Daniel counsels healthcare clients regarding compliance with US federal and state and international privacy, security, breach notification and information blocking laws, including the Health Insurance Portability and Accountability Act (HIPAA), 21st Century Cures Act, California Consumer Privacy Act (CCPA), Telephone Consumer Protection Act, CAN-SPAM and EU General Data Protection Regulation (GDPR). He offers guidance on the intersection of privacy and security requirements with information blocking prohibitions under the 21st Century Cures Act and Medicare rules impacting the deployment of health information technology.

Daniel has deep experience regarding requirements for de-identification, anonymization and other secondary uses of health information under HIPAA, CCPA and GDPR. Daniel regularly advises clients regarding their response to cyberattacks and other security breaches, and defends against subsequent investigations by state regulators and the US Department of Health and Human Services Office for Civil Rights.

He advises healthcare clients on all aspects of data and software licenses and other agreements for the acquisition of electronic health record (EHR) systems and other mission-critical health IT and health content. He drafts and negotiates hosting, cloud computing and IT service agreements, as well as license agreements for health data and other health content.

Daniel assists with compliance program implementations, compliance audits, and government program overpayment and refund matters, including drafting billing compliance policies and procedures. He also counsels clients on compliance with Medicare and Medicaid reimbursement, fraud and abuse laws; the PhRMA Code on Interactions with Health Care Professionals; and the AdvaMed Code of Ethics on Interactions with Health Care Professionals.

Show Less

• Advised multiple service providers that aggregate de-identified health data from healthcare provider customers on the requirements for de-identification under HIPAA’s expert determination de-identification method
• Represented surgical medical device company on a collaboration involving the use of de-identified medical record and medical device data to improve quality of surgical care
• Advised many colleges and universities, academic medical centers, health plans, health IT vendors and life sciences companies regarding the applicability of GDPR, legal basis for processing personal data, notices and consents, and other GDPR implementation matters
• Advised healthcare providers, health plans and health IT vendors on all aspects of responding to security breaches, including internal investigations, drafting breach notification letters, drafting breach reports to regulators, developing corrective action plans, and defending against investigations and subsequent consumer class action litigation
• Served as Medicare reimbursement counsel in defense of whistleblower actions under the False Claims Act alleging Medicare billing, Stark Law and Anti-Kickback Statute violations

Show Less

• Acritas Stars, Independently Rated Lawyers, 2020
• Health Data Management, 50 Top Healthcare IT Experts, 2015

Show Less