Articles & Presentations

Mt. Rainier National Park, Washington

Mt. Rainier National Park, Washington

John is a well-known author and speaker on information technology issues. Some of his significant recent pieces are listed below. Personal-use copies of some of his publications and presentations are available by request. If you are interested in a copy of one of these pieces please fill in this request form.

This page will be updated as new articles and presentations are published, and personal use copies of some will be made available upon request. Please check back if you are interested.

Books and Treatises

  • The HITECH Business Associate Contract Bible (ABA Health Law Section June 2013)
  • Contributor, BNA E-Health, Privacy, and Security Law (ABA Health Law Section 2011, 2012 supplement)
    • Chapter 7: Information Security and Breach Notification Under HIPAA and HITECH
  • Contributor, BNA E-Health Business and Transactional Law(ABA Health Law Section)
    • Chapter 3: Privacy; Sections: The Problem of Overlapping Laws and Standards, Protection of Electronic Health Information, 2006, 2007, 2008, 2009 and 2010 Cumulative Supplements
    • Chapter 3: Privacy; Sections: State Security Breach Notification Legislation, 2007, 2008, 2009 and 2010 Cumulative Supplements
    • Chapter 15:  Discovery and Admission of Electronic Information as Evidence, 2008, 2009 and 2010 Cumulative Supplements
  • Contributor, Introduction to Security under HIPAA(ABA Information Security Committee 2007)
    • Chapter 4:  Scope and Applicability of the Security Rule
  • An Integrated Standard of Care for Healthcare Information Security: Risk Management, HIPAA and Beyond (American Health Lawyers Association 2005)
  • Contributor, American Bar Association PKI Assessment Guidelines (ABA Information Security Committee 2003)
  • Contributor, Public Health Informatics and Information Systems(Springer-Verlag 2002)
    • Chapter 4:  The Governmental and Legislative Context of Informatics
  • Template for a Comprehensive Health Care Information Protection Agreement (Foundation for Health Care Quality/HealthKey 2001)
  • Co-author, HIPAA: A Practical Guide for Physician Practices (Washington State Medical Association, 2001)
  • Electronic Health Information Privacy and Security Compliance under HIPAA (the Health Insurance Portability and Accountability act of 1996) (American Health Lawyers Association 2000)

Articles and White Papers

  • HITECH Regulatory Traps for Healthcare Application Outsourcing and Cloud Services, 4 Information Security and Privacy News 1  (Summer 2013)
  • A Primer on Electronic Health Information Exchange Contracting Issues and Concepts (AHLA HIT News, March 2012)
  • State and Federal Consent Laws Affecting Interstate Health Information Exchange: A Report to the National Governors Association (National Governors Association 2011)(with Apgaar and Melamed)
  • Policy Strategies for Advancing Interstate Health Information Exchange (National Governors Association 2010)(with Apgar and Melamed))
  • Legal Speed Bumps on the Road to Health Information Exchange,  1 J. Health & Life Sci. 1 (January 2008)
  • Using Safe Harbors to Reduce Legal Barriers to Implementation of Electronic Health Records and Health Information Networks, Christiansen IT Law White Paper (November 2006)
  • Washington’s New Security Breach Notification Statute: A Partial Solution to Identity Theft? Agora White Paper for Washington State Office of the Attorney General (August 2005)
  • Enterprise Security: The Emerging Standard of Care for Healthcare Information Security, ABA Health eSource (June 2005)
  • Managing HIPAA Security Compliance:  Organizational Governance and Risk Acceptance, New Perspectives in Health Care Auditing (Fall 2004)
  • Offshore Outsourcing of PHI Processing: Is It Permitted Under HIPAA? Health Lawyers News (July 2004)
  • Why Health Care Information Isn’t Property – And Why That Is to Everyone’s Benefit, Health Law Digest (February 1999)
  • When Networks Collide:  Managing the Risks Arising from the Interaction of Healthcare and Information SystemsThe Health Lawyer (October 1998)
  • “Administrative Simplification” and the Forced March into the Digital Future, The Health Lawyer (August 1998)


