Presentations and Publications
|Upcoming Events |
|September 16, 2016 - Tatiana Melnik will be speaking on "BYOD – “Bring Your Own Device” Technical Issues"|
- During: 8th Annual FUNdamentals, Florida Bar Health Law Section
- Held at: Orlando, FL
- Session Summary: The scope of BYOD is changing with the emergence of the Internet of Things.
|September 18, 2016 - Tatiana Melnik will be speaking on "Emerging Medical Practice Security - External Threats & Best Practices"|
- During: 2016 BSOF Annual Conference, BONES Society of Florida
- Held at: Manalapan, FL (Eau Palm Beach Resort & Spa)
- Session Summary: Privacy and data security are hot topics among United States federal and state regulators—as well as plaintiffs’ lawyers. Companies experiencing data breaches have been fined millions of dollars, paid out millions in settlements, and spent just as much on breach remediation efforts.
|October 20, 2016 - Tatiana Melnik will be speaking on "Data Breaches, Class Actions, and the Who's Who of HIPAA Enforcement"|
- During: TNHFMA 2016 Fall Institute
- Held at: Gatlinburg, TN
- Session Summary: This session will provide attendees with an update on the HIPAA
enforcement landscape and discuss data protection best practices to keep organizations out of the limelight. Since Congress passed the HITECH Act in 2009, there has been a significant increase in HIPAA enforcement from regulators and consumers by way of data breach class actions. As significant healthcare and non‐healthcare data breaches have gained national media attention, the enforcement landscape has become thatmuch more complicated‐‐and expensive‐‐for covered entities and business associates. In this session, attendees will: (1) receive a brief overview of the HIPAA compliance framework, (2) understand the current litigation landscape and claims alleged by plaintiffs, (3) receive an overview of enforcement actions undertaken by the OCR, FTC and State AGs, and (4) walk away with identified list of target areas based on current enforcement activities.
|November 2, 2016 - Tatiana Melnik and John DiMaggio will be speaking on "Data Breaches, Class Actions, and the Who's Who of HIPAA Enforcement "|
- During: 2016 Annual LeadingAge Conference
- Held at: Gaylord Palms Resort and Convention Center, Kissimmee, FL
|February 21, 2017 - Tatiana Melnik and Brian Balow will be speaking on "Ransomware: Risk, Prevention and Mitigation "|
- During: HIMSS 2017
- Held at: Orlando, FL (Orange County Convention Center)
- Session Summary: "Ransomware" is a term that entered the health IT industry's consciousness in a big way in 2016. The Hollywood Presbyterian Medical Center's attack garnered national attention and surfaced a new wave of concern beyond just the potential disclosure of patient information. Health industry CIOs, CTOs, CMIOs and related professionals must have a full and accurate understanding of the nature of ransomware and the attendant risks to their organizations. This understanding is key to the adoption of effective preventative measures, as well as appropriate response plans in the event of an attack. This presentation therefore focuses on causes and potential negative effects of a ransomware incident and offers insights and strategies as to how to lessen the probability of an attack and to mitigate the damage should an attack occur.
|July 11, 2017 - Tatiana Melnik will be speaking on "Privacy and Data Security: Minimizing Reputational and Legal Risk"|
- During: 2017 FHIMA Annual Meeting and Exhibits
- Held at: Orlando, FL (Hyatt Grand Cypress)
- Session Summary: TBD
|Sept. 8 & 9, 2017 - Tatiana Melnik will be speaking on "Social Media Marketing, the Law and You!"|
- During: 2017 AADOM Annual Meeting - 13th Annual Conference of the American Association of Dental Office Management
- Held at: Scottsdale, AZ
- Session Summary: Hospitals are using Facebook to build friends, doctors are using Twitter to tweet during surgeries, and patients are using PatientsLikeMe to self-diagnose. Social media provides people with a readily available means to connect with others through sharing, teaching, and providing support. But, for health care providers, social media can be a double edged sword due to the ethical and legal restrictions imposed on practitioners and their staff. There are many benefits to using social media tools. But, the ease of use and instant worldwide dissemination can (and has) cause(d) issues in the health care space. Importantly, once the information is released online, it is impossible to remove; thus, potentially causing long term harm to the affected patient and the organization. During this session, attendees will (1) understand the various ways health care providers are using social media to market their services; (2) learn about the different legal issues surrounding social media using real life examples; and (3) discuss strategies to mitigate legal risks.
