Conducting a Security Risk Analysis Under Legal Privilege

Attorney Adam Greene of Davis Wright Tremaine Outlines the Pros and Cons Marianne Kolbasuk McGee (HealthInfoSec) • March 13, 2026 11 Minutes

Attorneys can conduct security risks assessments under the color of client privilege, making it less likely to surface in discovery during litigation. But healthcare firms should consider the cons, as well as the pros, before they take that route, said attorney Adam Greene, partner at the law firm Davis Wright Tremaine.

A security risk assessment conducted under privilege by an attorney or legal counsel has certain protections so that the findings cannot be "readily used against you," he said.

"Anytime you're doing a risk assessment and you might get negative things identified that you wouldn't want in the hands of a plaintiff's attorney in a breach case, for example," he said in an interview with Information Security Media ...