  • “Uncoordinated Care: Information Sharing and the Interaction of HIPAA and the Health Care Information Act,” Health Care: A Brave New World of Integrations and Affiliations, Washington State  Bar Association Annual Conference (June 27, 2014)
  • “HIPAA Toolkit for Law Firms: Introduction and Overview,” American Bar Association Health Law Section Webinar  (June 26, 2014)(panelist)(CLE accredited)
  • “HIPAA, HITECH and Legal Ethics: What You Need to Know in 2014,” Washington State Society of Healthcare Attorneys Hospital and Health Law Seminar (April 25, 2014)(CLE accredited)
  • “You Mean HIPAA Applies to Lawyers? Keeping Data Safe, Clients Happy and Your License Secure,” American Bar Association Health Law Section Webinar  (April 21, 2014)(panelist)(CLE accredited)
  • “The Intersection of the HITECH Act and Omnibus Rule, and FDA Regulated Industries,”Organization of Regulatory and Clinical Associates (February 12, 2014)(CLE and CPE accredited)
  • “Headaches and Pitfalls in Business Associate Contract Management,” American Bar Association eHealth, Privacy & Security Committee Webinar (August 30, 2013)(CLE accredited); Information Security and Control Association (ISACA) Puget Sound Chapter (September 17, 2014) (CPE accredited)
  • “Negotiating an Electronic Health Record (EHR) Agreement: A Marriage Between Healthcare and Technology,” American Bar Association Health Law Section Webinar  (June 20, 2013)(panelist)(CLE accredited)
  • “Legal Risks and Ethical Problems for Lawyers under the HITECH Business Associate Rules,” Washington State Bar Association Health Law Section Annual Conference (June 13, 2013)(CLE accredited)
  • “Cloud Services and Related Big Data Issues: Healthcare Regulatory Traps for the Unwary,” Cloud Services and Related Bid Data Issues, Law Seminars International (April 29 – 30, 2013) (CLE accredited)
  • “Managing Mobile Medical Apps for HIPAA & HITECH Act Compliance,” HIPAA Privacy/Security Alert Audioconference (November 7, 2012, 2013)(CPE accredited)
  • “Outsourcing EHR Risks: Strategies and Tactics for Working with ASPs and the Cloud,” OCHIN 2012 Learning Forum (November 15, 2012) (CPE accredited)
  • “EHR Risk Management In the New IT Ecology,” OCHIN 2012 Learning Forum (November 15, 2012) (CPE accredited)
  • “The Emerging Ecology of Health Information: HIM in the Era of EHRs, HIE, HITECH , and Empowered Patients,” HIM Leadership Conference (June 2, 2012)(CPE accredited)
  • “Connecting Care Through Health Information Exchange: Legal Liabilities, Consents and the DURSA,” Washington State Health Information Management Association Annual Meeting (April 19, 2012)(CPE accredited)
  • Co-presenter, “Emerging Issues in Health Information Exchange,” American Bar Association Health Law Section (April 12, 2012)
  • “What You Don’t Know Can Hurt You: HIPAA Audits and Investigations,” Alaska Bar Association Health Law Group (March 1, 2012)(CLE accredited)
  • “The Ripple Effects of HHS Proposed Requirements for Accounting of Disclosures,” HIPAA Privacy/Security Alert Audioconference (July 12, 2011)(CPE accredited)
  • “HIPAA/HITECH Business Associates,” Economic Showdown in Healthcare, Washington State Bar Association (June 23, 2011) (CLE accredited)
  • “HIPAA Security for Employer Plans and Business Associates: A Framework for Compliance,” EBIA Teleconference (June 9, 2011) (CPE accredited)
  • Co-presenter, “HITRUST CSF Assurance Program: Simplifying the Meaningful Use Privacy and Security Risk Assessment,” HITRUST Audioconference (September 2010)
  • Co-presenter, “Policy Strategies for Advancing Interstate Health Information Exchange: A Report to the State Alliance for e-Health,” National Governors Association Audioconference (January 29, 2010)
  • Co-presenter, “Handling HITECH Headaches–Practical Solutions,” Washington State Society of Healthcare Attorneys Annual Meeting (November 7, 2009)(CLE accredited)
  • Program organizer and co-presenter, “Lawyers in the Compliance Crosshairs:  Avoiding New Penalties and Ethical Pitfalls When Using Health and Medical Information,” Washington State Bar Association (November 4, 2009)(CLE accredited)
  •  “Security Lessons for the Future from IT Architectures of the Past,” Information Security Compliance and Risk Management Institute 2009, University of Washington (September 16, 2009)(CLE/CPE accredited)
  •  “Electronic and Personal Health Records and Medical Risk Management: Managing the Missing Pieces,” Bureau of National Affairs Audioconference (May 28, 2009)(CPE accredited)
  •  “Managing Data; Reacting to Events,” Identity Theft and the FTC’s “Red Flags” Rules, Seattle University School of Law (March 20, 2009)(CLE accredited)
  •  “Leveraging Security Policies and Procedures for Electronic Evidence Discovery,” Information Security Compliance and Risk Management Institute 2008, University of Washington (September 11, 2008)(CLE/CPE accredited)
  • “The Future of Digital Information as Evidence and Implications for Information Security Practice and Technology,” Internet Security Forum, Second Annual ISF Americas Summit (May 14, 2008)
  • “EMRs, EHRs and PHRs: What’s the Difference, Why Do I Care, and What Can I Do About It?” Oregon Health Lawyers Association 2007 Health Law Update (December 14, 2007)(CLE accredited)
