We advise health IT developers, hospitals, medical groups, and others on compliance with ASTP/ONC’s Certification Program requirements and its relationship to the CMS Promoting Interoperability Program. We assist with:
- Certification scope and applicability
- API requirements and FHIR standards
- EHR and health IT vendor contracting
- Compliance documentation and risk mitigation
- Enforcement risk management
We help clients understand and implement CMS interoperability requirements and similar state-level API requirements, including:
- Patient Access API
- Provider Access API
- Payer-to-Payer (P2P) API
- Prior Authorization API
- The CMS Promoting Interoperability program
We work closely with health plans, providers, and health IT developers to design operational workflows and contractual provisions that meet CMS’ evolving technical and regulatory expectations.
We work with CIEs and technology companies to design and implement platforms for social and clinical data sharing and closed loop referrals between health care providers, social services agencies, and other community-based organizations.
We assist a wide range of health care organizations, health plans, data aggregator and data analytic vendors, and technology vendors and developers in designing data strategies and platform architectures that support compliant, scalable, and future-proof interoperability. Our work includes:
- Designing governance and data-sharing frameworks
- Advising on technical architectures for multi-party data exchange platform for a variety of use cases ranging from treatment and value-based care to research
- Integration of sensitive data segmentation and differential access rules
- Blueprinting data repository, data warehouse, and multi-party data aggregation strategies
- Designing consent management engines to implement sensitive data use case sharing, such as consent-based sharing of substance use disorder records protected by 42 CFR Part 2
- Advising on platform participation models (e.g., care coordination platforms, longitudinal record frameworks, data collaboratives)
- Supporting compliance with technical standards (e.g., FHIR, HL7, IHE) and interoperability frameworks (e.g., TEFCA, DURSA, Carequality, CommonWell, DxF)
- Aligning data design with commercialization, research, secondary-use, or product development goals
This practice bridges the gap between legal requirements and real-world technical implementation, helping clients design platforms that support compliance with complex data laws from day one.
We counsel digital health and telehealth companies on product development, platform integration, data strategy, multi-state licensure issues, compliance, contract structuring, cross-border data flows, commercialization of data, and TCPA/advertising requirements, with a focus on interoperable data flows and system integration. (See Digital Health on our Data Privacy, Security & Governance page.)
We work with public and private HIN/HIEs and health data utilities nationwide on a wide range of issues, including:
- Understanding and implementing compliance with data privacy and interoperability laws, ranging from HIPAA and 42 CFR Part 2 to reproductive health privacy laws, IBR, and the CMS interoperability mandates
- Participation in national, regional and state interoperability frameworks, including TEFCA, DURSA, Carequality, CommonWell, PCDH, California DxF, New York SCPA, and other frameworks
- Drafting participation agreements and addenda
- Negotiating technology vendor contracts to support their technical infrastructure
- Launching new service lines, from community information exchanges (CIEs) to advanced directive registries
- Governance structures, data-sharing rules, and policies and procedures to implement these structures and rules
- Sensitive data identification and segmentation
- Designing and implementing consent engines for sharing sensitive data
- Regulatory investigations and audits
Our team negotiates and drafts a wide range of commercial and vendor technology agreements, including:
- EHR and health IT platform agreements
- API and interoperability solution contracts
- AI service agreements
- Data services, analytics, and data aggregation agreements
- Cloud hosting, SaaS, and software licensing
- Patient and provider portal agreements, including terms of use and privacy policies
- Security, privacy, and interoperability addenda
- Research and other data collaboration agreements
- Data use, data access, and secondary-use licensing agreements
We serve as primary outside commercial and vendor contracting counsel to multiple large clients and handle a substantial volume of complex vendor and customer technology transactions across the health care industry.
Information Blocking compliance is one of the most challenging areas of modern health care regulation. We advise health care providers, payers, health IT developers, HINs/HIEs, and others on all facets of the federal Information Blocking Rule (IBR) and state mini-IBR laws, including:
- Identifying “actors” and compliance responsibilities
- Designing data access, use, and exchange workflows to support compliance
- Applying and documenting exceptions, including stacking multiple exceptions based on a client’s current technology infrastructure and resources
- Leveraging contractual vehicles to support IBR compliance
- Responding to investigations and audits
- Dispute resolution and enforcement actions
We represent clients in a wide range of disputes involving interoperability obligations, including:
- Information blocking complaints and investigations
- Pre-litigation strategy leveraging interoperability laws
- Breach-of-contract disputes and unfair competition claims involving data access, APIs, and interoperability functionality
- Conflicts between providers and vendors over data availability or system design
- HIN/HIE framework disputes
We advise organizations that host or process sensitive health data, including 42 CFR Part 2 data, reproductive health information, genetic information, adolescent health data, and other highly protected categories on how to integrate these data types into interoperable systems, including:
- Mapping data sources and sensitive data flows
- Designing identification and segmentation strategies, including aligning segmentation approaches with emerging technical standards
- Contracting with vendors for segmentation capabilities
- Integrating segmentation into HIN/HIE and EHR workflows
- Responding to subpoenas, investigations, and disclosures