• Share
  • Email
  • Print

Patricia C. Shea

Partner
+1.717.231.5870
Fax +1.717.231.4501

Ms. Shea advises health care providers, health care clearinghouses, health plans (including employer-sponsored welfare benefit plans), medical equipment manufacturers and other entities operating in the health care space (such as application developers or product manufacturers) regarding their compliance obligations, including federal, state, and international laws governing the privacy and security requirements related to collecting, using and disclosing data and also restrictions on their relationships under federal and state anti-referral and anti-kickback laws. Ms. Shea advises behavioral health care and substance use disorder providers on their ability to disclose patient information with other health care providers or members of interdisciplinary teams in order to coordinate care in response to the opioid crisis. Ms. Shea also advises entities in other sectors regarding data privacy and security requirements applicable to non-health related data.

Representative activities include:

  • Assisting clients in identifying the advantages and disadvantages of proposed strategic relationships, such as clinically integrated networks and organized health care arrangements, to assess how the relationships may affect the flow of data among the participants or impose additional requirements
  • Collaborating with application developers to ensure appropriate data safeguards are identified at the requirements definition stage of development and incorporated into the design of applications and preparing associated terms of service and privacy policies
  • Assisting health care providers in assessing licensure and other requirements for operating in the digital health space (e.g., telemedicine providers)
  • Examining existing practices and safeguards regarding data collection, usage and disclosure for compliance with applicable laws and developing and assisting in the implementation of documented policies and procedures and other safeguards for new market entrants
  • Training on compliance obligations
  • Assisting entities in internal investigations of potential noncompliance and remediating confirmed noncompliance
  • Responding to breaches and fulfilling associated notification obligations and responding to investigations and letters of inquiry from various regulatory agencies regarding compliance obligations and data breaches
  • Examining proposed relationships and compensation structure for compliance with applicable anti-kickback or referral prohibitions
  • Negotiating participation agreements with third-party payors for services to be provided by health care providers

Professional/Civic Activities

  • American Bar Association
  • American Health Lawyers Association
  • International Association of Privacy Professionals
  • Trustee, Wilson College, Vice Chair Buildings and Grounds

Speaking Engagements

  • “Governance and Data Security Developments for Higher Education Institutions,” presented to the University of North Carolina’s Division of Legal Affairs, October 4, 2017 (panelist)
  • “Ransomware: Why You Should Care,” presented to the Central Pennsylvania Chapter of Associate of Corporate Counsel, August 24, 2017 (panelist)
  • “Is you Security Incident a Data Breach? Uncle Sam Wants to Know,” presented at HCCA’s 21st Annual Compliance Institute, National Harbor, Maryland, March 26, 2017
  • “Oops. HIPAA Compliance Time Bombs (What Stratego Can Teach Us),” presented at the Fifth Annual “Under the Wire” CLE Seminar, SAS Institute, Research Triangle Park, North Carolina, February 15, 2017
  • Representation of entities developing applications regarding required safeguards under federal, state, and international laws pertaining to the collection, use and disclosure of data and preparing tools to aid compliance
  • Representation self-insured and fully-insured health plans, insurance brokerage and service companies, and academic medical centers and universities in reexamining status and applicability of various privacy and security laws based on designations required by such laws and the impact of the designation on the flow of data, including data for research
  • Representation of entities operating in the life settlements arena to addressing the ongoing need to for and ability to access health-related data
  • Representation of health care providers and health plans in responding to breaches of personally identifiable health information
  • Representation of substance use disorder providers in implementing best practices for safeguarding treatment information
  • Representation of health care providers and health care equipment manufacturers regarding compensation arrangements for compliance with federal and state laws prohibiting kickbacks and referral arrangements
  • Representation of pharmacies and other health care providers in regulatory enforcement actions