  • “Data Security on Portable Devices – A Disaster Waiting to Happen,” Washington State Society of Healthcare Attorneys Annual Meeting (November 9, 2007)(CLE accredited)
  • “Enterprise Risk Management and Information Security,” Information Security Compliance and Risk Management Institute 2007, University of Washington (September 17 – 18, 2007)(CLE/CPE accredited)
  • Co-presenter, “Do You Speak Fluent Geek? Ethical and Practical Considerations in Counseling Clients in Complex Healthcare IT Transactions,” American Bar Association Health Law Section Teleconference (August 15, 2007)(CLE accredited)
  • “HIPAA Security and Privacy: Ethical Issues in Privacy and Security Compliance,” HIPAA Security and Privacy Issues, Washington State Bar Association (April 19, 2007)(CLE accredited)
  • Panelist, “Privacy: Reconciling Reality,” Unintended Consequences of the Information Age Colloquium Series, University of Washington Center for Information Assurance and Cybersecurity (April 26, 2006)(CLE accredited)(CLE accredited)
  •  “The Nuts and Bolts of E-Prescribing,” American Health Lawyers Association Teleconference (December 1, 2005)(CLE accredited)
  • “Security Breach Notification Laws,” Information Systems Security Association/Puget Sound Chapter (July 21, 2005)(CPE accredited)
  •  “An Integrated Information Security Standard of Care,” Data Under Siege: Legal Issues in the Protection of Digital Information, Washington State Bar Association (June 8, 2005) (CLE/CPE accredited)
  • “Make Sure You’re Ready for HIPAA Privacy and Security Investigations,”9th Annual Compliance Strategies Conference (June 3, 2005) (CPE accredited)
  • Panelist, “Implementing Statewide Data Exchange in Washington,” Northwest Medical Informatics Conference (April 15, 2005)(CPE accredited)
  • “Legal and Organizational Issues in RHIO Formation and Management,” Northwest Medical Informatics Symposium (April 14, 2005)(CPE accredited)
  • “Self-Help on the Internet: The Law, Ethics and Tactics of Hacking Back Against Computer Attack,” American Bar Association Annual Meeting (August 7, 2004)(CLE accredited)
  • “Security Litigation Update,” Advanced Data Security II, Law Seminars International (June 28, 2004)(CLE accredited)
  •  “Using Electronic Medical Records and Clinical Email,” American Society of Medical Association Counsel Annual Meeting (December 12, 2003)(CLE accredited)
  • “Electronic Signatures and Court Documents,” Signing on the Digital Line III: Electronic Court Filing, King County Bar Association (December 2, 2003)(CLE accredited)
  •  “Outsourcing Physician HIT Functions: How to Play with Applications Services Providers (‘ASPs’) Without Being Bitten,” American Health Lawyers Association Physician and Physician Organizations Law Institute (April 21, 2002) (CLE accredited)
  • “Business Associates: Who’s Handling Your Patients’ Information?” American Medical Association Teleconference (March 27, 2002)(CME/CPE accredited)
  • “Legal Issues in the Creation and Use of Electronic Medical Records,” Linking Knowledge to Practice 2001: Using Computers to Solve Clinical Problems, Oregon Health & Sciences University (December 8, 2001)(CME accredited)
  •  “How Far Can the Government Go to Enforce Changes in Privacy and Security Practices in the Private Sector?” American Corporate Counsel Association (Washington Chapter) Annual Dinner (December 5, 2001)(CLE accredited)
  • “Analysis and Discussion of Legal Risks and Liabilities Arising from Cybercrime,” Computer Security and Cybercrime: Legal Risks and Responsibilities in a Dangerous World, King County Bar Association (December 5, 2001)(CLE accredited)
  •  “Ethical Issues for Lawyers Working with Electronic Documents and Signatures,” Signing on the Digital Line II: Electronic Signatures and Electronic Contracting, King County Bar Association (October 26, 2001)(CLE accredited)
  • “Ethical Issues and Risk Management for Lawyers Using Electronic Signatures,” Signing on the Digital Line, King County Bar Association, October 25, 2000 (CLE accredited)
  • “Legal Dilemmas Surrounding Personal Health Records and Personalized Health Content,” Medical Records Institute (September 13, 2000) (CPE accredited)
  • “Fundamentals of the Electronic Medical Record,” Institute on Health Information Technology, American Health Lawyers Association (May 7, 1999)(CLE accredited)
  •  “The Y2K Problem:  What It Is and Is It Really the End of the World?”  Institute on Hospitals and Health Systems, American Health Lawyers Association/American Hospital Association (February 12, 1999)(CLE accredited)
  •  “From Hippocrates to HIPAA:  Recognizing and Managing Health Care Information Risks,” Annual Meeting, Washington State Society of Healthcare Attorneys (November 6, 1998) (CLE accredited);  Annual Meeting, Oregon Academy of Health Attorneys/Oregon State Bar Association (December 11, 1998) (CLE accredited);  Annual Meeting, Washington State Health Information Management Association (May 15, 1999) (CPE accredited)

Request Articles & Presentations

Please complete the form below to request full length Articles & Presentations.

[theme_contact_form id="3"]

A Primer on Electronic Health Information Exchange Contracting Issues and Concepts