• Share
  • Email
  • Print

Patricia C. Shea

Fax +1.717.231.4501

Ms. Shea advises health care providers, health care clearinghouses, health plans (including employer-sponsored welfare benefit plans), medical equipment manufacturers and other entities operating in the health care space (such as application developers or product manufacturers) regarding their compliance obligations, including federal, state, and international laws governing the privacy and security requirements related to collecting, using and disclosing data and also restrictions on their relationships under federal and state anti-referral and anti-kickback laws. Ms. Shea advises behavioral health care and substance use disorder providers on their ability to disclose patient information with other health care providers or members of interdisciplinary teams in order to coordinate care in response to the opioid crisis. Ms. Shea also advises entities in other sectors regarding data privacy and security requirements applicable to non-health related data.

Representative activities include:

  • Assisting clients in identifying the advantages and disadvantages of proposed strategic relationships, such as clinically integrated networks and organized health care arrangements, to assess how the relationships may affect the flow of data among the participants or impose additional requirements
  • Collaborating with application developers to ensure appropriate data safeguards are identified at the requirements definition stage of development and incorporated into the design of applications and preparing associated terms of service and privacy policies
  • Assisting health care providers in assessing licensure and other requirements for operating in the digital health space (e.g., telemedicine providers)
  • Examining existing practices and safeguards regarding data collection, usage and disclosure for compliance with applicable laws and developing and assisting in the implementation of documented policies and procedures and other safeguards for new market entrants
  • Training on compliance obligations
  • Assisting entities in internal investigations of potential noncompliance and remediating confirmed noncompliance
  • Responding to breaches and fulfilling associated notification obligations and responding to investigations and letters of inquiry from various regulatory agencies regarding compliance obligations and data breaches
  • Examining proposed relationships and compensation structure for compliance with applicable anti-kickback or referral prohibitions
  • Negotiating participation agreements with third-party payors for services to be provided by health care providers

Professional/Civic Activities

  • American Bar Association
  • American Health Lawyers Association
  • International Association of Privacy Professionals
  • Trustee, Wilson College, Vice Chair Buildings and Grounds

Speaking Engagements

  • “Governance and Data Security Developments for Higher Education Institutions,” presented to the University of North Carolina’s Division of Legal Affairs, October 4, 2017 (panelist)
  • “Ransomware: Why You Should Care,” presented to the Central Pennsylvania Chapter of Associate of Corporate Counsel, August 24, 2017 (panelist)
  • “Is you Security Incident a Data Breach? Uncle Sam Wants to Know,” presented at HCCA’s 21st Annual Compliance Institute, National Harbor, Maryland, March 26, 2017
  • “Oops. HIPAA Compliance Time Bombs (What Stratego Can Teach Us),” presented at the Fifth Annual “Under the Wire” CLE Seminar, SAS Institute, Research Triangle Park, North Carolina, February 15, 2017