Apurva Dharia

He/Him

Associate

I help clients use health data to develop new products, services, and technologies.

Apurva Dharia works on the firm's privacy and security team, specializing in health information technology matters. He assists clients in developing policies and procedures for data collection, storage, use, and disclosure and provides risk assessments and mitigation strategies for a range of issues involving health data.

With a background that includes direct patient-care experience and federal health policy development, Apurva takes a holistic approach in advising clients on unique and novel legal concepts in a highly innovative sector. Apurva strategically negotiates and drafts licensing terms, data use agreements (DUA), and business associate agreements (BAA) that enable clients such as technology companies, health systems, research universities, and pharmaceutical and medical device manufacturers to secure personal information in compliance with evolving privacy laws while permissibly leveraging data to develop innovative solutions to complex problems.

Health information privacy compliance

Advises clients on HIPAA compliance, including response to subpoenas and HIPAA Qualified Protective Orders (QPOs) for records involving Protected Health Information (PHI) and sensitive health information.

Develops HIPAA compliant privacy and security policies and procedures, notices of privacy practices, and data retention policies for health systems and healthcare vendors, including telemedicine and telepharmacy clients.

Health data licensing and contracting

Counsels scientific research universities and hospital systems on data use and licensing agreement terms with app developers, technology vendors, and pharmaceutical companies.

Drafts and negotiates master service agreements and data licensing and collaboration agreements between pharmaceutical manufacturers and artificial intelligence and machine learning-based healthcare startups.

Develops and negotiates Business Associate Agreements (BAAs) on behalf of HIPAA Covered Entities, Business Associates, and Subcontractors.

State, federal, and international data privacy and security compliance

Advises clients on laws governing the confidentiality, use, disclosure, or transmission of personal and sensitive information, including the growing framework of U.S. state privacy laws (e.g., CCPA/CPRA), federal laws such as HIPAA, 42 CFR Part 2, and the FTC Act, and international laws such as GDPR (EU) and PIPL (China).

Breach response

Provides guidance to clients regarding compliance with state and federal laws governing data breaches, and develops materials to aid in the documentation of the initial investigation, incident response, and notifications to state and federal government regulators as well as affected individuals.

Deep healthcare regulatory knowledge*

Advised numerous healthcare industry clients on state and federal healthcare regulatory matters touching on digital health, telemedicine and telepharmacy, healthcare contracting, Medicare/Medicaid enrollment and reimbursement, pharmacy industry supply chain regulatory compliance, and data reporting obligations under the No Surprises Act, Price Transparency Rules, and the Sunshine Act.

*Denotes an attorney's experience prior to joining Davis Wright Tremaine

Admitted to Practice

District of Columbia, 2023
Maryland, 2016

Education

B.S., Biological Sciences; B.S., Community Health, University of Maryland, College Park, 2012
J.D., University of Maryland Francis King Carey School of Law, 2016
- Health Law Certificate

Professional Recognition

- Named "One to Watch" by Best Lawyers in Health Care Law, 2024-2025

Background

- Associate, Quarles & Brady LLP, Washington, D.C., 2022-2023
- Lead Policy Analyst, MITRE, McLean, Va., 2019-2022
- Senior Healthcare Analyst, Enterprise Science and Computing (ESAC Inc.), Rockville, Md., 2011-2019
- Legal Extern, Technology Transfer Office, National Human Genome Research Institute (NIH-NHGRI), Rockville, Md., 2015