Health Information Exchange

We understand the risks involved in the exchange of patient data and bring clarity, direction and extensive health industry experience to this new and evolving area of health care.

Our approach

Federal and state regulations regarding Health Information Exchanges (HIEs) and Health Information Technology (HIT) are still being defined. This uncertainty presents new opportunities in health care, as well as a variety of legal issues that crop up when patient information is managed or exchanged digitally. We have the hands-on experience and deep regulatory knowledge necessary to help our clients address those concerns, protect their assets and maintain high standards of quality, safety and efficiency. And our deep bench of legal counsel means we can offer a full spectrum of services in this sector, including regulatory advice and intellectual property and nonprofit organization counsel.

We work with Regional Health Information Organizations (RHIOs) and statewide Health Information Exchanges (HIEs) on corporate formation and governance, privacy and security compliance and implementing gateways for electronic prescribing and interoperable electronic health records. IT developers and end users face other unique issues and we counsel them in network security, privacy and identify theft concerns, regulatory compliance, and insurance issues and help them build thorough business associate agreements and vendor contracts.

Who we work with

  • Regional Health Information Organizations (RHIOs), Health Information Exchanges (HIEs) and their stakeholders
  • Behavioral Health and Substance abuse treatment providers (under 42 CFR Part 2)
  • Software vendors, EMR vendors
  • E-prescribing gateways
  • Personal health record (PHR) vendors
  • Health Information Technology and medical record developers and end users
  • Health care providers participating in an HIE and RHIO


  • Recognized by Chambers USA as a nationwide leader in the Field of Privacy Law
  • The Rhode Island Department of Health Founder’s Award, the Rhode Island Attorney General Justice Award and the Rhode Island Department of Health Award for Excellence in Public Health Promotion

Recent experience

  • Serving as general counsel to the Rhode Island Quality Institute (RIQI), the first RHIO to implement a stringent privacy and security legal framework for its HIE and implement an opt-in consent for HIE participation. RIQI is the only entity in the country that received all three federal grants from the Office of the National Coordinator related to the implementation of health information technology, including the Regional Extension Center grant, the Health Information Exchange grant and the Beacon Communities grant.
  • Helped several HIEs and RHIOs prepare governance policies and procedures, developing and implementing data sharing partner and use agreements, authorization forms and consent models
  • Assisted several behavioral health and substance abuse treatment providers with helping them to figure out/navigate how to comply with stringent laws and regulations protecting the use and exchange of behavioral health and substance abuse treatment information
  • Worked with the Massachusetts Center for Health Information and Analysis to develop privacy and security policies related to the statewide All-Payer Claims Database and providing them with ongoing privacy and data security counsel
  • Assisted multiple software vendors and electronic medical record providers with legal issues in the exchange of health information, including patient portals, privacy and security practices and procedures, agreements with providers and HIEs and patient participant agreements
  • Participated in the Health Information Security and Privacy Collaboration (HISPC), a project funded by the National Governor's Association to develop best practices for the exchange of health information across state lines

5 ERISA Cases To Watch In The 2nd Half Of 2020

Law360 | July 29, 2020

San Francisco office managing partner and Corporate partner Karen Ng was quoted in this article for her outlook on the federal government’s interest in Howard Jarvis Taxpayers Association v. California Secure Choice Retirement Savings Program, and the rise in ERISA privacy and cybersecurity lawsuits in Harmon et al. v. Shell Oil Co. et al.

Facebook lawsuit underscores importance of transparent collection and use of data

Rochester Business Journal | January 25, 2019

Rochester Corporate partner Jeremy Wolk wrote this contributed column analyzing a lawsuit filed against Facebook in Washington, DC, alleging violations of state-level consumer protection laws by the social media company. This article incorporates perspective from an alert written by Washington Complex Commercial Disputes associate Brian Donnelly, Rochester Corporate associate Jenny Holmes, and Los Angeles Government Investigations & White Collar Defense associate Karina Puttieva.

Back to top