- The Do's and Don'ts for Signing Information Technology Agreements, October 30, 2015, 2015 ASCP Annual Meeting (Long Beach, CA)
- That Contract Says What? Vendor Requirements, Contracting Pitfalls, and Insurance, September 16, 2015, SecureWorld Expo (Detroit, MI) (Vendors play an ever increasing role in every organization. But, vendor mistakes can damage customer trust and increase litigation and enforcement risks for everyone. This session will discuss key components of technology contracts including privacy, security and other regulatory concerns, data ownership, risk shifting strategies, and purchasing data breach insurance.)
- The Do's and Don'ts for Signing Information Technology Agreements, July 15, 2015, FHIMA 2015 Convention (Orlando, FL) (Data is the new commodity in a healthcare environment focused on improving quality of care, patient engagement, and cost savings. But these data collection efforts cannot succeed without the proper technology tools. In this way, technology plays an instrumental role in every organization and the millions of dollars being spent on technology make the terms and conditions of these contracts more critical than ever. As EHRs, PHRs, mobile apps, software programs and interfaces, e-prescribing, meaningful use incentives, clinical quality analytics, data repositories, telemedicine, and HIEs radically transform the way in which healthcare services are provided, delivered, coordinated, and reimbursed, the attention required to information technology (IT) contracting becomes increasingly important. When challenges arise with IT projects, contract terms can play an important role in either escalating the dispute or setting forth a process for reaching a resolution. This session will discuss (1) the value of project management and planning; (2) key components of IT contracts including HIPAA privacy and security risks and other regulatory concerns; and (3) termination and building non-litigation dispute resolution options into the agreement.)
- Preparing for HIPAA Audit: The Nuts and Bolts, June 30, 2015, LeadingAge Florida 2015 Convention & Exhibition (Kissimmee, FL)
- Breaches, Class Actions, and Audits: HIPAA Update and Lessons to Learn, June 24, 2015, 2015 HFMA National Institute (Orange County Convention Center, Orlando FL) (Hear an overview of the HIPAA compliance framework and enforcement actions undertaken by the Office of Civil Rights, the Federal Trade Commission, states, and plaintiffs’ lawyers. Learn about state law claims stemming from privacy breaches and how HIPAA is used as a standard of care. In this session, you’ll identify priorities during a HIPAA audit and recognize the privacy and security issues that create the greatest exposures to risk. You also will understand best practices to minimize and mitigate HIPAA-related risks.)
- Privacy and Data Security: Minimizing Reputational and Legal Risks, June 11, 2015, Better Software Conference West (Ceasars Palace, Las Vegas, NV) (Privacy and data security are hot topics among United States federal and state regulators—as well as plaintiffs’ lawyers. Companies experiencing data breaches have been fined millions of dollars, paid out millions in settlements, and spent just as much on breach remediation efforts. In the past several years, data breaches have occurred in the hospitality, software, retail, and healthcare industries. Join Tatiana Melnik to see how stakeholders can minimize data breach risks, and privacy and security concerns by integrating the Privacy by Design model into the software development lifecycle. To understand how to minimize risks, stakeholders must understand the regulatory compliance scheme surrounding personally identifiable information; the Privacy by Design approach and the Federal Trade Commission’s involvement; and enforcement actions undertaken by federal agencies, State Attorneys General, and class action suits filed by plaintiffs.)
