Representative Projects
Please scroll down for projects categorized under Regulatory Compliance, Risk Management/Dispute Resolution/Litigation, and Information Technology Contracting.
Regulatory Compliance.
- Project lead in reorganization of information security program and revision and supplementation of security policies for purposes of compliance with federal and state laws for major multi-state health system.
- Team leader for HIPAA privacy and security gap analyses, risk assessments, and risk mitigation recommendation development for organizations including healthcare components of complex Fortune 100 hybrid entity, health care clearinghouse, data services providers, etc.
- Gap analysis, risk assessment, development of privacy notices and privacy/security policies and procedures for compliance with European Union Safe Harbor for rapidly expanding sensitive data analysis services provider.
- Advisor to several major healthcare organizations on compliance with HIPAA privacy and security regulations, including notice, policy and procedures development, compliance oversight, coordination with information security, records management and operational personnel, etc.
- Advisor on coordinated Gramm-Leach-Bliley and HIPAA privacy and security compliance strategies to health insurance company and health maintenance organization ("HMO").
- Development of regulatory strategies, contractual structures and notices and policies for Internet consumer health records and medical expert systems.
- Development of policies, procedures and technical protocols for physician-patient email for major hospital, for major health maintenance organization, and for secure messaging services vendor.
- Development of privacy and security policies and procedures for consumer-oriented electronic commerce transaction fulfillment company.
Risk Management, Dispute Resolution and Litigation.
Note: I am not currently a trial lawyer, but provide litigation support and expert witness services in cases involving privacy, security and IT-related matters. I did serve as trial and appellate counsel in a substantial number of cases through the mid-1990s, and so am familiar with the dymanics, strategies and tactical needs of litigation. Representative project in these areas include:
- Expert witness in arbitration involving allegations of healthcare provider misuse of protected patient information.
- Subject matter expert support to hospital defense counsel in litigation arising from allegedly inadequate security for clinical records database, allowing alteration and defamatory misuse of patient information.
- Liability analysis and negotiation on behalf of multi-site healthcare provider against claimants alleging privacy violations caused by network security failure.
- Liability analysis and negotiaton support for healthcare services support company against employee alleging discriminatory misuse of healthcare information obtained through unauthorized system usage.
- Strategic and tactical advisor to major international technology company in responding to security breach exposing highly sensitive, confidential employee information.
- Development of security incident response policies, procedures and documentation forms for healthcare and financial services organizations, including strategies for coordination with security professionals, law enforcement and regulatory agencies.
Information Technology Contracting.
- Master services agreement and related documentation for multi-state hospital information services application services provider ("ASP"), providing comprehensive hosted and supported information services including electronic health records and other clinical applications, administrative and billing applications.
- Clinical data sharing agreements for quality assurance and protocol development repository serving multiple hospitals.
- Government contracting, including technology privatization, technology development for government acquisition, services level agreements for hosted governmental IT services, etc.
- Business associate and services provider contracting for regulatory compliance for outsourced information services for healthcare and financial institution, for compliance with HIPAA and Gramm-Leach-Bliley.
- Electronic medical/health records system contracting, including representation of EMR vendor in contract negotiations, representation of physician practices, and representation of "safety net provider" consortium in contracting for custom services development and services level agreement development and management.
- Health information network usage and clinical information sharing agreements, including agreements for services, data and network segment access rights, user authentication, relying party agreements, etc.
- Development and negotiation of policy and contract documents for public key infrastructures ("PKI") for project including State of Washington information resources access control, software "code signing," healthcare provider credentials for online authentication, and access control for healthcare information networks.
- Development of agreements, data access authorization forms and online execution processes, and privacy and security regulation-compliant data mining of healthcare and financial organization databases for third-party consumer information verification service.
- Development of master template for healthcare information sharing contract, including regulatory compliance, allocation of liabilities and obligations, accompanied by commentary and citations to applicable law. (HealthKey Template - scroll down.)
A more detailed list of projects is available upon request: