Valerie Breslin Montague

What do you focus on?

I focus my practice on three main areas.

HIPAA/Health Information Privacy and Security

I assist health care providers and business associates of all types to comply with the requirements of HIPAA and the HITECH Act, from the development of policies and workforce training to analysis and notification of breaches to guidance through Office for Civil Rights (OCR) investigations. I also advise vendors initiating arrangements with health care entities on whether their business triggers HIPAA.

Beyond HIPAA, I counsel health care providers on compliance with other federal and state health information confidentiality requirements, as well as cybersecurity best practices.

Regulatory Compliance

I advise hospital systems, skilled nursing facilities, physician practices and other health care providers on compliance with the Stark Law and the Anti-Kickback Statute, as well as state laws prohibiting self-referrals and fraud and abuse. In Illinois, I work with facilities to navigate Certificate of Need (CON), corporate practice of medicine, telehealth and licensure requirements.

Nonprofit Governance and Tax Exemption

I work with tax-exempt entities in all industries to obtain and maintain federal income tax-exempt status, including group exemptions and reinstatement of tax-exempt status. I advise tax-exempt entities on structure and governance issues as they expand their service lines, create new entities and enter into transactions with third parties, including joint ventures and the creation of for-profit subsidiaries. I also assist tax-exempt hospitals with compliance with Internal Revenue Service (IRS) and state law requirements governing financial assistance and community benefit activities.

What do you see on the horizon?

As more digital health vendors enter the marketplace in response to patient demand for more convenient and accessible care, both vendors and the providers using these tools will face ever increasing regulatory requirements encompassing everything from privacy and security to licensing to FDA compliance.

Presentations

• Presenter, “Data Breaches: Regulation, Enforcement and Lessons Learned,” Nixon Peabody Chicago CLE Day, June 6, 2019
• Moderator, “HHS Health Industry Cybersecurity Practices,” American Health Lawyers Association, Health Information Technology Practice Group, March 27, 2019 
• Presenter, “Limiting Risk When Outsourcing: Vendor Management Best Practices,” 2018 Nixon Peabody Chicago CLE Symposium, June 7, 2018.
• Panelist, “Health Care Privacy and Cybersecurity,” Bloomberg Law, Chicago, September 27, 2017
• Presenter, “Legal Ethics for Health Care Attorneys,” Chicago Bar Association, Health Law Committee, March 22, 2017
• Presenter, “Data Privacy and Data Use and Disclosure: Mutually Exclusive Concepts?” Northwestern University INVO Seminar, Chicago, Illinois, February 6, 2017
• Co-presenter, “Cybersecurity Threats, Enforcement Trends and Practical Challenges,” American Health Lawyers Association (AHLA) Physicians and Hospitals Law Institute, Orlando, Florida, February 3, 2017
• Panelist, “Healthcare Under Cyber Siege Panel,”  BDO Center for Healthcare Excellence & Innovation, November 3, 2016.
• Co-presenter, “Select Regulatory Compliance Matters & Implicated Rules of Professional Conduct”, CLE Presentation to Medical Device client during their Law Day event, August 2016
• Moderator, “Navigating a Breach Incident at the Business Associate Level: Reporting, Investigation, and Mitigation Strategies,” American Health Lawyers Association, February 2016
• Panelist, “HIPAA: The Tentacles Expand,” First Illinois Healthcare Financial Management Association Spring Summit, April 2014
• Presenter, “Battle of the BAAs: Balancing Interests in Negotiating BAAs,” Illinois Association of Healthcare Attorneys, 31st Annual Health Law Symposium, November 2013
• Presenter, “What You Should Know About Federally Qualified Health Centers,” Chicago Bar Association, Health Law Committee, June 2013
• Presenter, “HIPAA Compliance in 2012,” Chicago Bar Association, YLS Health & Hospital Law Committee, May 2012
• Moderator, “Social Media Bootcamp Webinar Series, Level II, Part II: How to Safely Use Social Media and Social Networking in Your Health Law Practice: Avoid Privacy and Security Pitfalls,” American Health Lawyers Association, March 2012
• Presenter, “Social Media Bootcamp Webinar Series, Level II, Part I: How to Use Social Media and Social Networking: Is There a Policy for That?” American Health Lawyers Association, February 2012
• Presenter, “Tell It Like It Is? The HITECH Breach Notification Requirements and the Medicare Self-Referral Disclosure Protocol,” Chicago Bar Association, December 2010

Publications

• “OIG Audits of HHS Operating Divisions Highlight Need for Better Cybersecurity,” American Healthcare Lawyers Association, March 28, 2019
• “JAMA Study Highlights the Dangers of Phishing Attacks for Health Care Organizations,” American Healthcare Lawyers Association, March 26, 2019
• “ACA pronounced dead by Texas court—What’s next for the health care industry?” Nixon Peabody Health Care Alert, December 18, 2018
• “OCR seeks public comments on potential HIPAA revisions to encourage care coordination,” Nixon Peabody HIPAA Law Alert, December 14, 2018
• “New federal legislation addresses opioid crisis: Are you ready for the changes?” Nixon Peabody Health Care Alert, November 19, 2018
• “Sharing Patient Data with Vendors? A Robust Vendor Management Program is Imperative,” Chicago Health Executive Forum, September 25, 2018
• “OIG Review Highlights Necessary Improvements in HHS' Information Security Program,” American Health Lawyers Association, March 30, 2018
• “Is a Data Breach Inevitable? New Study Analyzes Cybersecurity Trends,” American Health Lawyers Association, March 28, 2018
• “Final regulations on substance use disorder patient information offer notification flexibility and require certain contractual updates,” Nixon Peabody Health Law Alert, January 5, 2018
• “OCR/FTC HIT Enforcement Summary Table, PG Toolkit,” American Health Lawyers Association, October 24, 2017
• “Podcast Highlights OCR Enforcement Trends and Future Rulemaking,” American Health Lawyers Association, June 2017
• “Recent OCR Settlements Emphasize Vendor Management and Mobile Device Security,” American Health Lawyers Association, May 2017
• “MACRA Proposed Rule, Part II: Use of Interoperable Health Information Technology a Key Factor to Medicare Incentive Payment Structure,” American Health Lawyers Association, May 4, 2016
• “MACRA Proposed Rule, Part I: CMS Presents a Flexible Approach that Steers Clinicians Toward Alternative Payment Models,” American Health Lawyers Association, May 3, 2016
• “FDA Releases precisionFDA to Allow for Collaboration for NGS,” American Health Lawyers Association, December 30, 2015
• “Lawyers as Business Associates: No Excuse,” American Health Lawyers Association (AHLA) Connections, Volume 18, Issue 6, June 2014 (co-author)
• “HIPAA/HITECH Resource Guide,” American Health Lawyers Association, 1st Edition, April 10, 2014
• “New regulations affect reporting requirements,” Chicago Daily Law Bulletin, November 23, 2011
• “From Theft to Error and Everything in Between: An Analysis of Reported Breaches of Unsecured PHI in 2010 and 2011,” American Health Lawyers Association, November 17, 2011