- That Contract Says What? Vendor Requirements, Contracting Pitfalls, and Insurance, May 27, 2015, SecureWorld Expo (Atlanta, GA) (Vendors play an ever increasing role in every organization. But, vendor mistakes can damage customer trust and increase litigation and enforcement risks for everyone. This session will discuss key components of technology contracts including privacy, security and other regulatory concerns, data ownership, risk shifting strategies, and purchasing data breach insurance.)
|Subject Areas |
Business Associate Compliance Requirements
BYOD Policies - Drafting and Best Practices
The Cloud, Cloud Computing and Cloud Computing Security
Compliance Best Practices
Contract Drafting and Auditing of Existing Contracts
Covered Entity Compliance Requirements
- Data Analytics, Contract Considerations, and Risks
Data Breach Notification Requirements and State Data Breach Laws
- Data Center Compliance
Data Privacy and Security
- eDiscovery, Cloud Computing, Mobile Devices, Wearables
Electronic Health Records (EHR) and Software Purchases
- FTC, OCR, HHS, and CMS
- Identity Fraud
Mobile Devices and Wearables
Mobile Medical Apps and the FDA
Policies and Procedures
Sharing Protected Healthcare Information (PHI)
Social Media Impact on Healthcare
Social Media Regulations
Social Media Policy Development
Telemedicine and State and Federal Regulation of Telemedicine
Telemedicine Credentialing and Privileging Rules
- Grab Bag: HIPAA, BYOD, Risk Analysis, and Other HIT Issues – A Lawyer’s View, March 26, 2015, Suncoast Healthcare Executives (Tampa, FL) (Should doctors text with their patients? Can my EHR vendor really sell my patients’ information? Do I need to encrypt ALL of my laptops? Should all staff members sign a BYOD Agreement? What should I look for in a data breach insurance policy? What is the most common deficiency identified by the Office of Civil Rights? Does the Federal Trade Commission have any authority over providers and data security? Join us for a lawyer’s view on all things related to healthcare information technology.) (PDF)
- Bring (or Beware?) of Your Own Device: BYOD Policy Implementation, Legal Concerns, and Best Practices, Jan. 27, 2015, with Meredith Phillips, Chief Information Privacy & Security Officer for Henry Ford Health System and Steven Aiello, Technical Architect with AHEAD, webinar hosted by the American Health Lawyers Association (AHLA) (Mobile devices are ubiquitous in healthcare due to their convenience, flexibility and ease of use. Doctors, for example, are remotely accessing EHRs through iPads and smartphones in providing patient care. Studies indicate that although a large majority of healthcare organizations permit their employees and medical staff to use their own mobile devices for work purposes, far fewer require employees to read and sign a Bring Your Own Device (BYOD) policy. Fewer still employ technical measures to limit or restrict the download of PHI. Although mobile devices have the potential to improve collaboration, workflow, patient safety, and drive down healthcare costs, concerns regarding the safety, privacy, security and e-discovery implications of using mobile devices in the healthcare environment must be addressed. This webinar provided an overview of the legal and regulatory framework for mobile devices, discussed recent enforcement actions by the Office of Civil Rights and relevant court cases, highlighted BYOD policy drafting considerations, discussed cultural and political considerations and challenges to a successful BYOD policy implementation, discussed technical issues that may pose challenges to BYOD implementation, and provide best practices for implementation, management, and enforcement.)
- Privacy and Data Security: Minimizing Reputational and Legal Risks, Nov. 12, 2014, Better Software Conference East, Orlando, FL (Privacy and data security are hot topics among US state and federal regulators as well as plaintiffs' lawyers. Companies experiencing data breaches have been fined millions of dollars, paid out millions in settlements, and spent just as much on breach remediation efforts. In the past several years, data breaches have occurred in the hospitality, software, retail, and healthcare industries. Tatiana Melnik discussed how stakeholders can minimize data breach risks, and privacy and security concerns by integrating the Privacy by Design Model into the software development lifecycle. To understand how to minimize risks, stakeholders must understand the regulatory compliance scheme surrounding personally identifiable information; the Privacy by Design approach and the Federal Trade Commission's involvement; and enforcement actions undertaken by federal agencies, State Attorneys' General, and class action suits filed by plaintiffs.)
