I am a specialist in both privacy and health regulatory law, advising clients operating in complex, high‑risk and highly regulated environments. My practice sits at the intersection of health regulation and data governance, with a particular focus on complex regulatory frameworks and managing privacy risk in the delivery of health services and the use of sensitive information.  

I work with clients to design and implement privacy governance frameworks, privacy impact assessments and data sharing arrangements, particularly in the context of emerging technologies and large-scale data initiatives. My experience includes advising on data breach response, regulatory investigations and enforcement action, and embedding privacy-by-design into complex operational environments.  

My health regulatory practice focuses on advising organisations on how to assess and manage health regulatory risk, respond to complaints and enforcement action from regulators; advise on capacity, consent and substitute decision-making; support health services in parens patriae applications; navigate and interpreted legislation in complex regulatory environments including in relation to medicines and poisons regulation, pharmacy business ownership, transplantation and donor matters, assisted reproductive technology and therapeutic goods compliance.   

I seek to combine technical expertise with a pragmatic, risk-based approach, enabling clients to confidently manage regulatory obligations while supporting innovation.

Career highlights

• Delivered enterprise‑wide privacy compliance reviews for major public sector organisations, assessing obligations under new privacy regimes (including the Information Privacy and Other Legislation Amendment Act 2023 (Qld), the Privacy and Responsible Information Sharing Act 2024 (WA) and the General Data Protection Regulation) and recommending practical uplift pathways. 
• Supported government agencies, hospitals, digital health providers and technology companies with complex data‑sharing and governance arrangements, including drafting and negotiating data‑sharing agreements for national health data initiatives. 
• Conducted health regulatory due diligence on significant healthcare acquisitions — including a $1.64 billion digital health transaction and both health regulatory and privacy due diligence on the purchase of two private hospitals — advising on regulatory risk, transition planning and compliance integration. 
• Assisted health services in urgent and precedent‑setting parens patriae applications, including securing court authorisation for a full protocol of care in a single application and obtaining urgent transfer orders for an incapacitous patient under historic legislation. 
• Guided numerous private and public sector clients on the management of high-profile data breaches, including in the superannuation, professional services, health and government sectors. Together with our cyber consulting team, providing end-to-end technical, forensic and legal services. 
• Advising private health providers on privacy obligations and mitigation of risks on use of artificial intelligence (AI) in the provision of health services and management of health records.