Overview
Scott A. Weinstein advises clients on healthcare regulatory compliance, contracting and transactional due diligence, with a focus on health information privacy and security, Medicare health information technology and quality reporting requirements, interoperability obligations and clinical research regulations. Scott also provides legal counsel on federal and state privacy and data protection laws, privacy and security incident response and the development of internal and externally facing privacy policies and terms of use for websites and mobile applications.
Scott’s healthcare industry clients include health systems, health information technology service providers and managed care plans. He helps clients comply with the Health Insurance Portability and Accountability Act (HIPAA), the Telephone Consumer Protection Act (TCPA) and the CAN-SPAM Act, and assists in drafting consent forms, processes and procedures to address these laws. Scott is a recognized thought leader on the confidentiality obligations associated with substance use disorder treatment records (42 C.F.R. Part 2), and advises substance use disorder treatment programs, managed care plans and others on developing processes to address the requirements associated with these regulations. Scott often advises clients on drafting and negotiating contract language to secure appropriate permissions to use customer data for secondary purposes in compliance with HIPAA, such as the development of data products, improvement activities, and the design and testing of new products and services.
Scott works with health information technology developers that are subject to the Office of the National Coordinator for Health Information Technology’s (ONC’s) certification program, information blocking prohibition, and trusted exchange framework and common agreement. He is well versed on the technical requirements for certified health IT modules and assists clients in their filings and communications to ONC-Authorized Certification Bodies and Testing Labs.
Previously, Scott served as a Presidential Management Fellow at ONC and in the Executive Office of the President, Office of National Drug Control Policy. In these roles, he focused on issues related to health information privacy and security, electronic health record and health information exchange adoption, and prescription drug monitoring program implementation.
Results
- Prepared analysis for a large tracking technology vendor on potential HIPAA implications associated with offering its services on websites of healthcare providers and health plans
- Advised wellness program providers and managed care plans on structuring wellness programs to address the obligations of HIPAA and potential data collection outside of a business associate relationship
- Advised a large retailer on the acquisition of a technology company that interfaces with electronic health records
- Assisted a large healthcare system in negotiations with a technology vendor on contract terms related to use and disclosure of substance use disorder information subject to 42 C.F.R. Part 2
- Developed a model healthcare compliance program for physician practice management service providers and assisted clients with customizing the program to their specific compliance needs
- Developed information blocking policies and procedures for health systems and certified health information technology developers to implement when responding to requests for electronic health information
- Assisted a certified health information technology developer in implementing a compliance framework and auditing for its qualified registry, which reports Merit-based Incentive Payment System (MIPS) measures
- Advised a 340B hospital on the sharing of 340B prescription data with pharmaceutical manufacturers in accordance with HIPAA
- Drafted and submitted comment letters on proposed electronic prescribing regulations for a health information technology advocacy group
- Advised a certified health information technology developer on its implementation and roll out of application programming interfaces, including its terms and conditions, pricing strategy and vetting practices
- Assisted a health system with responding to a data security incident by conducting a HIPAA breach notification risk assessment, drafting breach notification communications and responding to inquiries from regulators
- Advised a pharmaceutical company on its development of policies and procedures for compliance with the TCPA
- Performed a privacy audit and assessed the accuracy and adequacy of a client’s privacy and security policies based on federal and state law
Community
- American Health Lawyers Association 2014 Pro Bono Champion
Credentials
Education
George Washington University Law School, JD, with honors, 2011
Georgetown University, BA, cum laude, 2006
Admissions
District of Columbia
New York