- A Primer on Moving to the Cloud - HIPAA, Encryption, eDiscovery, Oh My!, speaking with April Sage, Online Tech, LLC, Oct. 1, 2014, 86th Annual AHIMA Convention & Exhibit, San Diego, CA (This presentation included a discussion on cloud computing and the risks and benefits of moving to the cloud specific to healthcare companies, which operate in a highly regulated environment. The session considered administrative and technical implementation challenges with a discussion of how the choice of cloud structure -- public, private, or hybrid - may impact HIPAA/HITECH compliance. April Sage also evaluated the benefits and costs of encryption in applications, hardware, and databases. The legal portion of the presentation included sample contract language often included in cloud computing agreements. Tatiana Melnik also discussed contract language that healthcare providers often overlook, or fail to request, during negotiations, including language specific to litigation and discovery. The presentation also discussed terms that healthcare providers often do request, but should not, such as, for example, unlimited liability.) (PDF)
- Bring Your Own Device – Risks, Liabilities, and Policies, Sept. 23, 2014, Association for the Healthcare Environment Annual Meeting, Tampa Convention Center (This presentation provided an overview of the legal and regulatory framework for mobile devices, discussed adoption and implementation of these devices in healthcare, and provided best practices for implementation and enforcement.)
- OCR, FTC, State AGs, and Class Actions – Lessons to Learn from HIPAA Enforcement, Sept. 18, 2014, PAHCOM - Pinellas Chapter, Pinellas Park, FL
- What You Need To Know In Preparation For a HIPAA Audit, Sept. 9, 2014, LeadingAge Florida Seeing Into The Future Conference, Jacksonville, FL (Since Congress passed the HITECH Act in 2009, there has been a significant increase in HIPAA enforcement. To date, covered entities have collectively paid more than $21 million in settlements to the HHS Office of Civil Rights (OCR), the primary federal regulator, and millions more in class action settlements and jury verdicts. OCR has faulted providers for failing to comply with a number of HIPAA Privacy, Security and Breach Notification requirements. Between 2009 and 2012, approximately 57% of all patient records in large-scale breaches involved a business associate.)
- The Do's and Don'ts for Signing Information Technology Service Agreements, Sept. 9, 2014, LeadingAge Florida Seeing Into The Future Conference, Jacksonville, FL (As technology radically transforms the way in which healthcare services are provided, delivered, coordinated, and reimbursed, the attention required to information technology (IT) contracting becomes increasingly important. When challenges arise with IT projects, contract terms can play an important role in either escalating the dispute or setting forth a process for reaching a resolution. This session will discuss (1) the value of project management and planning; (2) key components of IT contracts including HIPAA privacy and security risks and other regulatory concerns; and (3) termination and building non-litigation dispute resolution options into the agreement.) (PDF)
- Embezzlement – How Medical Practices are Impacted, Co-presenter with Jeff Holt, Healthcare Business Banker with PNC Bank and Candace Kowal, Special Agent, IRS-Criminal Investigation, Aug. 23, 2014, MOR-OF Education and Medical Expo (Medical Office Resources of Florida), Orlando, FL (Embezzlement continues to be an ongoing concern in healthcare practices. According to recent statistics 60% of practices have been, currently are, or will be embezzled from with the average loss being $150,000. Additionally, embezzlement raises other regulatory risks and concerns, including violations of HIPAA/HITECH and the Florida Information Protection Act of 2014, which went into effect on July 1, 2014.)
