Ropes & Gray has extensive experience in the representation of vendors and users of Health IT services and products as well as investors in the Health IT sector. We possess a keen understanding of the business exigencies of our clients, the rapidly evolving regulatory landscape, and current industry practices.

Drawing upon our extensive health care, regulatory, transactional, IT, life science, FDA, intellectual property, private equity, and venture capital resources, we provide comprehensive services in all areas germane to financing, developing, commercializing, procuring, licensing, deploying, and managing Health IT.

We currently advise on compliance with the Health Information Technology for Economic and Clinical Act (the HITECH Act), a major component of the American Recovery and Reinvestment Act of 2009 (the Stimulus Plan). Under the HITECH Act, the deployment of  health information technologies may qualify for grants and Medicaid/Medicare payments and avert drastically reduced reimbursements.

Transactions

• Health IT Customers and Users. We represent Health IT users in all aspects of technology, service and data procurement, licensing, outsourcing, and business process arrangements. Our clients include prominent health care institutions, universities and physician groups, such as Stanford University Medical Center, Dana Farber Cancer Institute, Children’s Hospital (Boston), Lahey Clinic Hospital, Beth Israel Deaconess Medical Center, Massachusetts Eye and Ear Infirmary, Mt. Sinai School of Medicine, El Camino Hospital (CA), and Morris Heights Health Center (NY), PriMed Management, and Settlement Health (NY).
• Health IT Companies. We represent a broad range of companies that develop, market and sell Health IT technologies, software and services in transactions designed to generate financing, monetize their technology and IP assets, structure and restructure their IP portfolios, and penetrate markets.
• Health IT Investors and Underwriters. We represent numerous leading private equity and venture capital firms and underwriters in the Health IT sector in all corporate and due diligence aspects of their investments. We help them assess their target companies' compliance with federal and state regulations, including potential exposure for non-compliance and remedial steps.
• Comprehensive Transactional Services. We are experienced in domestic and global:
  • Technology and IP asset acquisitions, divestitures and spin-outs;
  • Joint ventures, alliances, teaming and collaborations;
  • Outsourcing and insourcing of applications development, supply side/manufacturing, service, and business processes functions;
  • Complex licensing and distribution;
  • Structuring and restructuring of IP portfolios; and
  • Cross-border transactions, especially involving the European Union, Japan, India, China, Korea, Latin America, and Israel.

Regulatory Compliance
We routinely counsel on implementation of interoperable health information technology (HIT) and electronic health record (EHR) systems in the public and private sectors. We work closely with hospitals, providers, physician groups, quasi-state agencies, and Health IT vendors to design, license, implement and operate systems that integrate patient health information into a centralized network compliant with federal and state regulations, including:

• HIPAA: HIT compliance with privacy and security regulations including the Health Insurance Portability and Accountability Act (HIPAA), and the extension of HIPAA to business associates and breach notifications laws.
• Physician Self-Referral (Stark) Laws: Referrals of Medicare patients to related entities for “designated health services.”
• Anti-Kickback Laws: The legality of remuneration for referrals of items or services reimbursable by a federal health care program.

Privacy and Security
We advise on all aspects of privacy and information security applicable to Health IT, including:

• Compliance and Counseling: Federal, state, and industry-based data protection and privacy requirements, including under HIPAA, Gramm-Leach-Bliley (GLBA), Children’s Online Privacy Protection Act (COPPA), Fair and Accurate Credit Transactions Act (FACTA), Fair Credit Reporting Act (FCRA), U.S.-E.U. Safe Harbor Program, and a multitude of state privacy and information security laws.
• Data Breaches and Intrusions: Litigation, government investigations, and transaction-related issues arising out of data security breaches, including risk analysis and post-incident responses.
• Information Security Programs: Development of comprehensive information security and privacy compliance programs.
• Certification Programs: Certification program issues, such as Payment Card Industry Data Security Standards (PCIDSS).

Contact Information

For further information on this area of practice, please contact:

• Harry Rubin
• Mitchell J. Olejko
• Susan M. Galli
• Michael D. Beauvais
• Christopher J. Austin

---

©2010 Ropes & Gray LLP. All rights reserved.