Prepare enterprise-wide AI governance initiative for a national healthcare provider, including Responsible AI Statement of Principles and Governance Policy.
Draft both developer and deployer policies for trustworthy AI grounded in the NIST AI Risk Management Framework.
Advise clients on U.S. Department of Health and Human Services (HHS) AI regulations for compliance with ONC rules governing Predictive Decision Support Interventions (PDSI) and the Office for Civil Rights (OCR) patient care decision support tools under the Affordable Care Act (ACA) nondiscrimination provisions.
Prepared Terms of Use to govern AI-driven solutions and data analytics products.
Provide counsel on AI licensing issues for compliance with HIPAA and healthcare regulations to enable innovative AI applications.
For over a decade, provided strategic risk and compliance guidance to a $20 billion healthcare technology market leader on machine learning and AI applications across the product and company life cycle (later acquired by a Fortune 15 company) to navigate legal and regulatory challenges in ambient clinical intelligence and mobile EHR with speech recognition/NLP.
Support development and deployment of AI/ML solutions to evaluate patient records against vast clinical databases and generate real-time clinical profiles for both tech companies and national health plan seeking phased deployment of AI technology.
Provide legal guidance on the regulatory framework for an AI solution integrating EHR data for real-time collaborative utilization review and predictive analytics to facilitate hospital health plan connectivity in compliance with federal regulations.
Counsel AI-driven clinical .and revenue cycle vendors on privacy, security, federal healthcare program compliance and anti-kickback risks across all stages of AI development and deployment.
Provide strategic guidance to health data platforms on product roadmap, data rights and intellectual property protections, compliance with customer contracts and privacy, security, and healthcare regulations governing technology vendor use of customer data.
Draft AI Terms of Use and data-rights clauses for multiple health-tech vendors and healthcare organizations.
Draft and negotiate agreements between providers and technology companies for AI/ML, natural language processing, DNA sequencing and genomic technologies, surgical robotics, robotic process automation, and remote patient monitoring.
Redraft tech-company MSA to strengthen data-sharing, data-rights, and AI-use provisions for scalable growth and product development.
Co-develop sandbox agreement template for piloting healthcare AI solutions to address unique contracting, risk allocation, and technology integration issues.
Negotiate AI development and collaboration agreement between Fortune 50 technology company and major academic medical center.
Negotiate licenses with upstream AI developers to preserve intellectual property rights while expanding algorithmic data rights.
Review data rights, transfer and protection clauses for Canadian AI company with strong U.S. customer base.
Negotiate hundreds of data and technology contracts for hospitals and physicians and develop procurement guidelines for multi-hospital systems.
Led incident response for dozens of nonprofit and for-profit health systems — including multi-state hacks and ransomware events affecting millions of patients — overseeing indemnity strategy, regulatory filings, patient notifications, safe system restoration, post-event contingency and security measures.
Provided onsite and remote legal counsel to high-profile vendors — including Fortune 500 and Fortune 10 subsidiary and service provider for a Fortune 5 client — during major PHI thefts and cross-border security incidents, coordinating customer communications, BAAs, and regulatory compliance strategies to minimize legal exposure and prevent litigation (both HIPAA low-probability-of-compromise assessments and multistate breach notification analysis and reporting).
Identify and map data and regulatory obligations for Security Incident Response plans and breach reporting policies for risk management and HIPAA compliance.
Represented dozens of covered entities and business associates under HIPAA in successfully resolving investigations of alleged privacy and security violations conducted by the HHS Office for Civil Rights (OCR) and the FTC.
Align telemedicine programs with Medicare Conditions of Participation, Joint Commission standards, and HIPAA privacy and security requirements and perform multi-state analyses of scope-of-practice, licensure, prescribing, fee-splitting, and federal healthcare program rules.
Advise certified EHR vendors, data analytics firms, and pharmacy-delivery platforms on direct-to-consumer strategies and patient engagement solutions under HIPAA, TCPA, and state law analogues.
Provide guidance on clinical documentation design and workflow optimization for AI-driven features for alignment with federal healthcare program documentation requirements and Medicare beneficiary inducement regulations.
Conduct internal investigations and compliance reviews on HIPAA privacy and security compliance.
Draft medical-staff bylaw provisions and hospital privileging and credentialing policies for distant-site telehealth providers to facilitate seamless integration into hospital workflows.
Provided HIPAA and compliance training onsite to dozens of hospitals.
Develop access and participation agreements and supporting policies to facilitate compliant EHR technology donations and online coordination with referral sources and continuity of care partners across the healthcare spectrum.
Draft and negotiate various community collaboration and clinically integrated network data-sharing agreements to enable secure medical record exchanges and shared public health technology across hospitals, providers, and community organizations.
Structure and negotiate telehealth, telestroke, and tele-ICU service agreements, addressing licensure, reimbursement, and other complex contractual issues.
Develop model contracts tailored for healthcare startups needing to address key regulatory and business considerations.