- HIPAA Risk Analysis and BAAs: Requirements and Contracting Pitfalls, Aug. 23, 2014, MOR-OF Education and Medical Expo (Medical Office Resources of Florida), Orlando, FL (This session covered the current HIPAA enforcement environment, the Risk Analysis process, including best practices and regulator expectations, and Business Associate Agreements, including common pitfalls and oversights.) (PDF)
HIPAA Enforcement Update: OCR, FTC, State AGs, and Class Actions – An Update and Lessons to Learn,
August 14, 2014, AAHAM Florida - Fall 2014 Conference, Clearwater Beach, FL (HIPAA enforcement is on the rise. HIPAA was reinvigorated in 2009 with the passage of the HITECH Act, which required public disclosure of breaches impacting 500 or more individuals. As of March 10, 2014, more than 850 organizations have reported breaches (some more than once), impacting over 30 million individuals. Patients are increasingly concerned about the privacy of their medical information. So too are regulators, enforcers, and plaintiffs’ attorneys. This session discussed: (1) a brief overview of the HIPAA compliance framework, (2) state law claims stemming from privacy breaches and how HIPAA is used as a ‘standard of care’, (3) enforcement actions undertaken by OCR, FTC, State AGs, and plaintiffs’ lawyers, and (4) identified best practices based on enforcement activities) (PDF)
PHI in the ACO - A Focus on Data: Analytics, Collection, Risks and Contracting Considerations, co-speaking with Carrie Nixon, Online Tech Webinar, June 17, 2014 (Accountable Care Organizations cannot succeed without a strong information technology framework because they must collect, analyze and report data. This session discussed: (1) The ACO model and the related technology infrastructure; (2) The role of so-called big data, the need for data analytics and the ability to combat fraud; (3) Using technology to engage patients, access quality of care and meeting reporting requirements; (4) Legal risks including data breaches and other privacy violations; and (5) Contracting considerations with IT and software vendors) (PDF)
- Data Security Requirements and Considerations for All Businesses, Brooksville Rotary Club, June 10, 2014, Brooksville, FL Country Club (Every business has an obligations to protect personally identifiable information. This session will briefly review the legal framework for data privacy and security requirements for unregulated businesses and discuss ways to mitigate legal risks.) (PDF)
- HIPAA, Not Just For Doctors: IT Vendor Risks & Obligations, 7x24 Exchange Spring Conference, June 3, 2014, Boca Raton Resort & Club in Boca Raton, FL (Does your data center provide direct services to healthcare providers? How about indirectly by way of servicing vendors of healthcare providers? Congratulations! You may now be held directly liable for HIPAA/HITECH violations and subject to the fines and penalties formerly reserved exclusively for hospitals and healthcare providers. This presentation will educate IT vendors on (1) the regulatory compliance scheme surrounding protected health information, (2) business associate obligations under HIPAA/HITECH, and (3) recent enforcement actions undertaken by the HHS’s Office of Civil Rights and State Attorneys’ General as well as data breach class actions filed by plaintiffs’ firms.) (PDF)
- PHI in the ACO - Risk Management, Mitigation and Data Collection Issues (Co-speaking with Carrie Nixon), Online Tech Webinar (Details and recording available here), May 20, 2014 (With the ever increasing need for healthcare services and the aging population, Accountable Care Organizations aim to improve quality of care, while at the same time lowering the cost of care. The session discussed, (1) Lessons learned from early adopters; (2) The role of patient health and quality of care; (3) Legal risk exposure and ways to mitigate risks; (4) The role of technology and data collection in the patient care continuum; (5) Ways to use risk management programs and technology to align interests and improve patient health and quality of care.) (PDF)
- BYOD, BYOC, BY Say What? - Bring Your Own Device Implementation, Legal Concerns, and Best Practices, Spring Hill Chapter meeting for PAHCOM, May 13, 2014 (In an effort to be interconnected, organizations are implementing Bring Your Own Device, Bring Your Own Cloud, and Bring Your Own who knows what next. This session will discuss medical practices moving to and successfully implementing a Bring Your Own Device program, the legal concerns raised by BYOD, and best practices, including a brief review and discussion of BYOD policy options.) (PDF)
