Privacy, AI governance, and security counsel for healthcare, legal, and education organizations.
Jeremy Harris
Jeremy Harris — JD, CISSP, CIPP/US, HCISPP. Twelve years in-house privacy and security counsel; retired Air Force Lieutenant Colonel. I think like a lawyer and deliver like an operator — the workflows, playbooks, and decision frameworks your team can run, not a report that restates the problem.
12+ yrs in-house counsel · 20 yrs military legal · JD + 3 certifications · Lt Col, USAF (Ret.)
Start where you are
I need a quick risk readout
Take a free readiness assessment and get a prioritized action list.
I want the templates and tools
Buy a toolkit with policies, checklists, workflows, and implementation materials.
I need help implementing
Work with JHarris Advisory to adapt, operationalize, and present the program.
Browse by sector
Incident Response
Breach triage, response playbooks, notification timelines, and tabletop readiness
Education
K-12 and higher-ed AI, student data, GLBA, FERPA
AI Governance
AI intake, risk tiering, approvals, vendor review
Healthcare
HIPAA privacy, security, vendor and incident readiness
Privacy
CCPA/CPRA, GDPR, data-use and sharing controls
Legal & Courts
AI use, citation verification, redaction records access
FEATURED GUIDE
HIPAA Security Rule NPRM: What's Proposed, What It Means, and What to Do Now
The complete readiness guide — proposed changes, 30/60/90-day plan, evidence checklist, and free assessment. Updated June 2026.
Read the Guide →
Featured toolkits
Most organizations deploying AI tools have no structured way to evaluate them. This bundle starts there. It's the intake, triage, and approval workflow built inside a large health system — the part that catches problematic use cases before they ship. Built for teams that want governance without bureaucracy: fast intake, clear risk assignment, documented accountability.
Who it's for: Organizations rolling out AI tools across teams without a formal review process. Best for companies asking "which AI decisions need oversight" and "who owns this if it fails.”
What's Included:
- Draft AI Use Policy
- AI Use Case Intake Form
- Risk Tiering Rubric
- Governance Playbook
- Required Artifacts Checklist
Want JHarris Advisory to implement these tools for your organization? Start with a scoping conversation @ https://jharrisadvisory.com/contact
Healthcare organizations live with HIPAA exposure every day. This toolkit gives you a working framework to catch compliance gaps before regulators do — the same triage model and checklists used inside a $14B health system. Built for compliance teams and general counsel who need to move past "we have a BAA" to "we've actually reviewed it."
Who it's for: Healthcare organizations with regulated data, shared patient information, or vendors handling PHI. Best for teams with compliance infrastructure in place but gaps in incident readiness and BAA review rigor.
What's Included:
- BAA Review Checklist
- HIPAA Incident Decision Support Worksheet
- OCR Audit Readiness Assessment
- PHI Data Handling Addendum
Want JHarris Advisory to implement these tools for your organization? Start with a scoping conversation @ https://jharrisadvisory.com/contact
Financial-aid data is GLBA "customer information," and any AI tool that touches it is in scope for the Safeguards Rule — with breach-notification deadlines to Federal Student Aid and the FTC. This kit gives you the written program with an AI overlay, the vendor controls, the breach runbook, and the institutional policy. Built by a former government attorney who ran security and privacy programs at scale.
Who it's for: CISO/CIO, General Counsel/compliance, and the financial-aid and research offices at universities and community colleges.
What's Included:
GLBA Safeguards Program + Breach Runbook (FSA/FTC timelines)
Institutional AI & Data Governance Policy
Risk Tiering + Required Controls
AI/EdTech Vendor Vetting (service-provider safeguards)
FERPA & CA Public-Records Handling; Incident & Breach Response
IRB / Research-Data AI Governance (universities)
Educational templates, not legal advice. Confirm current FTC/FSA requirements with your counsel and security office.
Want JHarris Advisory to implement these for your organization? Start with a scoping conversation @ jharrisadvisory.com/contact
Not sure where to start?
Take the free assessment that matches your organization