John F. Howard

Senior Attorney

jfhoward@clarkhill.com

Scottsdale
+1 480.684.1133

John F. Howard is a passionate advocate and legal advisor for organizations, ranging from local startups to Fortune 100 companies, navigating the complexities associated with protecting information in today’s business and regulatory environments. Using his experience in privacy, cybersecurity, and regulatory compliance he guides his clients as they address issues such as data breaches, privacy and cybersecurity maturation, and business transactions.

John appreciates that business requires a balanced approach to addressing emerging legal and compliance issues while keeping the goals of the business in mind. John’s risk management style utilizes this understanding to guide clients in developing effective incident response plans, risk management structures, polices, and procedures.

John has extensive experience in information technology, regulatory compliance, and program building having served as the Director of the HIPAA Privacy Program, the HIPAA Security Officer, and the HIPAA Privacy Officer at a large R1 public university. He is frequently called upon to help guide executive leadership through complex issues.

In addition to being able to speak the language of executive leadership, John is also a Certified Information Privacy Professional (CIPP/US) and Certified Information Privacy Manager (CIPM) with experience in compliance with multiple information privacy and security regulations, including the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), and the EU’s General Data Protection Regulation (GDPR).

John also spent over a decade working in information technology at an academic medical center and medical school in multiple roles including as a systems analyst and a risk assessment manager. He currently teaches Data Privacy and Cybersecurity in Healthcare at the James E Rogers College of Law and regularly serves as a guest lecturer at Northern Arizona University.

Practice Areas

Education

J.D., University of Arizona James E. Rogers College of Law, Tuscon, Arizona, 2017, Certificate in International Economic Law & Policy

M.A., University of Arizona James E. Rogers College of Law, Tuscon, Arizona, 2014, Legal Studies

B.A., cum laude, University of Arizona, Tucson, Arizona, 2012, Media Arts

Recognitions

Named among Best Lawyers: Ones to Watch® for Privacy and Data Security Law (2026); Technology Law (2026) by Best Lawyers

State Bar Licenses

Arizona

Articles & Alerts

Quoted, “TikTok’s US Venture Enters New Phase of Privacy Scrutiny,” Bloomberg Law (January 28, 2026)
Quoted, “ICE and Palantir: US agents using health data to hunt ‘illegal immigrants’,” The BMJ (January 27, 2026)
Quoted, “States Passing New Restrictions on Health Data Sharing,” Healthcare Risk Management (January 1, 2026)
Author, “Transmission Security Has A Critical Role In Healthcare,” Law360 (September 16, 2025)
Quoted – “Lawsuit: Amazon Violated Washington State Health Data Law,” Healthcare Info Security (February 25, 2025)
Quoted, “Practices no longer off-limits to ICE raids; know your rights,” Part B News (February 3, 2025)
Co-author, “Updated HIPAA Rule Is A Necessary Step For Data Protection,” Law360 (January 10, 2025)
Quoted, “Healthcare Now Third-Most Targeted Industry for Ransomware,” Secureworld (November 14, 2024)
Co-author, “How Tech Trackers May Implicate HIPAA After Hospital Ruling,” Law360 (July 16, 2024)
Co-author, “HHS Bulletin on Online Tracking Technologies Declared Unlawful: What Covered Entities and Business Associates Need to Know About the AHA Lawsuit” (June 25, 2024)
Quoted, “OCR Investigates Change Healthcare After Major Cyber Incident,” Healthcare Risk Management (June 1, 2024)
Quoted, “AI Creates Liability Risks for Healthcare Organizations,” Healthcare Risk Management (March 1, 2024)
Co-author, “OIG Releases Final Rule for Information Blocking Penalties” (July 31, 2023)
Quoted, Applicability of HIPAA for out of state records requests, IndyStar (July 25, 2023)
Co-author, “What To Know About New Nevada Consumer Health Data Privacy Bill” (July 14, 2023)
Co-author, “Cyberthreats and K-12: EdTech Third Party Risk Management Checklist” (June 27, 2023)
Co-author, “FTC Continues To Enforce Child Online Privacy Protections” (June 26, 2023)
Co-author, “How Will the End of HIPAA Enforcement Discretion Affect Covered Entities When the Public Health Emergency Expires on May 11?” (April 28, 2023)
Co-author, “End of Year Website Audit Recommended to Ensure CPRA Compliance” (December 6, 2022)
Quoted, “Big Penalties for Right to Access Initiative,” Healthcare Risk Management (December 1, 2022)
Co-author, “With Recent Settlements, HHS OCR’s HIPAA Right of Access Initiative Continues To Be a Focus of Enforcement” (September 19, 2022)

Presentations

Co-presenter, “Charting the Future: Legal Considerations for Healthcare Providers in the Age of AI and Cyber Challenges,” Clark Hill Healthcare Summit (December 5, 2023)

Legal Updates

California Imposes Largest CCPA Fine to Date on Disney

February 13, 2026