- Is the FTC Coming After Your Company Next? Court Affirms FTC Authority in Cyber Security, Online Tech Webinar, April 29, 2014 (Businesses that collect or use consumer information - including social security or credit card numbers, protected health information, and other sensitive data - are responsible for implementing cyber security measures to safeguard it and live up to the promises made. Those who fail to protect personal information are subject to actions from both state and federal authorities as well as lawsuits from individuals. Most recently, the FTC, with its broad authority to pursue action against any business engaging in interstate commerce, is stepping up its investigation and enforcement activities in 2014 across many industries including healthcare, hospitality, and mobile applications. What does this enforcement environment mean for businesses that are increasingly handling personal digital information in terms of liabilities and information assurance strategies?) (PDF)
Identity Fraud, Data Breaches & the Investigative Process: An Overview of Criminal and Civil Enforcement Efforts, Co-Speaker (with Jim Robnett, Special Agent in Charge of the Tampa Field Office, for IRS-Criminal Investigation), FraudFest, Institute of Internal Auditors - North Central Florida Chapter, Gainsville, FL, Mar. 20, 2014 (The incidents of identity fraud have exploded, with some estimating 1 incident every 3 seconds. Businesses that house Personal Identifying Information (PII), including Medical providers and Universities, with ready access to PII, are particularly attractive targets. The increase in identity theft has garnered attention from the IRS-Criminal Investigations, FBI, Secret Service, Veterans Administration, and state law enforcement. Similarly, the increase in data breaches has garnered attention from the OCR, FTC and State Attorney's General as well as plaintiffs' attorneys, with several wins in 2013. This session will show the recent history of Compliance efforts by IRS-Criminal Investigation and the Office of Civil Rights (HHS).)
Identity Fraud and Data Breaches: Criminal and Civil Enforcement Efforts, Co-Speaker (with Jim Robnett Special Agent in Charge of the Tampa Field Office, for IRS-Criminal Investigation), HIMSS 2014, Orlando, FL, Feb. 24, 2014 (The incidents of identity fraud have exploded, with some estimating 1 incident every 3 seconds. Medical providers, with ready access to PHI, are particularly attractive targets. The increase in identity theft has garnered attention from the IRS-Criminal Investigations, FBI, Secret Service, Veterans Administration, and state law enforcement. Similarly, the increase in data breaches has garnered attention from the OCR, FTC, State Attorney's General and plaintiffs' attorneys.) (PDF)
- HIPAA, It's not just for Hospitals Anymore - Data Center Obligations Under HIPAA/HITECH, Speaker at the 2014 BICSI Winter Conference & Exhibition, Orlando, FL, Feb. 6, 2014 (This session discussed the HIPAA compliance obligations of data centers and other IT vendors. OCR made clear in the commentary to the HIPAA Omnibus Rule that data centers are business associates (or subcontractors as the case may be) and therefore subject to HIPAA compliance obligations. This session educated vendors on (1) the regulatory compliance scheme surrounding protected health information, (2) business associate obligations under HIPAA/HITECH, and (3) recent lawsuits and enforcement actions.) (PDF)
HIPAA Compliance: Building Your Wings Now, Panel member (with Joe Dylewski of Health Care Management and Jon Moretti of The Moretti Group), National Court Reporters Association's Firm Owners Executive Conference, Orlando, FL, Feb. 2, 2014 (presentation covered HIPAA privacy compliance obligations for court reports, discussed enforcement activities, and provided a case study of a risk assessment and remediation efforts) (PDF)
- Managing ESI within Health Information Systems -- Now they've Gone Mobile, Panel Member (with Reed Gelzer, MD, MHP, CHCC; Chad Brouillard, JD; and Ross Koppel, Ph.D.), 2014 American Bar Association (ABA) Information Governance, Electronic Discovery and Digital Evidence National Institute, Tampa, FL, Jan. 29, 2014 (presentation covered concerns with electronic healthcare records (e.g., accuracy, length, disconnect formed in doctor-patient relationship, litigation issues) and the numerous mobile devices being used in healthcare (e.g., scales,RFID technology in pills, smart car seats, and others) (PDF)
- Overview of the SCOTUS Decision and Its Impact on Health Care Information Technology, Online Tech Webinar, July 3, 2012.
