Mt. Baker, Washington

Mt. Baker, Washington

Representative Projects

Please scroll down for projects categorized under Regulatory Compliance, Risk Management/Dispute Resolution/Litigation, and Information Technology Contracting.

Regulatory Compliance.

  • Special Assistant Attorney General to state health care agency  on matters related to HIPAA, HITECH, privacy, security, information technology licensing, and health information exchange
  • Special Assistant Attorney General to state  agency  on health insurance exchange matters
  • Regulatory analysis and recommendations for Washington State Health Benefit Exchange compliance
  • Regulatory compliance and risk management for genomic information service supporting diagnostic and treatment decisions
  • Lead security advisor in development and implementation of major genomics research database for new academic institute for leading state university system under Federal regulatory oversight subject to FISMA  and California state law requirements.
  • Social media and portable device risk analysis and policy development for regional medical center including community hospital, multiple clinics and related facilities.
  • Security breach harm analysis for determining requirements and scope of breach notification under HITECH and state laws – multiple projects, different organizations.
  • Privacy and security analysis and development of recommendations and opinions for mobile transactions network services provider for healthcare, financial, consumer and other sensitive transactions and activities
  • HIPAA Privacy Subject Matter Expert supporting U.S. Department of Health and Human Services Offices of Civil Rights (“OCR”) and ONC Comprehensive Campaign for Communication and Education About the HITECH Act.
  • Special Assistant Attorney General to Washington State Health Care Authority for health care information security issues under HIPAA, HITECH, health record banks and health information exchange.
  • Prime contractor/project lead for National Governors Association Center for Best Practices State Alliance for e-Health Policy study, Policy Strategies for Advancing Interstate Health Information Exchange (NGA 2010): Research and analysis of state-based policy solutions to legal variations affecting interstate health information exchange, funded by ONCology.
  • HIPAA/HITECH review and assessment of major commercial institutional review board (“IRB”) and development of recommendations and opinions for compliance
  • Project lead in reorganization of information security program and revision and supplementation of security policies for purposes of compliance with federal and state laws for major multi-state health system.
  • Development and negotiation of new contract forms to incorporate new privacy, security and business associate contract requirements of HITECH for startup regional health information organization (“RHIO”).
  • Review and updating of pharmacy chain privacy and security policies and procedures to ensure compliance with HITECH.
  • Development and implementation of policies and procedures for leading health law firm compliance with new business associate requirements under HITECH
  • Team leader for HIPAA privacy and security gap analyses, risk assessments, and risk mitigation recommendation development for organizations including healthcare components of complex Fortune 100 hybrid entity, health care clearinghouse, data services providers, etc.
  • Gap analysis, risk assessment, development of privacy notices and privacy/security policies and procedures for compliance with European Union Safe Harbor for rapidly expanding sensitive data analysis services provider.
  • Adviser to several major healthcare organizations on compliance with HIPAA privacy and security regulations, including notice, policy and procedures development, compliance oversight, coordination with information security, records management and operational personnel, etc.
  • Adviser on coordinated Gramm-Leach-Bliley and HIPAA privacy and security compliance strategies to health insurance company and health maintenance organization (“HMO”).
  • Development of regulatory strategies, contractual structures and notices and policies for Internet consumer health records and medical expert systems.
  • Development of policies, procedures and technical protocols for physician-patient email for major hospital, for major health maintenance organization, and for secure messaging services vendor.
  • Development of privacy and security policies and procedures for consumer-oriented electronic commerce transaction fulfillment company.

Risk Management, Dispute Resolution and Litigation.

Note:    I am not currently a trial lawyer, but provide litigation support and expert witness services in cases involving privacy, security and IT-related matters. I did serve as trial and appellate counsel in a substantial number of cases through the mid-1990s, and so am familiar with the dynamics, strategies and tactical needs of litigation. Representative project in these areas include:

  • Expert witness for health plan in litigation against security consulting firm for allegedly inadequate HIPAA security assessment and remediation.
  • Expert witness in arbitration involving allegations of healthcare provider misuse of protected patient information.
  • Subject matter expert support to hospital defense counsel in litigation arising from allegedly inadequate security for clinical records database, allowing alteration and defamatory misuse of patient information.
  • Liability analysis and negotiation on behalf of multi-site healthcare provider against claimants alleging privacy violations caused by network security failure.
  • Liability analysis and negotiation support for healthcare services support company against employee alleging discriminatory misuse of healthcare information obtained through unauthorized system usage.
  • Strategic and tactical adviser to major international technology company in responding to security breach exposing highly sensitive, confidential employee information.
  • Development of security incident response policies, procedures and documentation forms for healthcare and financial services organizations, including strategies for coordination with security professionals, law enforcement and regulatory agencies.

Information Technology Contracting.

  • Health information exchange (“HIE”) contract and regulatory compliance: Multiple projects, various local and regional HIE operators and health systems.
  • Advisor to multi-state HIE group on federation and interoperation of HIEs to enable inter-HIE transactions.
  • Master services agreement and related documentation for multi-state hospital information services application services provider (“ASP”), providing comprehensive hosted and supported information services including electronic health records and other clinical applications, administrative and billing applications.
  • Clinical data sharing agreements for quality assurance and protocol development repository serving multiple hospitals.
  • Government contracting, including technology privatization, technology development for government acquisition, services level agreements for hosted governmental IT services, etc.
  • Business associate and services provider contracting for regulatory compliance for outsourced information services for healthcare and financial institution, for compliance with HIPAA and Gramm-Leach-Bliley.
  • Electronic medical/health records system contracting, including representation of EMR vendor in contract negotiations, representation of physician practices, and representation of “safety net provider” consortium in contracting for custom services development and services level agreement development and management.
  • Health information network usage and clinical information sharing agreements, including agreements for services, data and network segment access rights, user authentication, relying party agreements, etc.
  • Development and negotiation of policy and contract documents for public key infrastructures (“PKI”) for project including State of Washington information resources access control, software “code signing,” healthcare provider credentials for online authentication, and access control for healthcare information networks.
  • Development of agreements, data access authorization forms and online execution processes, and privacy and security regulation-compliant data mining of healthcare and financial organization databases for third-party consumer information verification service.
  • Development of master template for healthcare information sharing contract, including regulatory compliance, allocation of liabilities and obligations, accompanied by commentary and citations to applicable law. (HealthKey Template – scroll down at link.)

For more information or to discuss potential projects please call me at my contact number, drop me an email, or send me a query through the following form. Please note that sending me a query does not establish attorney-client confidentiality or privilege, and does not guarantee I will represent you or your organization. Legal representation requires that I ensure there are no conflicts of interest and our agreement on an appropriate scope of work, fees and other terms. However, I do not charge a fee for discussion of potential representation – including whether or not you really need my help – subject to confirmation there are no conflicts of interest.

[theme_contact_form id="2"]