Valerie Breslin Montague

Valerie Montague represents a variety of healthcare providers, digital health companies, senior living facilities, nonprofit trade associations, life sciences companies and vendors of healthcare providers. Valerie is a Certified Information Privacy Professional/United States (CIPP/US), the preeminent credential in the field of privacy.

What do you focus on?

I focus my practice on three main areas.

HIPAA/Health Information Privacy and Security

I assist healthcare providers and business associates of all types to comply with the requirements of HIPAA and the HITECH Act, from the development of policies and workforce training to analysis and notification of breaches to guidance through Office for Civil Rights (OCR) investigations. I also advise vendors initiating arrangements with healthcare entities on whether their business triggers HIPAA.

Beyond HIPAA, I counsel healthcare providers on compliance with other federal and state health information confidentiality requirements, as well as cybersecurity best practices.

Regulatory Compliance

I advise hospital systems, skilled nursing facilities, physician practices and other healthcare providers on compliance with the Stark Law and the Anti-Kickback Statute, as well as state laws prohibiting self-referrals and fraud and abuse. In Illinois, I work with facilities to navigate Certificate of Need (CON), corporate practice of medicine, telehealth and licensure requirements.

Nonprofit Governance and Tax Exemption

I work with tax-exempt entities in all industries to obtain and maintain federal income tax-exempt status, including group exemptions and reinstatement of tax-exempt status. I advise tax-exempt entities on structure and governance issues as they expand their service lines, create new entities and enter into transactions with third parties, including joint ventures and the creation of for-profit subsidiaries. I also assist tax-exempt hospitals with compliance with Internal Revenue Service (IRS) and state law requirements governing financial assistance and community benefit activities.

What do you see on the horizon?

As more digital health vendors enter the marketplace in response to patient demand for more convenient and accessible care, both vendors and the providers using these tools will face ever increasing regulatory requirements encompassing everything from privacy and security to licensing to FDA compliance.


  • Presenter, “HIPAA's Right of Access; Defining Designated Record Set, OCR Enforcement, Overcoming Compliance Challenges,” Strafford CLE Webinar, June 22, 2022
  • Presenter, “Lessons Learned from OCR’s Right of Access Initiative Enforcement,” The Virtual Thirty-First National HIPAA Summit, March 3, 2022
  • Presenter, “Trends and Tips from Health Information Privacy Enforcement Efforts,” Chicago Bar Association Health law Committee, November 16, 2021
  • Moderator, “Legal Issues Surrounding the Secondary Use of Health Data,” American Health Law Association Educational Webinar, November 2, 2021
  • Presenter, “Health IT: Fraud & Enforcement,” American Health Law Association Educational Webinar, August 5, 2021
  • Moderator, “2020 Health Law Survey: An Overview of Recent Changes in Health Law,” Illinois Association of Healthcare Attorneys Quarterly Lecture, March 11, 2021
  • Presenter, “Telehealth Looking Forward: Maintaining Compliance During Regulatory Changes,” University Physician Network, August 5, 2020
  • Presenter, “Telemedicine Beyond COVID19: Provider Experiences and Future Challenges,” Nixon Peabody Webinar, June 25, 2020
  • Speaker, “The Paradigm Shift to Telehealth: Lessons Learned from the COVID-19 Pandemic,” CTeL Summit, June 19, 2020
  • Presenter, “Health Law and the Coronavirus: What Attorneys at the Front Line of the Pandemic Need to Know,” Bloomberg Law Learning Webinar, April 15, 2020
  • Presenter, “Lightning Round III: Avoiding a Bad Breakup: How to Divorce Your Entity from a Health Care Venture,” Illinois Association of Healthcare Attorneys 2019 Annual Health Law Symposium, November 6, 2019
  • Presenter, “How to Stay Out of Trouble: Lessons Learned and Best Practices from Data Breaches and HIPAA Enforcement,” 20th Annual Continuing Education Conference for Optometrists, October 31, 2019
  • Presenter, “Data Breaches: Regulation, Enforcement and Lessons Learned,” Nixon Peabody Chicago CLE Day, June 6, 2019
  • Moderator, “HHS Health Industry Cybersecurity Practices,” American Health Law Association, Health Information Technology Practice Group, March 27, 2019 
  • Presenter, “Limiting Risk When Outsourcing: Vendor Management Best Practices,” 2018 Nixon Peabody Chicago CLE Symposium, June 7, 2018
  • Panelist, “Healthcare Privacy and Cybersecurity,” Bloomberg Law, Chicago, September 27, 2017
  • Presenter, “Legal Ethics for Healthcare Attorneys,” Chicago Bar Association, Health Law Committee, March 22, 2017
  • Presenter, “Data Privacy and Data Use and Disclosure: Mutually Exclusive Concepts?” Northwestern University INVO Seminar, Chicago, Illinois, February 6, 2017
  • Co-presenter, “Cybersecurity Threats, Enforcement Trends and Practical Challenges,” American Health Law Association (AHLA) Physicians and Hospitals Law Institute, Orlando, Florida, February 3, 2017
  • Panelist, “Healthcare Under Cyber Siege Panel,”  BDO Center for Healthcare Excellence & Innovation, November 3, 2016.
  • Co-presenter, “Select Regulatory Compliance Matters & Implicated Rules of Professional Conduct”, CLE Presentation to Medical Device client during their Law Day event, August 2016
  • Moderator, “Navigating a Breach Incident at the Business Associate Level: Reporting, Investigation, and Mitigation Strategies,” American Health Law Association, February 2016
  • Panelist, “HIPAA: The Tentacles Expand,” First Illinois Healthcare Financial Management Association Spring Summit, April 2014
  • Presenter, “Battle of the BAAs: Balancing Interests in Negotiating BAAs,” Illinois Association of Healthcare Attorneys, 31st Annual Health Law Symposium, November 2013
  • Presenter, “What You Should Know About Federally Qualified Health Centers,” Chicago Bar Association, Health Law Committee, June 2013
  • Presenter, “HIPAA Compliance in 2012,” Chicago Bar Association, YLS Health & Hospital Law Committee, May 2012
  • Moderator, “Social Media Bootcamp Webinar Series, Level II, Part II: How to Safely Use Social Media and Social Networking in Your Health Law Practice: Avoid Privacy and Security Pitfalls,” American Health Law Association, March 2012
  • Presenter, “Social Media Bootcamp Webinar Series, Level II, Part I: How to Use Social Media and Social Networking: Is There a Policy for That?” American Health Law Association, February 2012
  • Presenter, “Tell It Like It Is? The HITECH Breach Notification Requirements and the Medicare Self-Referral Disclosure Protocol,” Chicago Bar Association, December 2010


