Experience
  • Breach Incident Response
      • Provided counsel as part of incident response/HIPAA breach notice team, including national providers, with state by state analysis of HIPAA and breach reporting.
      • Assisted security consultants regarding assessment of HIPAA standards and implementation specifications.
      • Represented U.S. company in managing 50-state analysis and reporting of HIPAA privacy and security and date breach reporting.
      • Assisted clients with regulatory issues related to breach notification and reporting to OCR (large and small breaches) as well as state attorneys general and health oversight agencies.
      • Conducted HIPAA breach incident response reviews.
      • Assisted Florida clients with breach investigations and notifications under the Florida Information Protection Act of 2014.
      • Assisted large multi-specialty physician group with investigation of employee theft and unauthorized disclosure of protected health information.
  • Privacy, Confidentiality, HIPAA and Data Security Issues
      • Represented covered entities and business associates in U.S. Department of Health and Human Services Office for Civil Rights (OCR) complaint investigations and HIPAA privacy and security compliance reviews.
      • Advised healthcare providers, plans and clearinghouses on state and federal medical privacy and security rules, including compliance with HIPAA privacy and security, behavioral health, substance abuse, genetic testing, minors and HIV laws.
      • Developed programs to meet the rigors of HIPAA medical privacy and security rules, including training materials, compliance policies, and related forms (notices of privacy practices, business associate agreements, data security agreements, patient consent, and other HIPAA templates).
      • Assisted numerous healthcare industry clients with revisions to policies and procedures, business associate agreements and Notices of Privacy Practices in light of the HITECH Omnibus Rule.
      • Developed and reviewed website development and hosting agreements, website privacy policies and end user license agreements (EULAs), as well as web linking agreements.
      • Successfully represented business associate in obtaining dismissal of FTC allegations of Section 5 deception claims.
      • Served as outside HIPAA compliance counsel to large national provider of post-acute care services (nursing and rehab centers, inpatient rehab hospitals, long-term acute care hospitals, subacute units, assisted living and therapy providers).
      • Assessed HIPAA compliance at long term care facilities managed by three different operators and develop plans for moving facilities to compliance with HITECH privacy, breach notice and security standards.
      • Counseled company on legal issues relating to preservation and destruction of records for psychiatric hospital closure.
      • Provided advice and counsel on special issues related to HIV, mental health, substance abuse, genetic testing and minors.
      • Performed regulatory landscape analysis for business model of personal health record (PHR) vendor.
      • Prepared and negotiated numerous privacy, confidentiality, data use agreements and data security contracts for hospitals, nursing centers, surgery centers, clinics, medical practices and research organizations.
      • Counseled U.S.-based clinical research organization, located in 80 countries, with respect to privacy laws, data transfer, breach reporting, and U.S.-E.U. Safe Harbor certification.
      • Assisted clinical research teams on matters related to HIPAA, informed consent, and record retention.
      • Prepared patient consent and authorization forms for acute care and substance abuse facilities.
      • Advised healthcare industry clients on the description of and risks associated with health information privacy and security laws for securities filings and private placement memoranda.
      • Assisted large regional assisted living facility in implementing a privacy and security compliance program.
      • Reviewed and negotiated business associate arrangements related to the use and disclosure of protected health information, and assisted covered entities in evaluating data breaches by subcontracted business associates.
      • Assisted large regional health system in reviewing and analyzing third party requests for protected health information, including application for protective orders when necessary.
      • Advised clients undergoing a merger or acquisition involving the sale or purchase of protected health information.
      • Assisted non-profit health system in implementing HIPAA-compliant fundraising and marketing endeavors.
  • Electronic Health Records and Meaningful Use
      • Represented hospitals before CMS and PRRB in payment appeals dealing with submission of quality data.
      • Drafted and negotiated EHR participation agreements between hospitals and physicians.
      • Prepared language for vendor certification related to Meaningful Use of EHR for purposes of Medicare and Medicaid EHR Incentive System.
      • Assisted physician practice with analysis of CMS EHR Meaningful Use certification and potential repayment.
      • Reviewed multi-state compliance with Medicaid EHR Meaningful Use requirements for national provider of dental clinics.
      • Assisted eligible hospitals and eligible professionals with EHR meaningful use audits.
  • Health IT Acquisition
      • Prepared IT contracting standards and guidelines for legal review of information technology, services and hardware for multi-hospital system.
      • Evaluated RFP responses from vendors, negotiated software agreements, as well as drafted many software development licensing, remote access, distribution, services, support and enhancement agreements.
      • Negotiated numerous software and hardware vendor contracts for hospitals, physicians, including EPIC EHR system.
      • Resolved technology issues, telemedicine licensure, regulatory, reimbursement and contractual issues for high technology manufacturers, distributors, and providers.
      • Assisted vendor with software design for reimbursement documentation compliance and prepared contracts for hospital software and services.
      • Prepared template for healthcare software and services firm in the clinical documentation improvement arena.
      • Prepared and negotiated various software licenses and support and maintenance agreement on behalf of healthcare software vendor, including upfront license fee and subscription-based arrangements.
      • Served as general counsel to producer of online CME and interactive medical imaging simulations and negotiated sponsor agreements for online medical education company.
      • Advised electronic medical record vendor on design issues related to documentation needed for patient encounters payable by Medicare.
      • Prepared customer agreements for Personal Health Record (PHR) vendor.
      • Resolved technology issues, telemedicine licensure, regulatory, reimbursement and contractual issues for technology manufacturers, distributors, and providers.
      • Negotiated and prepared utilization and licensing agreements for hospital management information system software.
      • Negotiated digital imaging and radiology (PACs) agreements.
      • Represented companies in licensing a variety of technologies from research universities.
      • Prepared and negotiated technology distribution agreements.
  • Health Information Exchange and Data Sharing
      • Counseled regional health information organizations and community-based organizations to provide for medical record exchange among hospitals and providers, including preparation of data-sharing agreements and business associate agreements.
      • Counseled national provider on participation of its facilities in health information exchange organizations in ten states, including review and negotiation of participation agreements and analysis of consent requirements.
      • Prepared data sharing plan for Medicare Shared Savings Program (MSSP) Accountable Care Organization (ACO).
      • Negotiated data use agreements for de-identified data and limited data set agreements for providers, researchers and registry.
      • Reviewed hospital participation agreements in state-wide health exchange organizations.
      • Assisted national companies, health systems, and accountable care organizations in implementing HIPAA-compliant Organized Health Care Arrangements (OHCAs).
      • Revised trading partner (EDI) agreements for security provisions.
      • Counseled community-based quality initiative on data sharing agreements among competing hospitals.
      • Reviewed federated vs. distributed data models for regional health information organizations (RHIOs).
      • Prepared Stark-compliant electronic health record-sharing systems with physicians.
  • Digital Health and Telemedicine
      • Reviewed telemedicine and tele-ICU agreements for healthcare providers.
      • Drafted medical staff bylaws provisions for privileging and credentialing of distant site providers.
      • Represented distant-site telemedicine entity in compliance with The Joint Commission and Medicare standards.
      • Assisted start-up telemedicine company with HIPAA privacy and security requirements, including model form contract arrangements.
      • Prepared services agreements for telemedicine vendor.