Data Sharing in Healthcare: Navigating HIPAA and State Law, Structuring Data Sharing Agreements

Ms. Peters is recognized by the healthcare industry as a preeminent thinker and speaker on data privacy and security, particularly with regard to HIPAA, the HITECH Act, the 21st Century Cures Act, the Genetic Information Nondiscrimination Act (GINA), the Privacy Act, and emerging cyber threats to health data. For over a decade, Ms. Peters both developed health information privacy and security policy, including on emerging technologies and cyber threats, for the Department of Health and Human Services, and enforced HIPAA regulations through spearheading multi-million-dollar settlement agreements and civil money penalties pursuant to HIPAA. She also focused on training individuals in both the private and public sector, including compliance investigators, auditors, and State Attorneys General, on HIPAA regulations and policy, and on good data privacy and security practices. As a CISSP, Ms. Peters works hard to bridge the gap between legal requirements for the security of health data and security industry best practices, so that clients can better understand data security issues and jargon.

Mr. Shah advises clients on privacy, cybersecurity, and data protection laws and regulations, as well as healthcare fraud and abuse matters and government investigations relating to health information technology. He counsels clients on digital health and data asset management strategies and related compliance issues. Mr. Shah’s work focuses on defense and counseling of healthcare entities on legal and regulatory compliance issues around privacy, cybersecurity, and data asset management. He has extensive experience with legal issues related to health information technology, big data analytics, and digital health strategies. He provides compliance counseling, establishes and evaluates compliance programs, conducts privacy and security risk assessments, establishes compliant contracting strategies to build trust networks, and responds to data breaches. Mr. Shah is a Certified CSF Practitioner, a designation given by the Health Information Trust Alliance, an organization that provides training to develop and maintain effective security programs for healthcare and life sciences companies that comply with security laws, regulations, and standards, including HITECH, HIPAA, PCI, JCAHO, CMS, ISO, NIST, and various other federal, state, and business requirements. He is also recognized by the Healthcare Information and Management Systems Society as a Certified Professional in Healthcare Information and Management Systems (CPHIMS). Mr. Shah is also recognized by the International Association of Privacy Professionals as a Certified Information Privacy Professional in the United States.