Speaking of health law (podcast)

American Health Law Association | April 12, 2022

Chicago Healthcare partner Valerie Montague joined the podcast to discuss trends involving enforcement of the Office for Civil Rights’ Right of Access Initiative, including why access to healthcare records remains such a challenging issue, notable recent cases of enforcement and how they align with historical trends, and exceptions to the Right of Access.

FTC's health data breach rule covers apps, fitness trackers, agency says

Modern Healthcare | September 16, 2021

This article, covering the Federal Trade Commission’s new guidance that health apps and fitness trackers must notify users of data breaches, quotes Chicago Health Care partner Valerie Montague on the FTC’s enforcement and broad definition of a breach, noting companies should review their health data policies and obtain patient authorization when necessary.

Patient says Jefferson Health missed the mark on EHR-driven marketing

Modern Healthcare | June 25, 2021

This article, which discusses concerns surrounding hospitals using electronic health records to promote health services, quotes Chicago Health Care partner Valerie Montague on the right of patients to opt out of their providers’ mailing lists.

Scripps cyberattack highlights patient safety risks during breaches

Modern Healthcare | May 14, 2021

In this article on the recent cyberattack on Scripps Health, which disrupted the San Diego-based health system’s patient portal and email systems, Chicago Health Care partner Valerie Montague is quoted on HIPAA considerations for health systems when communicating with patients via social media.

5 lessons learned from HIPAA "Right of Access" fines this year

Modern Healthcare | November 25, 2020

In this article on the ramped-up enforcement actions by the U.S. Department of Health and Human Services’ Office for Civil Rights against health care providers, Chicago Health Care partner Valerie Montague discusses the importance for providers to train their staff and have a workflow in place.

Hospitals balance disclosure and privacy as COVID-19 spreads

Modern Healthcare | March 12, 2020

Chicago Health Care partner Valerie Breslin Montague talks about how hospitals can remain in compliance with HIPAA while executing an effective crisis communications plan related to the coronavirus outbreak.

Are you prepared for a data incident? Plan ahead to allow for an agile response

Chicago Health Executives Forum Newsletter | September 25, 2019

Chicago Health Care partner Valerie Breslin Montague wrote this contributed article outlining the factors that organizations should consider when developing a robust incident response plan.

21st Century Cures Act driving FDA changes

Modern Healthcare | September 07, 2019

This article discussing the 21st Century Cures Act’s ongoing impact on the Food and Drug Administration’s approval process quotes Boston Government Investigations and White Collar Defense partner Hannah Bornstein and Chicago Health Care partner Valerie Montague.


Valerie Breslin Montague



Phone: 312-977-4485

Fax: 844-571-6775

Georgetown University Law Center, J.D.

Marquette University, Honors B.A., cum laude


U.S. District Court, Northern District of Illinois

U.S. Court of Appeals, Seventh Circuit

Valerie was selected, through a peer-review survey, for inclusion in The Best Lawyers in America® 2022 in the field of Healthcare Law, and was the Best Lawyers 2022 “Lawyer of the Year” in Chicago for Healthcare Law. Valerie has been listed in Best Lawyers since 2018.

Valerie has been named a Recognized Practitioner in Chambers USA: America’s Leading Lawyers for Business 2022 for Healthcare (Illinois). She has been recognized in Chambers in previous years. She is also recommended in The Legal 500 United States 2021 editorial for Healthcare—Service Providers, and has been recognized in previous years.

  • Member, CTeL Legal Resource Team
  • International Association of Privacy Professionals
  • American Bar Association
  • Chicago Bar Association
  • American Health Law Association, Vice Chair of Publishing, Health Information & Technology Practice Group
  • Illinois Association of Healthcare Attorneys, Education Committee Member
  • Past member, General PHI Workgroup, Illinois Health Information Exchange project
  • Admissions Volunteer, Marquette University
  • Past President, Marquette University Club of Chicago
  • Assisted a health and human services coalition with governance and contracting matters, as well as with obtaining federal income tax exemption
  • Work with an entity that abolishes patients’ medical debt on health information privacy issues
  • Obtained property tax exemption for a nonprofit organization that assists underprivileged teenaged mothers
  • Assisted a youth mentoring organization with organizational and federal income tax-exemption issues
Back to top