Scott’s healthcare industry clients include health systems, health information technology service providers and managed care plans. He helps clients comply with the Health Insurance Portability and Accountability Act (HIPAA), the Telephone Consumer Protection Act (TCPA) and the CAN-SPAM Act, and assists in drafting consent forms, processes and procedures to address these laws. Scott is a recognized thought leader on the confidentiality obligations associated with substance use disorder treatment records (42 C.F.R. Part 2), and advises substance use disorder treatment programs, managed care plans and others on developing processes to address the requirements associated with these regulations. Scott often advises clients on drafting and negotiating contract language to secure appropriate permissions to use customer data for secondary purposes in compliance with HIPAA, such as the development of data products, improvement activities, and the design and testing of new products and services.

Scott works with health information technology developers that are subject to the Office of the National Coordinator for Health Information Technology’s (ONC’s) certification program, information blocking prohibition, and trusted exchange framework and common agreement. He is well versed on the technical requirements for certified health IT modules and assists clients in their filings and communications to ONC-Authorized Certification Bodies and Testing Labs.

Previously, Scott served as a Presidential Management Fellow at ONC and in the Executive Office of the President, Office of National Drug Control Policy. In these roles, he focused on issues related to health information privacy and security, electronic health record and health information exchange adoption, and prescription drug monitoring program implementation.

Show Less

• Assisted a large healthcare system in negotiations with a technology vendor on contract terms related to use and disclosure of substance use disorder information subject to 42 C.F.R. Part 2
• Developed a model healthcare compliance program for physician practice management service providers and assisted clients with customizing the program to their specific compliance needs
• Developed information blocking policies and procedures for health systems and certified health information technology developers to implement when responding to requests for electronic health information
• Assisted a certified health information technology developer in implementing a compliance framework and auditing for its qualified registry, which reports Merit-based Incentive Payment System (MIPS) measures
• Advised a 340B hospital on the sharing of 340B prescription data with pharmaceutical manufacturers in accordance with HIPAA
• Drafted and submitted comment letters on proposed electronic prescribing regulations for a health information technology advocacy group
• Advised a certified health information technology developer on its implementation and roll out of application programming interfaces, including its terms and conditions, pricing strategy and vetting practices
• Assisted a health system with responding to a data security incident by conducting a HIPAA breach notification risk assessment, drafting breach notification communications and responding to inquiries from regulators
• Advised a pharmaceutical company on its development of policies and procedures for compliance with the TCPA
• Performed a privacy audit and assessed the accuracy and adequacy of a client’s privacy and security policies based on federal and state law

Show Less