- Executive Officer Leadership Summit of the National Council of State Boards of Nursing on (i) social media as an effective tool for communication including a live demonstration, (ii) general privacy and legal issues with social media as they impacting nursing, (iii) legal risks and rights for state Boards of Nursing, and (iv) social media implementation and related concerns, Co-Speaker, June 19, 2012. (Please contact.)
- FDA Regulation of Mobile Health Devices, Co-Speaker, Online Tech Webinar, June 5, 2012.
- Data Breaches: Physician Practice vs. Business Associate (Who Is Responsible?), Missouri MGMA Webinar, March 27, 2012.
- Improving the Health Care Delivery for Michigan Patients, Panel Speaker, Michigan MGMA Spring Conference, March 22, 2012.
- Sharing PHI Data? Legal Implications of BAAs & Avoiding HIPAA Pitfalls, Online Tech Webinar, Nov. 8 2011.
- Telemedicine: The Legal Landscape, and What's Ahead, PNC Health Care Symposium on TeleMedicine: Improving Health Care Delivery & Practice Profitability, Nov. 2, 2011.
- Cloud Computing and the Law: Concerns and Best Practices, A Day in the Clouds: Cloud Computing as a Growth Catalyst, Automation Alley, Oct. 11, 2011.
- Social Media, Health Care and the Law: What Students Need to Know, Macomb Community College, HIT Grant Program, July 30, 2011.
- Social Media, Healthcare and the Law: Policy considerations for the "Beacon Communities", Beacon Communities Security Work Group, Co-Speaker, May 13, 2011.
- Healthcare IT: Legal Issues, HIPAA, HITECH and Beyond, Automation Alley, Healthcare IT Conference, Troy, MI, Oct. 20, 2010.
- An Interview with Neal Eggeson, Discussing His Privacy Breach Win Against Walgreen Company, Journal of Health Care Compliance, Mar. - April 2015.
- Cyberliability Insurance: To Buy or Not to Buy? Journal of Health Care Compliance, Jan. - Feb. 2015.
- Who Controls Your Data? The EHR Conundrum, Journal of Health Care Compliance, Nov. - Dec. 2014.
- Can Doctor's Use Skype for Telemedicine? Not in Oklahoma, Journal Of Health Care Compliance, March - April 2014.
- Update on Recent FDA Activities and Their Impact on Mobile Apps, Journal of Health Care Compliance, Sept.- Oct. 2012.
- Health Care Moving to the Clouds: An Interview with April Sage from Online Tech, Journal of Health Care Compliance, July - Aug. 2012.
- Health Care Moving to the Clouds, Managed Care Outlook, Vol. 25, No.12, June 15, 2012.
- Class Actions, Federal Actions, and State Actions: The Data Breach Saga Continues, Journal of Health Care Compliance, May - June 2012.
- And the Data Breach Lawsuits Begin: Class Action Lawsuit Filed Against Sutter Health and the UCLA Health System, Journal of Health Care Compliance, March - April 2012.
- Mobile Tech: Is It Right for Your Organization?, Journal of Health Care Compliance, Nov. - Dec., 2011. Reprinted in Managed Care Outlook, Nov. 1, 2011. (PDF)
- The Mobile Generation, Co-Author, Nashville Bar Journal, Sept. 2011.
- Internet Privacy Concerns Reignited in 2010, Co-Author, Michigan Bar Journal, July 2011.
- Revisions to Telemedicine Credentialing and Privileging Rules, Co-Author, Managed Care Outlook, Vol. 24, July 1, 2011.