Europe (CIPP/E)

Sarah Rugnetta advises hospitals, medical groups, insurers, foundations and not-for-profit entities on privacy and security matters. She works closely with clients to develop compliance programs that include privacy and security protocols, training seminars, and data breach response plans. Sarah uses tabletop exercises and incident response simulations to help her clients to develop strategies for securing data and to prepare for potential threats. Sarah also responds to privacy and security incidents and counsels organizations throughout the investigation, notification and reporting phases of a potential breach, helping them to mitigate legal risks at each critical stage. Sarah began her career in health care law as a regulator for the Vermont Department of Financial Regulation. As Assistant General Counsel, she drafted health insurance regulations, testified about proposed bills to amend state insurance laws, and represented the agency in enforcement proceedings. Sarah served as Privacy Officer for a regional non-profit organization, where she oversaw hospital and ambulatory care initiatives. More recently, Sarah worked with the U.S. Agency for International Development (USAID), in India, where she advised the agency on policy issues, health programs and communication strategy. Sarah received her B.A., cum laude, in English Literature and Political Science from St. Lawrence University. She received her J.D., cum laude, from University at Buffalo Law School.

Legal Associations

  • New York State Bar Association, Member
  • Bar Association of Erie County, Member
  • International Legal Technology Association (ILTA), Member

Membership and Admission

  • New York State
  • Vermont

Present Affiliations

  • InfoTech Niagara, Member
  • Information Systems Security Association (ISSA), Member
  • International Association of Privacy Professionals (IAPP), Member

Experience and Expertise

  • Developed HIPAA compliance programs for regional organizations and municipalities.
  • Coordinated the response to numerous privacy and security incidents.
  • Facilitated a HIPAA Compliance Continuing Legal Education.
  • Drafted and oversaw promulgation of the Vermont Long Term Care Insurance regulation – after engaging insurance industry and community stakeholders.
  • Engaged partners, staff and government officials in the design and implementation of USAID’s health care advocacy campaigns in India.
  • Coordinated and executed visits to USAID projects for Congressional delegates and USAID leadership.
  • Coordinated regional quality improvement initiatives to reduce hospital admissions.