Cadigan participated in the early formation of federal information security requirements adopted by the Secretary of Health and Human Services (HHS) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Public Law 104-191), The HIPAA Security Rule specifically focuses on the safeguarding of electronic protected health information (EPHI). All HIPAA covered entities, which include some federal agencies, must comply with the Security Rule, which specifically focuses on protecting the confidentiality, integrity, and availability of EPHI, as defined in the Security Rule. The EPHI that a covered entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures. In addition to her work on the early iterations of HIPAA, Cadigan also contributed to Sarbanes Oxley and the Gramm-Leach-Bliley Act. The GLB Act protects the privacy of consumer information held by “financial institutions” is at the heart of the financial privacy provisions of the Gramm-Leach-Bliley Financial Modernization Act of 1999. The GLB Act requires companies to give consumers privacy notices that explain the institutions’ information-sharing practices. In turn, consumers have the right to limit some – but not all – sharing of their information.

Cadigan has participated in several successful data protection start-ups including SafeMessage and Zetta Systems both of which were successfully acquired. SafeMessage was acquired by its International Joint Venture partner, Securus Systems and Zetta by a leading and publicly held data protection company.